Are you struggling applying the patch for the latest vulnerability released? Below are some detailed instructions how to apply the patch to be fully protected again!
You will need one of the following versions, depending which release of vCenter you are running.
Version 6.5 > Update 6.5 U3p
Version 6.7 > Update 6.7 U3n
Version 7.0 > Update 7.0 U2b
A few tips I like to share and follow myself:
- There is no need to install any other updates in-between, you can go straight to the latest update without any issues.
- Make sure to take a snapshot AND a backup of your PSC/vCenter VMs prior to starting this process. Even though this is a very straight forward process, it is always better to be safe than sorry.
- Stop all your VM backups while you upgrade your vCenter. You do not want leftover snapshots because the backup software could not communicate with vCenter during this time.
- If you have SRM/vSphere replication products, you can leave them AS IS. There is no need to stop/start the replications since they communicate directly using the vSphere Replication appliances.
Update instructions:
- First of all, go to the VMware Customer Connect site
- Login with your credentials
- Search and download the offline patch
- Customer Connect Patch Downloads
- Uploads the patch to a VMware datastore of choice
- Look for your External Platform Services Controller VM (this only applies to version 6.5 and 6.7, PSC was deprecated in 7.0 and in some cases for 6.7 as well) and mount the ISO you downloaded
- PS: You have to always update the External PSC VMs first! ( PSC > vCenter > Hosts)
- Login to the PSC using an SSH client (Putty is my client of choice, but any will work)
- Run the following command to stage the ISO you just mounted a couple minutes ago
- Command >
software-packages stage --iso
- Accept the terms and conditions
- Now you should list the staged packages to confirm the right version will be installed
- Command >
software-packages list --staged
- Now you can proceed to install the update package on your PSC (or vCenter if you did not have an external PSC)
- Command >
software-packages install --staged
- Make sure the patch is installed successfully (look for “Package upgraded successfully…” message at the end)
- Reboot PSC (or vCenter)
- Command >
shell
- #
reboot
- Validate everything is working as expected
- Now you can rinse and repeat for the rest of the PSC and/or vCenter VMs you have
- Make sure to remove the VM snapshots once the entire environment is validated (usually 24 hours later is my preference)
- Also un-mount and remove the vCenter ISO from each VM
Good luck with your update, hope this was helpful!