Did you know patches come out for VMware vCenter, just like any other component of your infrastructure? While we usually refer to these as updates in VMware lingo, patches do come out on a regular basis and should be applied to your vCenter as they become available.
Let’s take a look at why patches come out, and how to apply them.
Why Patch VMware vCenter Server?
vCenter is a critical component of any IT infrastructure, which is why it is important to keep it up to date.
Patches can include bug fixes, performance improvements, or even mitigations for security issues.
For example, CVE-2020-3952 is a vulnerability in vCenter server, which VMware addressed with VMSA-2020-0006, and an immediately available patch.
New to the world of IT security and Patching? Be sure to check out An Introduction to Security Advisories and Response for VMware vSphere Administrators!
The fact of the matter is things like this happen, and we need to be able to react quickly when they do.
Is it Patching vCenter or Updating vCenter?
This is a great question, because when we get into the vCenter Appliance Management Interface we are going to see the term “Update” everywhere.
Technically it is both. We are updating vCenter, but we are also patching it.
Patching is more of a general term, referring to applying a patch. A patch is a way to update or change a piece of software.
If you are talking to VMware people, they may say Update vcenter.
If you are talking to information security people, they may say Patching vCenter.
It is the same process, and has the same end goal: a vCenter server with the latest software updates and patches applied.
How to Update vCenter Server
Updating or Patching vCenter Server could not be simpler.
First, back up your vCenter, because we always do this when we patch or update vCenter.
Next, log into the VCSA VAMI, or vCenter Server Appliance Management Interface.
You can find it at:
https://yourvcenter:5480
Log in as the root user, and click Update on the left navigation pane:
Remember, this says Update, not patch, but we are really “patching” vCenter with this method.
Next, click Check Updates in the top right corner. This will check if there are any vCenter updates or patches available.
As you can see, there are a number of patches/updates are available. Since they are cumulate, we just need to pick the most recent one:
Now I want to point out something for those of you who may be wondering why the last time I checked for updates was more than 6 months ago.
This is a special VCSA I only turn on when I want to patch or upgrade it, then turn it off. It is a testing environment and NOT used for production workloads in any way, shape, or form. It is most often off!
You should have a patching process in place for vCenter, just like you would for any other part of your IT infrastructure environment or piece of software.
If you expand the triangle next to the version number, you can see more information about what services are impacted by the vCenter Update, and also the download size.
The text next to Pre-Check Updates was originally blue and said RUN PRE-UPDATE CHECKS. This takes a look at your environment and make sure everything is OK before starting the update process.
It will also estimate how long the pathing process will take for vCenter.
Staging and Installing Your vCenter Patches
The next point of consideration we have is do we want to STAGE ONLY or STAGE AND INSTALL when it comes to our patches.
Stage will just download everything for us, which makes the update process itself faster during execution time.
Stage and Install will download the update, and perform the update. It is important to note that these patches require a reboot, so you will need downtime for vCenter in this case.
We are going to click STAGE AND INSTALL since this is just my testing environment. After we stage our patches, we would have an option available to simply INSTALL them.
You will see a EULA, which will need to be accepted, and you do need to read it and scroll all the way through it, then check I accept the terms of the license agreement at the bottom.
Then you will be able to click Next.
At this point you will be reminded that you should have backed up vCenter before applying the patch. You must click the check box next to I have backed up vCenter Server and its associated databases before you can continue and click Finish.
The installation will begin. Since I clicked STAGE AND INSTALL, first the patches will download, then install.
You will see a progress bar that tells you exactly what the status of your patching is:
Most of the time in my case was staging since I did not pre-stage the patch. It really is quite quick if you download it ahead of time, and is only a few moments if you need it to download based on the server’s Internet connection.
When the progress bar finishes, the VCSA will be reboot, and you will be brought back to the VAMI login screen.
Error Logging into VCSA After Update
Are you seeing an error when trying to log into your VCSA after the update?
Give it a few minutes before you try to login. The services are still coming up.
Then you will see your progress bar has finished, and you can close it since the installation has succeeded.
You will be brought back to the update screen we started in.
This time, you will not see any patches available, and you vCenter build number will match the latest update.
You have now successfully patched your vCenter Server
How to Patch vCenter Walkthrough Video
Want to see how to patch vCenter in action? In this video, I update a vSphere 7 VCSA.
Remember, updating your vCenter Server appliance is patching it. If you are talking about a vCenter upgrade, that is a more major change like going from vSphere 6.7 to vSphere 7.
Tips for Patching vCenter
Patching vCenter is quick and easy, but there are a couple of quick tips to remember.
- Always backup your vCenter before patching or updating it
- Stage your patches for a quicker install
- Wait a few minutes after your update if you can’t log into the VAMI, then try again.
It is important to make sure you have vCenter on the list of things to patch in your infrastructure, just like your ESXi hosts, and virtual machines!
Melissa is an Independent Technology Analyst & Content Creator, focused on IT infrastructure and information security. She is a VMware Certified Design Expert (VCDX-236) and has spent her career focused on the full IT infrastructure stack.