Technical

Automating Upgrade of VMware Tools and VM Compatibility

Next up in our Automating your vSphere Upgrade blog series is your VMware Tools and VM Compatibility. Upgrading these both have different requirements so we will cover when and how you should upgrade your VMware Tools and VM compatibility in the below post.

 

Upgrading VMware Tools

When it comes to keeping your VMware Tools up to date we have a few options but I will focus on two of my favorite methods. Keeping VMware tools up to date is very important as VMware includes drivers and tools to make sure your VM’s run optimally with the latest features.

Eric Gray of our CPBU Technical Marketing Team covers a few considerations and methods in depth in the following blog post Six Methods for Keeping VM Tools Up to Date.

 

Checking VMware Tools Compliance

Before we can start to update our VMware Tools it might be a good idea to understand which VMs in our environment are currently out of compliance, the easiest way to check if a VM if out of compliance is to view it via the vSphere Client and it will show you details such as the version and compliance.

 

 

However, since we are talking about automation lets show this another way using PowerCLI.

Using this PowerCLI one-liner we are able to see more information at scale, we can see that within our folder we actually have 3 VMs that are out of compliance. To remediate these to the latest version its actually quite simple with PowerCLI as well.

 

 

To make the information clearer on what needs an update we will use the same search only looking for VMs where ToolStatus is guestToolsNeedUpgrade. To do that we will use the following one-liner.

 

 

Upgrading VMware Tools via PowerCLI

Now that we know which VMs need tools update we can actually go forth and upgrade tools. That is quite simple we can do this using the Update-Tools PowerCLI cmdlet. Using our existing one-liner from above we will just append Update-Tools to update the VMs with tools currently out of compliance.

 

 

You may have noticed that all the VMs had their updates kicked off at the same time and this may not be ideal, this is one way that the Update-Tools cmdlet works, however we can get around this by storing the VMs within a variable and then using a loop process them one at a time. This is definitely preferable as it will limit the impact to the environment.

 

 

Now our tools are up to date!

For more information on upgrading your VMware Tools via PowerCLI you can find more information here.

 

Upgrading Tools Automatically on Reboot

Using VM options to keep VMware Tools up to date is also another method to automatically keep VMs up to date. Enabling the Check and upgrade VMware Tools before each power on” advanced setting use to not be used because of the additional reboot it would cause for virtual machines. Keep in mind that with Windows Server 2016 VMware Tools no longer need a reboot on upgrade, it can be safe to enable this setting and have VMs stay up to date on every reboot. However this may not be applicable to all situations, so another recommendation would be to enable this for a lab environment or non-critical workloads.

The easy way to enable this option is to log into the vSphere Client, edit the VM settings and enable the setting.

 

After all this a post on automation, so lets see if we can find a way to use PowerCLI to modify the VM’s setting so this gets easier when we have a large environment.

 

Here we can see which VMs have the automatic upgrade set and which ones are configured for manual. Utilizing a filter we can look for objects that are set for manual and then configure them to be set for upgradeAtPowerCycle

 

 

If we do a final check we can see that all VMs are now set to upgradeAtPowerCycle.

 

 

Upgrading VM Compatibility

When it comes to upgrading your VM Compatibility this is something that should be done with caution. Upgrading VM Compatibility aka VM Hardware is like pulling out the motherboard and replacing it with a new one, so this should only be done when features and functionality in a higher level are needed. Our current recommended level is Hardware Version 11 as it handles remediation from current security threats.

Prior to upgrading your VM Compatibility you should always make sure VMware Tools are up to date first as new drivers can be required for the new virtual hardware.

As I mentioned previously prior to upgrading your VM Compatibility I recommend taking a snapshot or a backup of the virtual machine in case a rollback is needed.

 

Checking VM Compatibility Version

Its quite easy to see the current version of VM Compatibility via the vSphere Client, however when checking the current levels across our entire vCenter Server we may want to automate this Below you will find a quick and easy one-liner to identify the VMs and their current VM Compatibility version.

 

As we can see above a few VMs are currently running v14 which is compatible with vSphere 6.7 only. This was needed for us to take advantage of VBS and TPM security features.

Again, we should only upgrade VM Compatibility when additional functionality is needed.

 

Upgrading VM Compatibility Version

We have identified a need to upgrade VM08 also to v14 to take advantage of Per-VM EVC so we can handle the automation of the VM compatibility upgrade. We can do this again quite easily with PowerCLI.

If you wish to do this via the vSphere Client my colleague Nigel Hickey covers this in his blog series here. However, we are talking automation here so lets jump into the quick script to accomplish this.

 

 

This will not automatically upgrade the VM Compatibility, unlike VMware Tools this can not be done with the virtual machine Powered On. The next time the VM is rebooted it will be shutdown, the compatibility will be upgraded and then be powered back on.

More information on upgrading VM Compatibility can be found here.

Conclusion

Automating your VMware Tools and VM Compatibility upgrades do not need to be hard, we have quite a few ways to help you with this and help this blog has helped educate you on some additional methods. For more information on Automating your vSphere Upgrade be sure to check out the full series here.