“Simplicity is the ultimate sophistication.” – Clare Booth Luce.
This is a timeless idea that could not be more true when it comes to software design. It’s one of the reasons why so many IT organizations are looking to replace complex infrastructures requiring the expertise of storage, networking and compute professionals with HCI solutions like VMware vSAN. This concept of simplicity being the “ultimate sophistication” was the first thing I thought of when I learned about the integration of VMware vSphere Update Manager (VUM) in vSAN 6.6.1.
Today’s IT admins understand the complexity of keeping infrastructures up to date. This has traditionally been a manual task with multiple sources of truth to get to the right update/upgrade, patch, driver levels; a complex, manual task with high risk of human error.
vSphere Update Manager (VUM) performs zero-downtime patching and upgrading of VMware ESXi clusters and is a very popular update tool for many VMware environments. VMware engineers decided to integrate VUM into vSAN with one goal in mind: Simplicity. As a result, vSAN patch and version management is not only a process now fully integrated in vSAN but the VUM process itself has been drastically simplified.
vSAN 6.6.1 and later provides a seamless automated update process to ensure a vSAN cluster is up to date with the best available release to keep your hardware in a supported state. vSAN version recommendations are automatically generated using information from the VMware Compatibility Guide, the vSAN Release Catalog, and awareness of the underlying hardware configuration. This also includes the necessary drivers and patch updates for the recommended release in its system baseline. vSAN build recommendations will make sure that the clusters will remain at the current hardware compatibility status or better. In cases, where the existing cluster is not on HCL, vSAN will recommend users upgrade to the latest release. The key point here is that this vSAN baseline will only be updated to the highest level of compatibility based on your environment, making the upgrade process a much more predictable experience.
Let’s take a look at how this works.
Configuring vSphere Update Manager
The first step is to add your my.vmware.com credentials to the vSAN Build Recommendation Engine. After successful login vSAN will generate a baseline group of recommended updates for each vSAN cluster. vSAN system baselines are listed in the Baselines pane of the Baselines and Groups tab.
For hosts running 6.0 Update 1 and earlier, use the Ruby vSphere Console to enter the My VMware credentials. To enter My VMware credentials from RVC, run the following command: vsan.login_iso_depot -u <username> -p <password>
vSAN Build Recommendations in vSphere Update Manager
vSAN build recommendations are provided through vSAN system baselines for Update Manager. In Figure 3 the 7 hosts in my vSAN cluster are running 6.0 Update 2. After checking the VMware Compatibility Guide and the vSAN Release Catalog, using the vSAN baseline, Update Manager determined there is a recommended update available. As a result, all 7 hosts are non-compliant. The next step is to remediate.
Note: vSAN baselines are read-only and managed by vSAN. They exist alongside user created baselines. Users can continue to create and remediate their own baselines as they wish. All baselines can either be remediated on a per-host or a per-cluster basis.
Updating a vSAN Cluster
To update the vSAN cluster, simply use the remediate feature of Update Manager. The Remediate wizard offers several options to customize the upgrade:
- Select the desired hosts as the target of your remediation.
- Schedule the upgrade to run immediately or at a later date and time.
- Specify Maintenance Mode options (i.e. VM power state, removable media handling and ESXi patch settings)
- Specify cluster remediation options. When remediating a cluster, you should temporarily disable certain cluster features. Update Manager will automatically re-enable the features after remediation.
After selecting the desired options, Update Manager will perform a rolling upgrade of each host, non-disruptively migrating your VMs to other hosts during the upgrade. While the host is offline vSAN marks all components on the host as absent. To ensure availability, if for some reason, the patched host does not come back online within 60 minutes (default CLOM timer delay), vSAN will start rebuilding these components on other hosts just like it would in any other host-offline situation. Upon completion of the upgrade you will notice each host is now placed in the Compliant tab.
Before using Update Manager in vSAN 6.6.1 be sure to verify the following:
- If running a Windows-based vCenter Server, verify Update Manager is installed and configured.
- vSAN requires Internet access to update release metadata, to check the VMware Compatibility Guide, and to download ISO images from My VMware.
- vSAN requires valid My VMware (my.vmware.com) credentials to download ISO images for upgrades.
vSAN allows IT organizations to be more agile and responsive to shifting business objectives. With storage hosted on the same servers as compute and networking, resource planning is no longer constrained by the availability of storage specialists. For the first time, IT generalists are able to manage the entire data center and can manage storage using a software-defined approach where changes are accomplished through the user interface rather than with hardware changes.
vSAN 6.6.1 with VUM integration significantly simplifies the process of managing upgrades and patches for your vSAN cluster, by automatically generating recommended baselines and downloading the necessary ISO images to update software, patches, and extensions for hosts in your vSAN cluster. This is yet another example of the simplicity of HCI being the ultimate sophistication. For more details take a look under the hood of vSphere 6.5 Update 1.
5 comments have been added so far
The System Managed baselines are an excellent idea. However, I am seeing a non-compliance status for ‘host upgrade’ from hosts that were upgraded using vendor ISOs and do not need upgrading (e.g. using an HPE customised image).
Agree with Daniel here.
It’s a great idea, but we need the ability to disable/override these.
These are useless in our environment as well due to vendor-customized images.