posted

0 Comments

One of the more exciting new features from vSphere/vSAN 7 is vSphere Lifecycle Manager (vLCM). vLCM is a powerful new approach to simplified consistent lifecycle management for the hypervisor and the full stack of drivers and firmware for the servers powering your datacenter.

I recently had the opportunity to deploy and test vLCM on HPE servers and wanted to share my experience. In a word, excellent. The deployment, configuration and testing was very straightforward and in the end, I had a desired state image consisting of ESXi, and server software and firmware that managed all the hosts in my cluster. vLCM detected that my servers had software and firmware that was older than my desired image and with a few clicks, I was able to kick off a non-disruptive and fully automated remediation of my entire cluster. For anybody who's ever done server patch management manually, this is quite the game changer.

vLCM Desired State Image

A vLCM desired state image consists of the following elements:

  • ESXI Version (Required)
  • Vendor Addon (optional)
  • Firmware and Drivers Addon (optional)

ESXi Version: The base image is an ESXi release version that contains an image of VMware ESXi Server and additional components such as drivers and adapters that are necessary to bring up a server. This is the only required element.

Vendor Add-on: A vendor add-on is a collection of software components for the ESXi hosts that OEMs create and distribute. This vendor add-on can contain drivers, patches, and solutions. For HPE this is called the HPE Customization for HPE Servers.

Firmware and Drivers Add-on: The firmware and drivers add-on is a special type of vendor add-on designed to assist in the firmware update process. It contains firmware for a specific server type and corresponding drivers. To add a firmware and drivers add-on to your image, you must install the HPE Hardware Support Manager plug-in for the hosts in the respective cluster.

The HPE HSM plug-in for vLCM is included in iLO Amplifier Pack v1.60 and does not require a separate download. The plug-in can be enabled from the Add-on Service Manager menu once iLO Amplifier Pack has been installed or updated. Once the HSM is deployed and registered in vCenter you need to import the VMware ESXi 7.0 Upgrade Pack. This is the firmware bundle that vLCM will use as part of the desired state image.

Remediate with ESXi and Vendors addons ONLY first

Before adding the Server Pack for Proliant (SPP) to the Firmware and Drivers addon, run a remediation including only the ESXi version and the Vendor Addon HPE Customization for HPE Servers. This addon contains important software components required for using vLCM (i.e. Agentless Management Component).

There are a few ways to add this Vendor Addon to your vLCM desired Image.

  1. Creating a new cluster
  • When creating a new cluster select the option Manage all hosts in the cluster with a single image.
  • In the drop down menu for the Vendor Addon select HPE Customization for HPE Servers.
  1. Editing a vLCM Desired Image

    • At the cluster level click on the Updates tab
    • Verify the Vendor Addon has HPE Customization for HPE Servers listed.
    • If not, click Edit and Select to add the Vendor addon HPE Customization for HPE Servers.
    • If the addon is not listed, open Lifecycle Manager-->Settings-->Patch Setup and verify the Partner provided Addons for ESXi is enabled.

Firmware Baseline

In order to take advantage of the firmware management capabilities of vLCM you need to add a firmware baseline.

  • From the iLO Amplifier appliance click on Baseline Management-->Firmware Baseline and then click Import Baseline. Select the location of the most current SPP (i.e. VMware ESXi 7.0 Upgrade Pack).
  • From the HPE HSM plugin in vCenter click Settings. Then click Add and choose the available SPP listed.

HPE iLO License

Using vLCM on HPE servers requires a HPE iLO license but there is a 60 day free trial. Be sure to determine and acquire the proper license for your environment. Guidance on selecting the right HPE iLO License is found here.

SSL/TLS Certificate

The iLO Amplifier Appliance Pack must be configured with its own unique SSL certificate. In the iLO Amplifier Appliance under Configuration and Settings->Security Settings click SSL Certificate then Generate Self Signed Certificate. After this you need to add the appliance’s new SSL/TLS certificate to vCenters list of trusted certificates.

Login as root on the vCenter and enter the following command
true | openssl s_client -connect :443 -showcerts >/tmp/iloamp-cert.crt

You should see something like

Enter the following to add the certificate to VC's list of known and trusted certificates:

You should be prompted for your password and see "Certificate published successfully"

VUM or vLCM?

VMware understands the desire and need to support VUM: The previous method of lifecycle management. Therefore, vCenter provides the ability for the administrator to make this decision on what tool is used on a per cluster basis. When there is a desire to move to vLCM, the UI offers a “Manage with a single image” button at the root of the cluster that will begin the process of transitioning that cluster to one that is managed by vLCM, and not VUM.

Customers with a mix of server generations can still take advantage of the unified lifecycle management capabilities of vLCM. For servers not listed as vLCM Capable ReadyNodes on the VCG use vSphere Update Manager (VUM) in a separate cluster.

HPE Servers on vSphere Lifecycle Manager

HPE customers interested in using vLCM for lifecycle management should check the VMware Compatibility Guide to make sure which servers are supported. vLCM works with VMware Cloud Foundation and with vLCM Capable ReadyNodes listed in the VCG. vLCM also requires a minimum of vSphere/vSAN 7.

Summary

vSphere and vSAN 7 introduced an entirely new solution for unified software and firmware management that is native to vSphere. vSphere Lifecycle Manager (vLCM) is the next-generation replacement to vSphere Update Manager (VUM), and is built off of a desired-state, or declarative model that provides lifecycle management for the hypervisor and the full stack of drivers and firmware for the servers powering your data center. HPE customers using vLCM Capable ReadyNodes will benefit from the unified lifecycle management capabilities of vSphere Lifecycle Manager.

@vPedroArrow