Vsphere Esxi Vcenter 802 Vsphere Lifecycle Manager
Vsphere Esxi Vcenter 802 Vsphere Lifecycle Manager
Vsphere Esxi Vcenter 802 Vsphere Lifecycle Manager
Cluster Lifecycle
Update 2
VMware vSphere 8.0
VMware ESXi 8.0
Managing Host and Cluster Lifecycle
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
©
Copyright 2020-2023 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
Updated Information 9
VMware, Inc. 3
Managing Host and Cluster Lifecycle
Override the Global vSphere Lifecycle Manager Remediation Settings for a Cluster That You
Manage with a Single Image 68
Configure the vSphere Lifecycle Manager Remediation Settings for Hosts and Clusters That
You Manage with Baselines 71
Configure vSphere Lifecycle Manager Remediation Settings for vSAN Clusters that You
Manage with vSphere Lifecycle Manager Baselines 73
VMware, Inc. 4
Managing Host and Cluster Lifecycle
7 vSphere Lifecycle Manager Hardware Compatibility Checks for Clusters and Hosts
129
Cluster-Level Hardware Compatibility Checks 130
NIC validation 134
Check the Hardware Compatibility of a Cluster 137
Change the Compliance Status of a Disk Device Manually 138
Host-Level Hardware Compatibility Checks 140
VMware, Inc. 5
Managing Host and Cluster Lifecycle
Using vSphere Lifecycle Manager to Migrate an NSX Virtual Distributed Switch to a vSphere
Distributed Switch 185
10 vSphere Lifecycle Manager Images and Other VMware Products and Solutions
197
vSAN Clusters and vSphere Lifecycle Manager 198
Remediation Specifics of vSAN Clusters 199
Updating Firmware in vSAN Clusters 204
About Recommendation Baseline Groups 205
vSphere Lifecycle Manager and vSphere with Tanzu 206
vSphere Lifecycle Manager and vSphere with Tanzu with vSphere Networking 206
vSphere Lifecycle Manager and vSphere with Tanzu with NSX Networking 208
vSphere Lifecycle Manager and VMware NSX® 209
Using vSphere Lifecycle Manager Baselines to Upgrade ESXi Hosts in an Environment With
VMware NSX® 3.0 210
Using vSphere Lifecycle Manager Images in an Environment With NSX 3.1 211
VMware, Inc. 6
Managing Host and Cluster Lifecycle
12 Backup and Restore Scenarios When Using vSphere Lifecycle Manager 241
VMware, Inc. 7
About Managing Host and Cluster Lifecycle
®
Managing Host and Cluster Lifecycle provides information about configuring and using VMware
vSphere Lifecycle Manager to manage the ESXi hosts and clusters in your environment.
Managing Host and Cluster Lifecycle provides instructions for configuring vSphere Lifecycle
Manager, working with the vSphere Lifecycle Manager depot, and using baselines and images
to install, update, or upgrade the software and firmware running on your ESXi hosts.
Managing Host and Cluster Lifecycle also provides detailed guidelines about using vSphere
Lifecycle Manager recommended images and performing hardware compatibility checks on
single hosts or clusters. It also describes how you can configure and use the Update Manager
Download Service (UMDS) to download software updates in deployments with no access to the
Internet.
At VMware, we value inclusion. To foster this principle within our customer, partner, and internal
community, we create content using inclusive language.
Intended Audience
This information is intended for experienced system administrators who are familiar with data
center operations and virtual machine technology.
Client Interface
The instructions in this guide reflect the HTML5-based vSphere Client.
VMware, Inc. 8
Updated Information
This Managing Host and Cluster Lifecycle document is updated with each release of the product
or when necessary.
This table provides the update history of the Managing Host and Cluster Lifecycle.
Revision Description
28 SEPT 2023 n Updated Using vSphere Lifecycle Manager Images to Remediate vSAN Stretched Clusters with
additional information.
VMware, Inc. 9
What is vSphere Lifecycle
Manager 1
®
VMware vSphere vSphere Lifecycle Manager enables centralized and simplified lifecycle
management for VMware ESXi hosts through the use of images and baselines.
In the context of maintaining a vSphere environment, your clusters and hosts in particular,
lifecycle management refers to tasks such as installing ESXi and firmware on new hosts, and
updating or upgrading the ESXi version and firmware when required.
vSphere Lifecycle Manager encompasses the functionality that Update Manager provides in
earlier vSphere releases and enhances it by adding new features and options for ESXi lifecycle
management at a cluster level.
In vSphere releases earlier than 7.0, Update Manager provides you with the ability to use
baselines and baseline groups for host patching and host upgrade operations. Starting with
vSphere 7.0, vSphere Lifecycle Manager introduces the option of using vSphere Lifecycle
Manager images as an alternative way to manage the lifecycle of the hosts and clusters in
your environment. You can also use vSphere Lifecycle Manager to upgrade the virtual machine
hardware and VMware Tools versions of the virtual machines in your environment.
vSphere Lifecycle Manager can work in an environment that has access to the Internet, directly
or through a proxy server. It can also work in a secured network without access to the Internet. In
such cases, you use the Update Manager Download Service (UMDS) to download updates to the
vSphere Lifecycle Manager depot, or you import them manually.
VMware, Inc. 10
Managing Host and Cluster Lifecycle
Operation Description
For more information about software updates and how they are distributed, see Software
Packaging Units That vSphere Lifecycle Manager Can Consume.
For more information about the vSphere Lifecycle Manager depot, see Chapter 2 The vSphere
Lifecycle Manager Depot.
VMware, Inc. 11
Managing Host and Cluster Lifecycle
When you import an ISO image into the vSphere Lifecycle Manager depot, vCenter Server
performs an MD5 hash check on the ISO image to validate its MD5 checksum. During
remediation, before the ISO image is installed, the ESXi host verifies the signature inside the
image.
If an ESXi host is configured with UEFI Secure Boot, the ESXi host performs full signature
verification of each package that is installed on the host every time the host boots. For more
information, see the vSphere Security documentation.
n Required Privileges for Using vSphere Lifecycle Manager and vSphere Configuration Profiles
The vSphere Lifecycle Manager user interface has two main views, which for convenience this
guide calls the home view and the compliance view.
VMware, Inc. 12
Managing Host and Cluster Lifecycle
You do not need any special privilege to access the vSphere Lifecycle Manager home view.
To access the vSphere Lifecycle Manager home view in the vSphere Client, select Menu >
Lifecycle Manager.
In the vSphere Lifecycle Manager home view, you specify the vSphere Lifecycle Manager
instance that you want to administer by selecting a vCenter Server system from the drop-down
menu at the top of the Lifecycle Manager pane.
In the Lifecycle Manager pane, you have the following top-level tabs: Image Depot, Updates,
Imported ISOs, Baselines, and Settings.
You use the Image Depot tab when you work vSphere Lifecycle Manager images. You use the
Updates, Imported ISOs, and Baselines tabs when you work with vSphere Lifecycle Manager
baselines. For more information about the Image Depot, Updates, and Imported ISOs tabs, see
Browsing the vSphere Lifecycle Manager Depot.
The Settings tab is where you configure all vSphere Lifecycle Manager remediation settings and
download sources. You use the Settings tab with both vSphere Lifecycle Manager images and
baselines. For more information about how to configure the vSphere Lifecycle Manager settings,
see Chapter 3 vSphere Lifecycle Manager Remediation Settings.
In the vSphere Lifecycle Manager home view, you can perform the following tasks:
VMware, Inc. 13
Managing Host and Cluster Lifecycle
You go to the vSphere Lifecycle Manager compliance view to actually use the vSphere Lifecycle
Manager baselines and images on your clusters and hosts.
To access the vSphere Lifecycle Manager compliance view in the vSphere Client, you must have
the View Compliance Status privilege.
Generally, the vSphere Lifecycle Manager compliance view is on the Updates tab for a selected
object.
Depending on the selected object and whether you use baselines or images to manage the
object, you access the vSphere Lifecycle Manager compliance view in two different ways.
n To access the vSphere Lifecycle Manager compliance view for a host or a cluster that you
manage with baselines, go to the Updates tab for the object and select Baselines.
In the Baselines pane of the vSphere Lifecycle Manager compliance view, you can perform
the following tasks:
n Check the compliance status of ESXi hosts and clusters against baselines or baseline
groups.
n Attach and detach baselines and baseline groups to hosts and clusters.
n Remediate hosts that are part of a vSAN cluster against system-managed baselines.
n To access the vSphere Lifecycle Manager compliance view for a cluster or a standalone host
that you manage with a single image, go to the Updates tab for the object and select Image.
In the Image pane of the vSphere Lifecycle Manager compliance view, you can perform the
following tasks:
n Export, import, and edit the image that the cluster or the standalone host use.
n Upgrade the firmware of the ESXi hosts in the cluster or the standalone host.
n Check for and view recommended images for the cluster or the standalone host.
n Check the hardware compatibility for a selected ESXi version against vSAN HCL.
n Check the compliance status of the ESXi hosts in the cluster or the standalone host
against the image.
VMware, Inc. 14
Managing Host and Cluster Lifecycle
n Remediate the ESXi hosts against the image that the cluster or the standalone host use.
n Under Hosts, select Hardware Compatibility to check the hardware compatibility of a host
against the VMware Compatibility Guide.
n Under Hosts, select VMware Tools or VM Hardware to check the status of virtual machines
and upgrade the VMware Tools version or the virtual hardware version of the virtual
machines.
Using DPU devices for network acceleration frees up the CPU capacity for business-critical
workloads. Besides accelerating networking performance, using DPU devices provides security
and compression acceleration.
VMware, Inc. 15
Managing Host and Cluster Lifecycle
The ESXi hypervisor that runs on the DPU device is a fully functional hypervisor, but it can only
run on ARM CPU architectures. You don't use ESXi on the DPU to run and provision virtual
machines and workloads. The hypervisor that runs on DPU devices is a trimmed version of
the ESXi hypervisor that runs on your servers. This trimmed ESXi version is optimized for I/O
activities, such as packet offloads, external management, and so on.
From vSphere perspective, the DPU device is a pre-configured device that you can start using
without any further configuration or customizations.
You cannot manage DPU devices separately from managing your ESXi hosts. All lifecycle
operations that you use to manage the lifecycle of the software and firmware on your hosts
are used to also manage the software and firmware lifecycle of DPU devices in a DPU-based
environment.
The only DPU devices that vSphere 8.0 supports are NVIDIA BlueFeild and Pensando Distributed
Services Card (Pensando DSC).
To start utilizing the DPU device on a server to offload network services, you must perform a
fresh ESXi install on the server. You can perform the installation through interactive or scripted
mechanisms. During installation, ESXi is installed both on the server and on the DPU device. In
vSphere 8.0, the ESXi image contains VIBs for both the ESXi version to be installed on a host and
the ESXi version to be installed on the DPU device on that host.
Almost all vSphere Lifecycle Manager operations work for DPU-based environments. In vSphere
8.0, only the following vSphere Lifecycle Manager operations don't work for clusters with DPU-
backed hosts:
n Recommendation generation
VMware, Inc. 16
Managing Host and Cluster Lifecycle
n All hosts must have DPU devices from the same vendor and of the same model. The DPU
generation might vary.
vSphere Lifecycle Manager uses software from VMware, original equipment manufacturers
(OEMs), and third-party software providers.
n OEMs are VMware partners, for example, Dell, HPE, VMware Cloud on AWS.
n Third-party software providers are providers of I/O filters, device drivers, CIM modules, and
so on.
Starting with vSphere 8.0, a VIB can install software on either the ESXi running on the host or the
ESXi running on a DPU device on the host. Alternatively, a single VIB can carry updates for both
the ESXi versions on the host and on the DPU device.
VMware, Inc. 17
Managing Host and Cluster Lifecycle
Term Definition
vSphere Lifecycle Manager does not consume and work with individual VIBs. VIBs must be
further packaged into a higher-level construct, such as a base image, an add-on, and so on.
What Is a Bulletin?
The bulletin is a grouping of one or more VIBs. Bulletins are defined within the metadata of the
VIB. You use bulletins, and not individual VIBs, to create vSphere Lifecycle Manager baselines,
which you attach to inventory objects and use to update and upgrade ESXi hosts.
Term Definition
VMware and OEMs do not deliver components independently. VMware bundles components
together into fully functional and bootable ESXi base images. OEMs bundle components together
into vendor add-ons. Third-party software vendors create and ship software, for example drivers
or adapters, as independent components.
VMware, Inc. 18
Managing Host and Cluster Lifecycle
The version of a base image corresponds to an ESXi release and uses the following naming
format:
Security patch release ESXi 8.0 sa, ESXi 8.0 sb, and so on
Patch release after an Update release ESXi 8.0 U1 a, ESXi 8.0 U2 sa, and so on
In vSphere 8.0, base images can contain components and VIBs applicable to the ESXi version
running on a DPU device. So, a single base image can contain software updates for both ESXi on
the server and ESXi on the DPU device.
Base images are hosted and available in the VMware online depot. Additionally, you can
download an ESXi installer ISO file and an offline bundle (ZIP file) that contains the ESXi version
from customerconnect.vmware.com.
The add-on is a collection of components that does not represent a complete, bootable image.
You cannot use vendor add-ons on their own. To customize an ESXi release, you must add the
vendor add-on to an ESXi base image. The combination of a vendor add-on and an ESXi base
image is practically identical to the custom image that OEMs provide.
When combined with an ESXi base image, the add-on can add, update, or remove components
that are part of the ESXi base image. In the vSphere Client, for each add-on available in the
depot, you can view the list of components that it adds to an ESXi base image. Similarly, you can
find information about the components that it removes from a base image.
In addition to custom ISO images and offline bundles, OEMs release ZIP files that contain only
the vendor add-on, that is, the delta between the custom image and the ESXi base image. OEMs
can release such add-on ZIP files at their discretion. The introduction of the concept of add-ons
decouples the release cycle of OEMs from the release cycle of VMware. As a result, you can
update vendor add-ons independently of updating the ESXi version of your hosts. Also, the
vendor add-on decouples the OEM customization from the VMware stock image. As a result, you
can combine software components more freely.
VMware, Inc. 19
Managing Host and Cluster Lifecycle
In vSphere 8.0, vendor add-ons support the ESXi software that runs on DPU devices.
If you use baselines and baseline groups to manage hosts and clusters, vSphere Lifecycle
Manager reads and lists the software updates that are available in the vSphere Lifecycle Manager
depot as bulletins. You can find the list of available bulletins on the Updates tab in the vSphere
Lifecycle Manager home view.
If you use vSphere Lifecycle Manager images to manage hosts and clusters, you can only work
with components and the related notions of add-ons and base images. You can find the list of the
components, add-ons, and ESXi base images on the Image Depot tab in the vSphere Lifecycle
Manager home view.
You use vSphere Lifecycle Manager baselines and baseline groups to perform the following
tasks.
You use vSphere Lifecycle Manager images to perform the following tasks.
n Install and update third-party software on all ESXi hosts in a cluster or on a standalone host.
n Update and upgrade the ESXi version on all hosts in a cluster or on a standalone host.
n Generate recommendations and use a recommended image for your cluster or host.
n Check the hardware compatibility of hosts and clusters against the VMware Compatibility
Guide and the vSAN Hardware Compatibility List.
VMware, Inc. 20
Managing Host and Cluster Lifecycle
You can use various methods and tools to deploy ESXi hosts and maintain their software
®
lifecycle. For example, you can upgrade hosts by using VMware vSphere ESXi™ Image Builder
CLI, esxcli, vSphere Auto Deploy. The different deployment and upgrade choices involve
different workflows and require you to use different ESXi image formats. When you use vSphere
Lifecycle Manager images, you follow one workflow and use the same ESXi image format for all
software lifecycle-related operations: install, upgrade, update, and patching, which significantly
simplifies the lifecycle management process.
A vSphere Lifecycle Manager image can consist of the following four elements:
The base image contains an image of VMware ESXi Server and additional components, such
as drivers and adapters that are necessary to boot a server. The base image is the only
mandatory element in a vSphere Lifecycle Manager image. All other elements are optional.
n Vendor add-on
The vendor add-on is a collection of software components that OEMs create and distribute.
The vendor add-on can contain drivers, patches, and solutions.
The firmware and drivers add-on is a special type of vendor add-on designed to assist in the
firmware update process. The firmware and drivers add-on contains firmware for a specific
server type and corresponding drivers. To add a firmware and drivers add-on to your image,
you must install the hardware support manager plug-in provided by the hardware vendor for
the hosts in the respective cluster.
n Independent components
The component is the smallest discrete unit in an image. The independent components that
you add to an image contain third-party software, for example drivers or adapters.
You can set up a vSphere Lifecycle Manager image for a cluster during the creation of the
cluster. Alternatively, for existing clusters that you mange with vSphere Lifecycle Manager
baselines, you can switch from using baselines to using images at a later time.
Note If you switch to using images, you cannot revert to using baselines for that cluster. You
can only move the hosts to a cluster that uses baselines.
VMware, Inc. 21
Managing Host and Cluster Lifecycle
The desired state of an ESXi host represents both the target software and target configuration
for the host as opposed to the software and configuration that it currently runs. The Desired
State model is the idea of managing hosts and clusters by defining and applying a desired state
instead of listing and following steps to change the current state.
Baselines
A baseline is a grouping of multiple bulletins. You can attach a baseline to an ESXi host and check
the compliance of the host against the associated baseline.
n Depending on the type of content, baselines are patch baselines, extension baselines, and
upgrade baselines.
Patch and extension baselines contain bulletins of the respective kind. Upgrade baselines
contain ESXi images.
n Depending on how the update content is selected, baselines are fixed and dynamic.
n Depending on how they are created and managed, baselines are predefined,
recommendation, or custom baselines.
Baseline Groups
A baseline group is a collection of non-conflicting baselines. You can attach the entire baseline
group to an inventory object to check the compliance status of the object against all the
baselines in the group as a whole.
You can combine custom baselines with any of the predefined baselines to create baseline
groups.
Host baseline groups can contain a single upgrade baseline, and various patch and extension
baselines.
To update or upgrade ESXi hosts by using baselines or baseline groups, you must first attach the
baselines or baselines group to an inventory object.
Although you can attach baselines and baseline groups to individual objects, a more efficient
method is to attach them to container objects, such as folders, vApps, clusters, and data centers.
Individual vSphere objects inherit baselines attached to the parent container object. Removing an
object from a container removes the inherited baselines from the object.
For more information about creating and managing baselines and baseline groups, see Types of
vSphere Lifecycle Manager Baselines and Baseline Groups.
VMware, Inc. 22
Managing Host and Cluster Lifecycle
Distribution Bulletins are distributed through Base image, vendor add-ons, and
online depots and as offline bundles. components are distributed through
You can import and use ISO images online depots and as offline bundles.
to create upgrade baselines. You cannot use ISO images to set up
a vSphere Lifecycle Manager image
for a cluster.
Import/Export You can create a custom baseline You can export an image and use
and attach it to different objects in it to manage other clusters in the
the same vCenter Server instance. same or in a different vCenter Server
You cannot export baselines and instance. Images are portable across
distribute them across vCenter Server vCenter Server instances. You can
instances. export an image as an ISO or JSON
file, but you can only import images
that are in a JSON format.
Compliance checks With baselines, you can check the With vSphere Lifecycle Manager
compliance of an object against a images, you can check the
single or against multiple baselines. compliance of the hosts against
a single image. To check the
compliance against another image,
you must first set up the new image.
VMware, Inc. 23
Managing Host and Cluster Lifecycle
vCenter Server /Datacenter-level With vSphere Lifecycle Manager With vSphere Lifecycle Manager
operations baselines, you can trigger any of images, you cannot operate at a
the main operations at the vCenter vSphere Lifecycle Manager or data
Server or data center level. center level.
VMware, Inc. 24
Managing Host and Cluster Lifecycle
Virtual machine management You can upgrade the VMware Tools You can upgrade the VMware Tools
and virtual hardware versions of the and virtual hardware versions of the
virtual machines in a cluster that virtual machines in a cluster that
you manage with vSphere Lifecycle you manage with vSphere Lifecycle
Manager baselines. Manager images.
VMware, Inc. 25
Managing Host and Cluster Lifecycle
Scenario Requirements
Using a single image to manage a cluster. n All ESXi hosts in the cluster must be of version 7.0 and
later.
n All ESXi hosts in the cluster must be stateful.
Using a single image to manage a standalone host. n The standalone ESXi host must be of version 7.0 and
later.
n The standalone ESXi host must be stateful.
VMware, Inc. 26
Managing Host and Cluster Lifecycle
Scenario Requirements
Using baselines and baseline groups to manage a cluster n To use baselines for ESXi host patching operations,
or a host. vSphere Lifecycle Manager works with ESXi 6.7, ESXi
7.0, and ESXi 8.0.
n To use baselines for ESXi host upgrade operations,
vSphere Lifecycle Manager works withESXi 6.7, ESXi
7.0, and their respective Update releases.
Switching from using baselines to using a single image to n The cluster or the standalone host must meet the
manage a cluster or a host. requirements for using an image.
n The cluster or the standalone host must be eligible for
the transition.
Upgrading virtual machine hardware and VMware Tools For VMware Tools and virtual machine hardware upgrade
operations, vSphere Lifecycle Manager works with ESXi
6.7, ESXi 7.0, and ESXi 8.0.
You can assign vSphere Lifecycle Manager and vSphere Configuration Profiles privileges to
different roles in the vSphere Client.
VMware, Inc. 27
Managing Host and Cluster Lifecycle
Table 1-4. VMware vSphere vSphere Lifecycle Manager Privileges For Using Images
VMware, Inc. 28
Managing Host and Cluster Lifecycle
Table 1-4. VMware vSphere vSphere Lifecycle Manager Privileges For Using Images (continued)
VMware, Inc. 29
Managing Host and Cluster Lifecycle
Table 1-4. VMware vSphere vSphere Lifecycle Manager Privileges For Using Images (continued)
For more information about managing users, groups, roles, and permissions, see the vSphere
Security documentation.
Table 1-5. VMware vSphere Lifecycle Manager Privileges For Using Baselines
Privilege in the vSphere
Task Client Privilege in the API Description
Manage Patches and Manage Patches and VcIntegrity.Updates.c Remediate virtual machines
Upgrades Upgrades.Remediate to om.vmware.vcIntegrity and hosts to apply patches,
Apply Patches, Extensions, .Remediate extensions, or upgrades. In
and Upgrades addition, this privilege allows
you to view the compliance
status of objects.
VMware, Inc. 30
Managing Host and Cluster Lifecycle
Table 1-5. VMware vSphere Lifecycle Manager Privileges For Using Baselines (continued)
Privilege in the vSphere
Task Client Privilege in the API Description
Upload File Upload File.Upload upgrade VcIntegrity.FileUploa Upload upgrade images and
images and offline bundles d.com.vmware.vcIntegr offline patch bundles.
ity.ImportFile
For more information about managing users, groups, roles, and permissions, see the vSphere
Security documentation.
View Host Settings in the VMware vSphere VcIntegrity.ClusterConfigura View the draft
Cluster Configuration Lifecycle tion.View configuration document,
Manager .Desired current configuration
Check Cluster Compliance
Configuration settings, compliance
Management reports, and pre-check
View Compliance Results
Privileges.Read-only reports.
Run Remediation Pre- access to
Check desired configuration
management platform
View Remediation Pre-
Check Results
VMware, Inc. 31
Managing Host and Cluster Lifecycle
Table 1-6. Required Privileges For Using vSphere Configuration Profiles (continued)
Privilege in the vSphere
Task Client Privilege in the API Description
VMware, Inc. 32
The vSphere Lifecycle Manager
Depot 2
The vSphere Lifecycle Manager depot is the source of software updates for vSphere Lifecycle
Manager. Conceptually, the vSphere Lifecycle Manager depot represents all software available
for consumption to vSphere Lifecycle Manager.
The vSphere Lifecycle Manager depot is a local depot on the vCenter Server machine. This
local depot contains software updates downloaded from the online depots that you configure
vSphere Lifecycle Manager to use. You can also manually import updates into the vSphere
Lifecycle Manager depot. You can work with vSphere Lifecycle Manager only if the vSphere
Lifecycle Manager depot contains software packages, for example, ESXi base images, vendor
add-ons, third-party components, and legacy patches and updates.
An online depot is the hosted version of the software updates that VMware, OEMs, and third-
party software providers ship. You enable vSphere Lifecycle Manager to access an online depot
by providing a URL to that depot. vSphere Lifecycle Manager is preconfigured to download
updates from one online depot, the default VMware online depot.
VMware, Inc. 33
Managing Host and Cluster Lifecycle
The default online depot that VMware provides hosts ESXi base images, vendor add-ons,
ESXi-compatible I/O device drivers certified by VMware, and async VMware Tools releases.
All software that you need to install, update, or customize the ESXi version of your hosts is
available in the official VMware online depot. You don't need to work with separate online
depots to access OEM and third-party software updates.
Third-party Third-party
software software
provider Third-party online depot provider
VMware VMware
Official VMware depot Official VMware depot
OEM OEM
OEM online depot
Note Firmware updates are not hosted in the VMware depot. To perform firmware updates,
you must install the hardware support manager plug-in that your hardware vendor provides.
The plug-in gives you access to depots that contain the necessary firmware and related
drivers updates.
You can configure vSphere Lifecycle Manager to also access and use other online depots besides
the VMware online depot, for example third-party depots that contain additional components
such as CIM modules. However, working with additional third-party depots and independent
components is rarely necessary. In most cases, the vendor add-ons that are available in the
official VMware depot provide full OEM customization for ESXi.
vSphere Lifecycle Manager downloads to the local vSphere Lifecycle Manager depot the content
from all the online depots that you configure it to use.
Synchronization
Synchronization is the process during which vSphere Lifecycle Manager downloads the
contents of the online depots that you configure it to use to the local vSphere Lifecycle
Manager depot. During synchronization, only software metadata is downloaded. The actual
payloads are downloaded when they are needed, for example during staging or remediation.
When you deploy vCenter Server, vSphere Lifecycle Manager synchronizes with the official
VMware, Inc. 34
Managing Host and Cluster Lifecycle
VMware online depot automatically. After the initial synchronization, you can schedule a
download task to run at regular intervals or you can initiate a download task manually.
All software updates hosted in the official VMware online depot are also available as offline
bundles, which you can download from my.vmware.com. You can also download offline bundles
from the VMware website or from the websites of third-party vendors.
In addition to distributing an offline.zip file, or offline bundle, and a custom ISO image, OEMs
distribute an Add-on.zip file that contains the delta between the OEM custom image and the
respective base image that VMware provides. For more information about OEM add-ons, see
Software Packaging Units That vSphere Lifecycle Manager Can Consume.
Import
Import is the operation through which you upload the contents of an offline bundle into the
vSphere Lifecycle Manager depot. During an import operation, both the software metadata
and the actual payloads are downloaded into the vSphere Lifecycle Manager depot. In
addition to importing offline bundles, you can also import ISO images to the vSphere Lifecycle
VMware, Inc. 35
Managing Host and Cluster Lifecycle
Manager depot. You can then use the ISO images to create upgrade baselines. You cannot
use an ISO image for clusters that you manage with a vSphere Lifecycle Manager image.
Third-party software providers Components For device drivers that are certified
by VMware:
n The default VMware online depot
n Offline bundle
For other third-party software that is
verified and certified by OEMs, for
example I/O filters, CIM module:
n An online depot
n Offline bundle
If you configure vSphere Lifecycle Manager to use the Internet as its download source, then the
download sources are practically all online depots that you use with vSphere Lifecycle Manager.
You can also configure vSphere Lifecycle Manager to use a UMDS shared repository as its
download source. Using a UMDS repository is appropriate in vCenter Server deployments
without access to the Internet. When you configure vSphere Lifecycle Manager to use a UMDS
repository, the synchronization of update metadata is not triggered immediately. The metadata is
downloaded according to the configured download schedule or when you initiate the download.
When you use a UMDS repository as a download source for vSphere Lifecycle Manager, only the
metadata of the updates is downloaded and stored in the vSphere Lifecycle Manager depot. The
actual payload is downloaded during staging or remediation.
VMware, Inc. 36
Managing Host and Cluster Lifecycle
Depot Overrides
In ROBO scenarios, you can configure vSphere Lifecycle Manager to use a local depot with
updates for a particular cluster instead of the depots that all clusters in that vCenter Server
instance use by default.
For more information, see Manage Depot Overrides for a Cluster or a Standalone Host.
n Installing, Setting Up, and Using the Update Manager Download Service
You can view the vSphere Lifecycle Manager depot in the vSphere Lifecycle Manager home view.
The contents of the vSphere Lifecycle Manager depot are displayed on three different tabs:
Image Depot, Updates, and Imported ISOs.
Image Depot
On the Image Depot tab, you can view all VMware base images, vendor add-ons, and
components that are available in the vSphere Lifecycle Manager depot.
You can use the ESXi Versions, Vendor Addons, and Component links at the top of the pane for
easier navigation through the lists.
The ESXi Versions list contains all base images available in the depot together with information
about the version, release date, and category for each image. When you select an image from
the list, an information panel appears on the right. The panel displays a list of all components that
the base image applies to a host upon remediation.
The Vendor Addons list contains all vendor addons available in the depot together with
information about the version, release date, and category for each addon. When you select an
add-on from the list, an information panel appears on the right. The panel displays information
about the components that the add-on applies to the host and the components that the add-on
removes from a host upon remediation.
VMware, Inc. 37
Managing Host and Cluster Lifecycle
The Component list contains all components that are available in the depot together with
information about the version, release date, and category for each component. When you
select a component from the list, an information panel appears on the right. The panel displays
information about the VIBs that the component contains.
You can filter the Component list so that it displays only independent components or all
components available in the vSphere Lifecycle Manager depot. Independent components are
components that are not part of a vendor add-on.
You use the ESXi images, vendor add-ons, and components visible on the Image Depot tab to
set up images that you can use to manage hosts in clusters collectively.
Updates
On the Updates tab, you can see all components available in the vSphere Lifecycle Manager
depot as bulletins. You can use the Filter by Baseline drop-down menu to view only the bulletins
that are part of a particular baseline.
When you select a bulletin from the list, additional information appears below the bulletins list. In
the bottom pane, you see information about the baselines that include the selected bulletin.
You use the bulletins visible on the Updates tab to create baselines and baseline groups.
Because the official VMware depot hosts certified partner content in addition to VMware content,
the Updates tab displays a broader set of OEM bulletins, for example vendor add-ons and
VMware-certified device drivers. Some of these bulletins might have dependencies that must
be pulled into the baselines that you create, so that the remediation against those baselines
is successful. As a best practice, always consult the KB article for an individual bulletin to find
information about its deployment specfics and reqired dependencies before including the bulletin
in your baselines.
Starting with vSphere 7.0, some changes are also introduced in the way VMware content is
packaged. As a result, you might see additional bulletins on the Updates tab at patch and update
releases. Those bulletins are usually of the Enhancement or BugFix category. When you include
those bulletins in a baseline, you might need to also include a base ESXi bulletins in that baseline.
As a best practice, to ensure successful application of patches and updates, always include the
appropriate rollup bulletin into your baselines. You can use the Show only rollup updates toggle
switch that is on the Updates tab to filter the list of bulletins.
Imported ISOs
On the Imported ISOs tab, you can see the ISO images that you import and make available to
vSphere Lifecycle Manager.
VMware, Inc. 38
Managing Host and Cluster Lifecycle
You use the ISO images visible on the Imported ISOs tab to create upgrade baselines. You
cannot use an ISO image for clusters configured to use a single vSphere Lifecycle Manager
image.
Note ISO images are not distributed through any online or offline depot, they are a separate
software distribution format. As a result, they cannot become available in the vSphere Lifecycle
Manager depot through synchronization or the regular import operation that you perform to
import offline bundles (ZIP files) to the depot. To make an ISO image available to vSphere
Lifecycle Manager, you must trigger the Import ISO operation. For more information, see Import
an ISO Image to the vSphere Lifecycle Manager Depot
You use the import option to populate the vSphere Lifecycle Manager depot with updates
from an offline bundle. Apart from the legacy patches and extensions, an offline bundle can
also contain an ESXi base image, a vendor add-on, or third-party software, for example,
asynchronous drivers specific to the OEM hardware requirements. For more information about
base images, vendor add-ons, and components, see Software Packaging Units That vSphere
Lifecycle Manager Can Consume.
If you want to use vSphere Lifecycle Manager baselines, you can import offline bundles that
contain patches and extensions for hosts that run ESXi 6.7 and later. In that case, you can use
the contents of the offline bundle only for host patching operations. If you import an OEM offline
bundle that contains an ESXi image of a version earlier than 7.0, you cannot use the image for
upgrade operations. To create upgrade baselines, you need an ISO image. For more information,
see Import an ISO Image to the vSphere Lifecycle Manager Depot.
If you want to use vSphere Lifecycle Manager images, you can import offline bundles that contain
software for hosts that run ESXi 7.0 and later. In that case, you can use the contents of the offline
bundle to set up vSphere Lifecycle Manager images, which you can use to upgrade a standalone
host or multiple ESXi hosts collectively.
Prerequisites
n Verify that the updates that you import are in ZIP format.
VMware, Inc. 39
Managing Host and Cluster Lifecycle
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
2 Select Actions > Import Updates at the top of the vSphere Lifecycle Manager home view.
3 Enter a URL or browse to an offline bundle in ZIP format on your local machine.
If the upload fails, check whether the structure of the ZIP file is correct and whether the
vSphere Lifecycle Manager network settings are set up correctly.
4 Click Import.
Results
You imported updates to the vSphere Lifecycle Manager depot. vSphere Lifecycle Manager
automatically generates new image recommendations for the clusters or hosts that already have
generated recommended images. However, if the imported updates are solution components
only, vSphere Lifecycle Manager does not generate new recommendations automatically.
You can view the imported patches and extension on the Updates tab in the vSphere Lifecycle
Manager home view.
You can view the imported ESXi images, vendor add-ons, and additional components on the
Image Depot tab in the vSphere Lifecycle Manager home view.
You can use ESXi .iso images to upgrade ESXi 6.7.x hosts and ESXi 7.0.x hosts to ESXi 8.0.
With vSphere Lifecycle Manager 8.0, you cannot perform ESXi upgrades to version 7.0 or 6.7.
ISO images can only be used with vSphere Lifecycle Manager baselines. You cannot use an ISO
image to upgrade the hosts in a cluster that uses a single image.
To upgrade hosts, use the ESXi installer image distributed by VMware with the name format
VMware-VMvisor-Installer-7.0.0-build_number.x86_64.iso or a custom image created
by using vSphere ESXi Image Builder. You can also use ISO images created and distributed by
OEMs.
VMware, Inc. 40
Managing Host and Cluster Lifecycle
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
n Click the Browse button to import an ESXi image from your local system.
n Enter an URL address to import an ESXi image that is not on your local system.
Local images are imported immediately, whereas importing images from a URL takes some
time.
4 Click Import.
Results
The ISO image that you uploaded appears in the list of images. You can view information
about the ESXi image, such as product, version, and build details, vendor, acceptance level, and
creation date.
What to do next
Unlike components and bulletins, which you cannot delete from the vSphere Lifecycle Manager
depot, the ISO images that you import in the depot can be deleted when you no longer need
them .
Prerequisites
n Verify that the ISO image that you want to delete is not part of any baseline. You cannot
delete images that are included in a baseline.
n Delete any baseline that contains the ISO image that you want to delete.
VMware, Inc. 41
Managing Host and Cluster Lifecycle
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
2 On the Imported ISOs tab, select an image from the list and click Delete.
Note If you try to delete an ESXi image that is used in a baseline, the operation fails with an
error message.
Results
At regular configurable intervals, vSphere Lifecycle Manager downloads updates from the
configured download sources. The download sources can be online depots or a UMDS-created
shared repository.
Regardless of the download schedule, you can initiate synchronization between the vSphere
Lifecycle Manager depot and the configured download sources. Similar to scheduled
synchronization, when you initiate synchronization manually, vSphere Lifecycle Manager
downloads software from all online depots that you configured it to use. For more information
about configuring the vSphere Lifecycle Manager download sources, see Configuring the
vSphere Lifecycle Manager Download Sources.
During synchronization, vSphere Lifecycle Manager downloads only the update metadata, the
actual payloads are downloaded during staging or remediation.
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
VMware, Inc. 42
Managing Host and Cluster Lifecycle
2 Select Actions > Sync Updates at the top of the vSphere Lifecycle Manager home view.
Results
You downloaded updates to the vSphere Lifecycle Manager depot. vSphere Lifecycle Manager
automatically generates new image recommendations for the clusters that already have
generated recommended images. However, if the updates are related to downloading solution
components only, vSphere Lifecycle Manager does not generate new recommendations
automatically.
You can view the downloaded patches and extension on the Updates tab in the vSphere
Lifecycle Manager home view.
You can view the downloaded ESXi images, vendor add-ons, and components on the Image
Depot tab in the vSphere Lifecycle Manager home view.
vSphere Lifecycle Manager downloads only the metadata and not the actual binary payload
of the updates. Downloading the metadata saves disk space and network bandwidth. The
availability of regularly updated metadata in the vSphere Lifecycle Manager depot lets you
perform compliance checks on hosts at any time.
Whatever the download source, vSphere Lifecycle Manager downloads the following types of
information:
n Metadata about all ESXi 6.x updates regardless of whether you have hosts of such versions in
your environment.
n Metadata about all ESXi 7.x updates regardless of whether you have hosts of such versions in
your environment.
vSphere Lifecycle Manager supports the recall of patches for hosts that are running ESXi6.7
or later. A patch is recalled when it has problems or potential issues. After you scan the
hosts in your environment, vSphere Lifecycle Manager alerts you if the recalled patch has
been installed on any host. Recalled patches cannot be installed on hosts with vSphere
Lifecycle Manager. vSphere Lifecycle Manager deletes all the recalled patches from the
vSphere Lifecycle Manager depot. After a patch that fixes the problem is released, vSphere
Lifecycle Manager downloads the new patch to its depot. If you have already installed the
problematic patch, vSphere Lifecycle Manager notifies you that a fix is available and prompts
you to apply the new patch.
VMware, Inc. 43
Managing Host and Cluster Lifecycle
n Patches are cryptographically signed with the VMware private keys. Before you try to install
a patch on a host, the host verifies the signature. This signature enforces the end-to-end
protection of the patch itself and can also address any concerns about downloading the
patch.
n vSphere Lifecycle Manager downloads the patch metadata and patch binaries over SSL
connections. vSphere Lifecycle Manager verifies both the validity of the SSL certificates and
the common name in the certificates. The common name in the certificates must match
the names of the servers from which vSphere Lifecycle Manager downloads the patches.
vSphere Lifecycle Manager downloads the patch metadata and binaries only after successful
verification of the SSL certificates.
Download Sources
If your deployment system is connected to the Internet, you can use the default settings and
links for downloading updates to the vSphere Lifecycle Manager depot. You can also add URL
addresses to download third-party software, for example drivers.
If your deployment system is not connected to the Internet, you can use a shared repository
after downloading the upgrades, patches, and extensions by using Update Manager Download
Service (UMDS).
For more information about UMDS, see Installing, Setting Up, and Using the Update Manager
Download Service.
The default configuration is for the vSphere Lifecycle Manager to download information directly
from the Internet. However, you can change the download source at any time. Changing the
download source from a shared repository to the Internet and the reverse is a change in the
vSphere Lifecycle Manager configuration. The two options are mutually exclusive. You cannot
download updates from the Internet and a shared repository at the same time.
By default, vSphere Lifecycle Manager is configured to use the official VMware online depot
as a download source. When you deploy vCenter Server, synchronization to the official
VMware depot is triggered automatically. When you change the default download source,
synchronization to the new download source is not triggered automatically. The synchronization
task runs as per its schedule. To download new data, you must run the VMware vSphere
Lifecycle Manager Update Download task or trigger synchronization manually.
The VMware vSphere Lifecycle Manager Update Download task is a scheduled task that runs at
regular intervals. You can change the schedule, and you can also trigger the VMware vSphere
Lifecycle Manager Update Download task independently of its schedule.
If the VMware vSphere Lifecycle Manager Update Download task is running when you apply the
new configuration settings, the task continues to use the old settings until it finishes. The next
time the download task starts, vSphere Lifecycle Manager uses the new settings.
VMware, Inc. 44
Managing Host and Cluster Lifecycle
The Internet is the default download source for vSphere Lifecycle Manager. Downloading takes
place at configurable regular intervals. To initiate downloading of updates regardless of the
download schedule, see Synchronize the vSphere Lifecycle Manager Depot .
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
4 Select the Download patches directly from the Internet option and click Save.
You cannot use folders on a network drive as a shared repository. vSphere Lifecycle Manager
does not download updates from folders on a network share in the Microsoft Windows
Uniform Naming Convention form (such as \\Computer_Name_or_Computer_IP\Shared), or on
a mapped network drive (for example, Z:\).
VMware, Inc. 45
Managing Host and Cluster Lifecycle
Prerequisites
n Create a shared repository by using UMDS and host the repository on a Web server or a local
disk. For detailed information about exporting the upgrades, update binaries, and update
metadata in Export the Downloaded Data.
n Verify that UMDS is of version compatible with the version of vSphere Lifecycle Manager that
you are using. For more information about compatibility, see Installing, Setting Up, and Using
the Update Manager Download Service.
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
4 Select the Download patches from a UMDS shared repository option and enter a path or
URL address to the shared repository.
In these examples, repository_path is the path to the folder with the exported downloaded
upgrades, patches, extensions, and notifications. In an environment where vSphere Lifecycle
Manager does not have direct access to the Internet, but is connected to a physical machine
that has access to the Internet, the folder can be on a Web server.
You can specify an HTTP or HTTPS address, or a location on the disk where vSphere
Lifecycle Manager runs. HTTPS addresses are supported without any authentication.
VMware, Inc. 46
Managing Host and Cluster Lifecycle
5 Click Save.
vCenter Server validates the URL. You can use the path to the shared repository only when
the validation is successful. If the validation fails, vSphere Lifecycle Manager reports a reason
for the failure.
Important If the updates in the folder that you specify are downloaded with a UMDS version
that is not compatible with the vCenter Server version that you use, the validation fails and
you receive an error message.
Results
The shared repository is used as the main source for downloading software updates.
Downloading from the repository is enabled by default.
n When you use a folder as a shared repository, repository_path is the path to the top-level
directory that stores the patches and notifications exported from UMDS.
For example, use UMDS to export the patches and notifications to the F:\ drive, which is a
drive mapped to a plugged-in USB device on the physical machine where UMDS is installed.
Then, plug in the USB device to the physical machine where vSphere Lifecycle Manager runs.
The device is mapped as E:\ and the folder to configure as a shared repository for vSphere
Lifecycle Manager is E:\.
n When you use a Web server as a shared repository, repository_path is the path to the
top-level directory on the Web server that stores the patches exported from UMDS.
For example, export the patches and notifications from UMDS to C:\docroot\exportdata. If
the folder is configured on a Web server and is accessible from other physical machines
at the URL https://umds_host_name/exportdata, the URL to configure as a shared
repository in vSphere Lifecycle Manager is https://umds_host_name/exportdata.
Procedure
3 In the Scheduled Tasks pane, select the VMware vSphere Lifecycle Manager Update
Download task and click Run.
VMware, Inc. 47
Managing Host and Cluster Lifecycle
Results
You can see the running task listed in the Recent Tasks pane.
The default download source for vSphere Lifecycle Manager is the official VMware depot.
Starting with vSphere 7.0, the official VMware online depot also hosts vendor add-ons and
VMware-certified device drivers. Unlike previous releases, all software that you need to install,
update, or customize the ESXi version of your hosts is available in the official VMware online
depot.
Downloading updates takes place at configurable regular intervals. To initiate the downloading of
updates regardless of the download schedule, see Synchronize the vSphere Lifecycle Manager
Depot .
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
VMware, Inc. 48
Managing Host and Cluster Lifecycle
vSphere Lifecycle Manager supports both HTTP and HTTPS URL addresses. Use HTTPS URL
addresses to download data securely. The URL addresses that you add must be complete
and contain an index.xml file, which lists the vendor and the vendor index.
Note The proxy settings that vSphere Lifecycle Manager uses are also applicable to third-
party URL addresses.
6 Click Save.
Results
The new location is added to the list of download sources and downloading from it is enabled by
default.
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
3 In the Patches downloaded from the Internet pane, select a URL address from the list of
download sources and select your task.
n Click Edit to edit the source URL or the description for the selected download source.
n Click Enable or Disable to allow or disallow downloading from the selected download
source.
VMware, Inc. 49
Managing Host and Cluster Lifecycle
Note You cannot edit or delete the default VMware download source for ESXi updates.
You can only allow or disallow vSphere Lifecycle Manager to use it for downloading update
metadata from it.
The default schedule settings ensure frequent checks, but you can change the schedule if your
environment requires you to adjust the frequency of the checks.
If you need the latest software updates, you might want to reduce the time interval between the
checks for updates. By contrast, if you are not concerned about the latest updates, if you want
to reduce the network traffic, or if you cannot access the update servers, you might want to
increase the time interval between the checks for updates.
The automatic download of update metadata is enabled by default and the default task
name is VMware vSphere vSphere Lifecycle Manager Update Download. You can change the
configuration of the task.
Prerequisites
n Verify that the machine on which vSphere Lifecycle Manager runs has access to the Internet.
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
The Edit Settings for Automatic Patch Downloads dialog box opens.
VMware, Inc. 50
Managing Host and Cluster Lifecycle
4 Select the Download patches check box and configure the schedule and settings for the
download.
To receive notification emails after the download task finishes, you must configure mail
settings for the vSphere Client. For more information, see the vCenter Server and Host
Management documentation.
5 Click Save to save your changes and close the dialog box.
Results
The automatic download task runs according to the schedule you configured.
For security reasons and deployment restrictions, vSphere, including vSphere Lifecycle Manager,
might be installed in a secured network that is disconnected from other local networks and the
Internet. vSphere Lifecycle Manager requires access to patch information to function properly.
If you are using such an environment, you can install UMDS on a computer that has Internet
access. UMDS downloads upgrades, patch binaries, and patch metadata, and then you can
export the downloads to a portable media drive so that they become accessible to vSphere
Lifecycle Manager. If the server on which vCenter Server is installed has no Internet access, but
is connected to a server that has Internet access, you can automate the export process and
transfer files from UMDS to the vSphere Lifecycle Manager depot by using a Web server on the
machine on which UMDS is installed.
UMDS is available for installation only on Linux-based operating systems. Installing UMDS on
a Windows machine is no longer supported. Administrator access is not a requirement for
downloading patches with UMDS that runs on Linux. The machine on which you install UMDS
must have Internet access.
UMDS 8.0 supports patch recalls and notifications. A patch is recalled if the released patch has
problems or potential issues. After you download patch data and notifications with UMDS, and
export the downloads so that they become available to vSphere Lifecycle Manager, vSphere
Lifecycle Manager deletes the recalled patches.
You can use UMDS to download updates that are packaged and distributed components, but it
also works with legacy bulletins.
VMware, Inc. 51
Managing Host and Cluster Lifecycle
Installing UMDS
In vSphere 8.0 release, the UMDS 8.0 is bundled with the vCenter Server appliance 8.0. You
can use the UMDS bundle from the vCenter Server appliance to install UMDS 8.0 on a separate
Linux-based system.
Note You cannot upgrade UMDS that runs on a Linux-based operating system. You can uninstall
the current version of UMDS, perform a fresh installation of UMDS according to all system
requirements, and use the existing patch store from the UMDS that you uninstalled.
n Ubuntu 14.0.4
n Ubuntu 18.04
Note When you use Red Hat Enterprise Linux 8.1, you must install the libnsl package version
2.28 or later on the system where UMDS is deployed. If the package is not present on the
system, UMDS operations might fail with the following error:
Error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such
file or directory.
VMware, Inc. 52
Managing Host and Cluster Lifecycle
Prerequisites
n Verify you have administrative privileges on the Linux machine where you install the UMDS.
n Mount the ISO file of the vCenter Server appliance 8.0 to the Linux machine.
Procedure
2 From the vCenter Server ISO that you mounted to the Linux machine, copy the VMware-
UMDS-8.0.1-build_number.tar.gz file to the Linux machine.
You can also change proxy configuration after you install UMDS by using the following
command:
Important The patch store directory must be different from the UMDS installation directory.
The default patch store location is /var/lib/vmware-umds.
Results
UMDS is installed.
VMware, Inc. 53
Managing Host and Cluster Lifecycle
Prerequisites
n Verify you have administrative privileges on the Linux machine where UMDS runs.
Procedure
2 Navigate to the UMDS installation directory, and locate the file vmware-uninstall-umds.pl.
4 To confirm that you want to uninstall UMDS from the system, enter Yes.
Results
What to do next
You can upgrade your Linux OS, and install a later compatible version of UMDS.
Setting Up UMDS
You can set up UMDS to download patches for ESXi hosts. You can also set up UMDS to
download ESXi 6.7, ESXi 7.0, and ESXi 8.0 patch binaries, patch metadata, and notifications from
third-party portals.
Administrator access is not a requirement for downloading patches if UMDS runs on Linux.
You can set up UMDS to download ESXi 6.7, ESXi 7.0, and ESXi 8.0 patches from the official
VMware depot and third-party portals.
The best practice is to use a job scheduler, for example cron job, to create a job that periodically
triggers UMDS to download the upgrades, patches, and notifications.
VMware, Inc. 54
Managing Host and Cluster Lifecycle
Procedure
1 Log in to the machine where UMDS is installed, and open a Command Prompt window.
n To set up a download of all ESXi host updates, run the following command:
vmware-umds -S --enable-host
vmware-umds -S --disable-host
What to do next
The default folder to which UMDS downloads patch binaries and patch metadata on a Linux
machine is /var/lib/vmware-umds .
You can change the folder in which UMDS downloads data after you install UMDS.
If you have already downloaded host updates, copy all the files and folders from the old location
to the new patch store location. The folder in which UMDS downloads patch binaries and patch
metadata must be located on the machine on which UMDS is installed.
Procedure
1 Log in as an administrator to the machine where UMDS is installed, and open a Command
Prompt window.
In this example, your_new_patchstore_folder is the path to the new folder in which you
want to download the patch binaries and patch metadata.
Results
You successfully changed the directory in which UMDS stores patch data.
VMware, Inc. 55
Managing Host and Cluster Lifecycle
What to do next
Procedure
1 Log in to the machine where UMDS runs, and open a Command Prompt window.
u To add a new URL address for downloading patches and notifications for ESXi 6.7, ESXi
7.0, or ESXi 8.0 hosts, run the following command:
4 (Optional) Remove a URL address, so that UMDS does not download data from it anymore.
Downloaded data is retained and can be exported. Use the following command:
Results
You configured UMDS to download host patches and notifications from specific URL addresses.
What to do next
Using UMDS
You use UMDS in air-gap scenarios, where vSphere Lifecycle Manager has no access to the
Internet. You first use UMDS to download software and notifications and then you export the
data, so that it becomes available to vSphere Lifecycle Manager.
To use UMDS, the machine on which you install it must have Internet access. After you download
the upgrades, patch binaries, patch metadata, you can export the data to a Web server or a
portable media drive, such as CD or USB flash drive. Then, you must set up vSphere Lifecycle
Manager to use the folder on the Web server or the media drive (mounted as a local disk) as a
download source.
VMware, Inc. 56
Managing Host and Cluster Lifecycle
Administrator level access is not a requirement for downloading data with UMDS that runs on
Linux.
Procedure
1 Log in to the machine where UMDS is installed, and open a Command Prompt window.
vmware-umds -D
This command downloads all the upgrades, patches and notifications from the configured
sources for the first time. Subsequently, it downloads all new patches and notifications
released after the previous UMDS download.
4 (Optional) If you have already downloaded upgrades, patches, and notifications and want
to download them again, you can include the start and end times to restrict the data to
download.
The command to re-download patches and notifications deletes the existing data from the
patch store (if present) and re-downloads it.
To re-download the upgrades, patches and notifications that were downloaded in November
2010, for example, run the following command:
The data previously downloaded for the specified period is deleted and downloaded again.
What to do next
Administrator level access is not a requirement for exporting the downloaded data with UMDS
that runs on Linux.
VMware, Inc. 57
Managing Host and Cluster Lifecycle
Prerequisites
If you installed UMDS with an existing download directory, verify that you perform at least one
download by using UMDS 8.0 before you export updates.
Procedure
1 Log in to the machine where UMDS is installed and open a Command Prompt window.
In the command, you must specify the full path of the export directory.
If you are working in a deployment in which the vCenter Server is installed on a machine
connected to the machine on which UMDS is installed, repository_path can be the path to the
folder on the Web server that serves as a shared repository.
The data you downloaded by using UMDS is exported to the path you specify. Make sure
that all files are exported. You can periodically export from UMDS and populate the shared
repository so that vSphere Lifecycle Manager can use the new patch binaries and patch
metadata.
4 (Optional) You can export the ESXi patches that you downloaded during a specified time
window.
For example, to export the patches downloaded in November 2010, run the following
command:
What to do next
Configure vSphere Lifecycle Manager to use a shared repository as a patch download source.
For more information, see Configure vSphere Lifecycle Manager to Use a Shared Repository as a
Download Source.
VMware, Inc. 58
vSphere Lifecycle Manager
Remediation Settings 3
Whether you manage the ESXi hosts in your environment with baselines or with images, you can
configure the behavior of vSphere Lifecycle Manager during remediation.
The vSphere Lifecycle Manager remediation settings for hosts and clusters that use baselines
differ from the remediation settings for hosts and clusters that you manage with a single vSphere
Lifecycle Manager image. For example, allowing the installation of software on PXE booted hosts
and the removal of media devices before maintenance mode are settings that you can configure
only for hosts and clusters that use baselines. Virtual machine migration settings, maintenance
mode settings, and Quick Boot are examples of remediation settings that you can configure for
both hosts and clusters that use baselines or images.
You can modify the default vSphere Lifecycle Manager settings only if you have the appropriate
privileges. The permission must be assigned to the vCenter Server instance where vSphere
Lifecycle Manager runs. For more information about managing users, groups, roles, and
permissions, see the vSphere Security documentation. For a list of the vSphere Lifecycle
Manager privileges and their descriptions, see Required Privileges for Using vSphere Lifecycle
Manager and vSphere Configuration Profiles.
If your vCenter Server system is connected to other vCenter Server systems by a common
vCenter Single Sign-On domain, you can configure the remediation settings for each vSphere
Lifecycle Manager instance. The configuration properties that you modify are applied only to
the vSphere Lifecycle Manager instance that you specify, and are not propagated to the other
instances in the domain.
Updates might require a host to enter maintenance mode during remediation. Virtual
machines cannot run when a host is in maintenance mode. To ensure availability, you can
activate DRS for the cluster and you can configure it for vSphere vMotion. In this case, before
the host is put in maintenance mode, vCenter Server migrates the virtual machines to another
ESXi host within the cluster.
VMware, Inc. 59
Managing Host and Cluster Lifecycle
To help ensure vSphere vMotion compatibility between the hosts in the cluster, you can
enable Enhanced vMotion Compatibility (EVC). EVC ensures that all hosts in the cluster
present the same CPU feature set to virtual machines, even if the actual CPUs on the hosts
differ. EVC prevents migration failures due to incompatible CPUs. You can enable EVC only
in a cluster where the host CPUs meet the compatibility requirements. For more information
about EVC and the requirements that the hosts in an EVC cluster must meet, see the vCenter
Server and Host Management documentation.
If a host has no running virtual machines, DPM might put the host in standby mode, which
might interrupt a vSphere Lifecycle Manager operation. So, to make sure that all vSphere
Lifecycle Manager operations finish successfully, you must deactivate DPM during these
operations.
For successful remediation, you must configure vSphere Lifecycle Manager to deactivate
DPM. After the remediation task finishes, vSphere Lifecycle Manager restores DPM. If DPM
has already put a host in standby mode, vSphere Lifecycle Manager powers on the host
before compliance checks, remediation, and staging. After the respective task finishes,
vSphere Lifecycle Manager turns on DPM and lets DPM put the host into standby mode, if
needed. vSphere Lifecycle Manager does not remediate powered off hosts.
If a host is put in standby mode and DPM is manually deactivated for a reason, vSphere
Lifecycle Manager does not remediate or power on the host.
HA Admission Control
Within a cluster, you must deactivate HA admission control temporarily to let vSphere
vMotion proceed. This action prevents downtime for the machines on the hosts that you
remediate. You can configure vSphere Lifecycle Manager to deactivate HA admission control
during remediation. After the remediation of the entire cluster is complete, vSphere Lifecycle
Manager restores the HA admission control settings. vSphere Lifecycle Manager deactivates
HA admission control before remediation, but not before compliance checks. Additionally,
for clusters that you manage with baselines, vSphere Lifecycle Manager deactivates HA
admission control before staging.
Note
Deactivating HA admission control before you remediate a two-node cluster that uses a
single vSphere Lifecycle Manager image causes the cluster to practically lose all its high
availability guarantees. The reason is that when one of the two hosts enters maintenance
mode, vCenter Server cannot failover virtual machines to that host and HA failovers are never
successful. For more information about HA admission control, see the vSphere Availability
documentation.
VMware, Inc. 60
Managing Host and Cluster Lifecycle
If FT is turned on for any of the virtual machines on a host within a cluster, you must
temporarily turn off FT before performing any vSphere Lifecycle Manager operation on
the cluster. If FT is turned on for any of the virtual machines on a host, vSphere Lifecycle
Manager does not remediate that host. You must remediate all hosts in a cluster with the
same updates, so that FT can be reactivated after remediation. A primary virtual machine
and a secondary virtual machine cannot reside on hosts of different ESXi versions and patch
levels.
During remediation with vSphere Lifecycle Manager, migrating virtual machines from the host
that is under remediation to another host takes a considerable amount of time. After remediation,
vSphere Lifecycle Manager migrates back the virtual machines to the remediated host. However,
you can configure vSphere Lifecycle Manager to suspend virtual machines to memory instead of
migrating them, powering them off, or suspending them to disk.
You can use the suspend to memory functionality only for patching operations, for example,
when you remediate a cluster or a standalone host to apply to it a hot patch, express patch, and
so on. You cannot use the suspend to memory option for upgrade operations, for example when
you upgrade your ESXi hosts from version 7.0 to version 8.0.
You enable vSphere Lifecycle Manager to suspend virtual machines to memory when you
configure the vSphere Lifecycle Manager host remediation settings. During remediation pre-
check and remediation, vSphere Lifecycle Manager verifies that the suspend to memory option
is indeed applicable to the host or cluster under remediation. If for some reason suspend to
memory is inapplicable, vSphere Lifecycle Manager reports an error and prevents remediation
from proceeding.
VMware, Inc. 61
Managing Host and Cluster Lifecycle
During a suspend to memory operation, virtual machines remain in a suspended state for some
time. So, suspending virtual machines to memory might impact the workloads running on those
virtual machines. The impact is similar to the impact that the suspend to disk operation might
have on virtual machines and workloads.
Caution As a best practice, always take snapshots of the virtual machines with critical workloads
before you start remediation when the suspend to memory option is activated.
vSphere Lifecycle Manager might not suspend to memory all virtual machines on the host even
if you activated the feature for the entire cluster or the standalone host. In some cases, vSphere
Lifecycle Manager is still able to proceed with the remediation of the host, even if some virtual
machines cannot be suspended to memory.
vSphere Lifecycle Manager powers off the EAM virtual machines after all other virtual
machines are suspended. Similarly, vSphere Lifecycle Manager powers on the EAM virtual
machines before any other virtual machines are resumed from memory. None of the
suspended virtual machines is resumed until the EAM virtual machines are powered on.
vSphere Lifecycle Manager first migrates to another host the vSphere Cluster Services virtual
machines, and then suspends to memory the rest of the virtual machines on the host.
Similarly, vSphere Lifecycle Manager does not suspend to memory the management virtual
appliances for some VMware products and solutions. However, if a virtual machine for any of
the following products or solutions runs on a host, the suspend to memory pre-check fails and
vSphere Lifecycle Manager does not proceed with the remediation of the respective host:
n vCenter Server
n NSX
n VMware HCX
n vSphere Replication
Note Third-party virtual machines do get suspended during remediation, if the Suspend to
memory option is activated.
VMware, Inc. 62
Managing Host and Cluster Lifecycle
Quick Boot
Quick Boot is a setting that you can use with clusters or standalone hosts that you manage with
vSphere Lifecycle Manager images and vSphere Lifecycle Manager baselines. Using Quick Boot
optimizes the host patching and upgrade operations. Quick Boot lets vSphere Lifecycle Manager
reduce the remediation time for hosts that undergo patch and upgrade operations. Patch and
upgrade operations do not affect the hardware of a host. If the Quick Boot feature is activated,
vSphere Lifecycle Manager skips the hardware reboot (the BIOS or UEFI firmware reboot). As
a result, the time an ESXi host spends in maintenance mode is reduced and the risk of failures
during remediation is minimized.
To configure vSphere Lifecycle Manager to suspend virtual machines to the host memory, you
must activate Quick Boot. However, you can activate Quick Boot even if you decide not to use
the Suspend to memory option.
n Quick Boot is activated for the cluster or the standalone host and the host under remediation
supports Quick Boot.
n The host has enough free memory. n The virtual machines do not have any passthrough
n The host has sufficient free low memory. devices.
n The host has enough free memory per NUMA node n The virtual machines do not have latency sensitivity
to start after a reboot. set to high.
n The host has enough reservation available n The virtual machines are not fault tolerant.
n The host does not use swapped or compressed n The virtual machines are not encrypted.
pages of virtual machines. n The virtual machines do not use persistent memory.
n The virtual machines do not have virtual SGX or
SEV devices.
n The virtual machines do not have the suspend
feature deactivated.
n The virtual machines are not frozen source virtual
machines during an Instant Clone operation.
VMware, Inc. 63
Managing Host and Cluster Lifecycle
n If you deactivate or reconfigure vSphere HA for the cluster during remediation, vSphere
HA can no longer protect the suspended virtual machines. Before you change the vSphere
HA configuration, make sure that no hosts in the cluster are in maintenance mode and the
suspended virtual machines are powered on.
n If the suspend to memory operation fails, vSphere HA determines the most appropriate
failover host after the specified timeout value expires. The failover host might be the original
host or another one.
n You must synchronize the server time for all ESXi hosts in the cluster. If the hosts are not
synchronized, vSphere HA might not respect the specified timeout period and initiate failover
earlier or later.
For more information about using and configuring vSphere HA, see the vSphere Availability
documentation.
The global remediation settings are valid for all hosts and clusters that you manage with images
or baselines respectively. For clusters or standalone hosts that you manage with a single image,
you can override the global remediation settings and use specific remediation settings for a
particular cluster or host.
Hosts that are in a vSAN cluster can enter maintenance mode only one at a time. This behavior
is a peculiarity of the vSAN cluster. For more information about the vSphere Lifecycle Manager
behavior during the remediation of hosts in a vSAN cluster, see Remediation Specifics of vSAN
Clusters .
VMware, Inc. 64
Managing Host and Cluster Lifecycle
Prerequisites
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
n To use Quick Boot, verify that the ESXi host is compatible with the feature. For more
information, see Quick Boot.
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
VMware, Inc. 65
Managing Host and Cluster Lifecycle
4 Configure the remediation settings for clusters and standalone hosts that use images, and
click Save.
Setting Description
Quick Boot Quick Boot reduces the host reboot time during remediation.
By default, Quick Boot is turned on.
You can configure this setting for a cluster or a standalone host.
VM power state The VM power stateoption lets you control the behavior of the virtual
machines that run on the ESXi host.
You can select from the following options.
n Do not change power state
n Suspend to disk
n Suspend to memory
To select the Suspend to memory option, you must turn on Quick Boot.
Otherwise, the Suspend to memory option is dimmed.
VM migration You can configure vSphere Lifecycle Manager to migrate the suspended and
powered off virtual machines from the hosts that must enter maintenance
mode to other hosts in the cluster.
By default, the Migrate powered off and suspended VMs to other hosts in
the cluster check box is selected.
If you have virtual machines with passthrough devices on a host in a DRS
cluster, make sure that you automate the migration of such virtual machines.
For more information, see the VMware knowledge base article at https://
kb.vmware.com/s/article/88271.
You can configure this setting only for a cluster that you manage with a
single image.
Retry policy You can configure how vSphere Lifecycle Manager behaves if a host fails to
enter maintenance mode or if staging or remediation for that host fails. You
can configure vSphere Lifecycle Manager to wait for a specified retry delay
period and to retry to put the host into maintenance mode as many times as
you indicate in the Number of retries text box.
You can configure this setting for a cluster or a standalone host.
VMware, Inc. 66
Managing Host and Cluster Lifecycle
Setting Description
HA admission control Admission control is a policy that vSphere HA uses to ensure failover
capacity within a cluster. If vSphere HA admission control is enabled during
remediation, vMotion might be unable to migrate the virtual machines within
the cluster.
Deactivating admission control allows a virtual machine to be powered
on even if it causes insufficient failover capacity. When this happens, no
warnings are presented, and the cluster does not turn red. If a cluster has
insufficient failover capacity, vSphere HA can still perform failovers, and uses
the VM Restart Priority setting to determine which virtual machines to power
on first.
VMware, Inc. 67
Managing Host and Cluster Lifecycle
Setting Description
Hardware compatibility issues vSphere Lifecycle Manager performs a hardware compatibility check as part
of the remediation pre-check and the remediation tasks for vSAN clusters.
You can configure vSphere Lifecycle Manager to prevent remediation when
hardware compatibility issues exist for the cluster.
n If you select the Prevent remediation if hardware compatibility
issues are found option, vSphere Lifecycle Manager reports hardware
compatibility issues as an error, which prevents remediation.
n If you deselect the Prevent remediation if hardware compatibility
issues are found option, vSphere Lifecycle Manager reports hardware
compatibility issues as a warning, which does not prevent remediation.
If the cluster is not vSAN-enabled, vSphere Lifecycle Manager does not
perform a hardware compatibility check as part of the remediation pre-
check or the remediation tasks.
You can configure this setting only for a cluster that you manage with a
single image.
Parallel remediation Enabling parallel remediation allows you to remediate multiple ESXi hosts
simultaneously. By selecting the Parallel remediation check box, you enable
vSphere Lifecycle Manager to remediate all hosts that are in maintenance
mode in parallel instead of in sequence. You can also specify the maximum
number of concurrent remediations manually.
Note If the hosts have NSX virtual distributed switches that are ready to
be migrated to vSphere Distributed Switches, you must manually set the
maximum number of parallel remediations to no more than 4. In cases when
host switch migration is needed, if more than 4 hosts are remediated in
parallel, the remediation might fail, because the host switch migration takes
more time than the time vSphere Lifecycle Manager needs to complete the
parallel remediation.
You can configure this setting only for a cluster that you manage with a
single image.
Results
These settings become the default remediation settings for clusters or standalone hosts that you
manage with vSphere Lifecycle Manager images. For any cluster or host, you can change the
default settings when you configure individual remediation tasks.
When you override the global remediation settings for a single cluster, the overrides are used
during the remediation of that specific cluster. For all other clusters, the global remediation
settings apply.
VMware, Inc. 68
Managing Host and Cluster Lifecycle
Prerequisites
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
n To enable Quick Boot, verify that the ESXi host is compatible with the feature. For more
information, see Quick Boot.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 In the Image Compliance card, click the horizontal ellipsis icon and select Edit remediation
settings.
4 In the Edit Remediation Settings dialog box, configure the remediation settings of the target
cluster and click Save.
Setting Description
Quick Boot Quick Boot reduces the host reboot time during remediation. By default,
Quick Boot is enabled.
VM power state The VM power stateoption lets you control the behavior of the virtual
machines that run on the ESXi host.
You can select from the following options.
n Do not change power state
n Suspend to disk
n Suspend to memory
To select the Suspend to memory option, you must enable Quick Boot.
Otherwise, the Suspend to memory option is dimmed.
VM migration You can configure vSphere Lifecycle Manager to migrate the suspended and
powered off virtual machines from the hosts that must enter maintenance
mode to other hosts in the cluster.
Retry policy You can configure how vSphere Lifecycle Manager behaves if staging or
remediation fails, or if a host fails to enter maintenance mode. You can
configure vSphere Lifecycle Manager to wait for a specified retry delay
period and to retry to put the host into maintenance mode as many times as
you indicate in the Number of retries text box.
VMware, Inc. 69
Managing Host and Cluster Lifecycle
Setting Description
HA admission control Admission control is a policy that vSphere HA uses to ensure failover
capacity within a cluster. If vSphere HA admission control is enabled during
remediation, vMotion might be unable to migrate the virtual machines within
the cluster.
Deactivating admission control allows a virtual machine to be powered
on even if it causes insufficient failover capacity. When this happens, no
warnings are presented, and the cluster does not turn red. If a cluster has
insufficient failover capacity, vSphere HA can still perform failovers, and uses
the VM Restart Priority setting to determine which virtual machines to power
on first.
VMware, Inc. 70
Managing Host and Cluster Lifecycle
Setting Description
Hardware compatibility issues vSphere Lifecycle Manager performs a hardware compatibility check as part
of the remediation pre-check and the remediation tasks for vSAN clusters.
You can configure vSphere Lifecycle Manager to prevent remediation when
hardware compatibility issues exist for the cluster.
n If you select the Prevent remediation if hardware compatibility
issues are found option, vSphere Lifecycle Manager reports hardware
compatibility issues as an error, which prevents remediation.
n If you deselect the Prevent remediation if hardware compatibility
issues are found option, vSphere Lifecycle Manager reports hardware
compatibility issues as a warning, which does not prevent remediation.
If the cluster is not vSAN-enabled, vSphere Lifecycle Manager does not
perform a hardware compatibility check as part of the remediation pre-
check or the remediation tasks.
Parallel remediation Enabling parallel remediation allows you to remediate multiple ESXi hosts
simultaneously. By selecting the Parallel remediation check box, you enable
vSphere Lifecycle Manager to remediate all hosts that are in maintenance
mode in parallel instead of in sequence. You can also specify the maximum
number of concurrent remediations manually.
Note If the hosts have NSX virtual distributed switches that are ready to
be migrated to vSphere Distributed Switches, you must manually set the
maximum number of parallel remediations to no more than 4. In cases when
host switch migration is needed, if more than 4 hosts are remediated in
parallel, the remediation might fail, because the host switch migration takes
more time than the time vSphere Lifecycle Manager needs to complete the
parallel remediation.
Results
These settings become the remediation settings for the selected cluster. vSphere Lifecycle
Manager uses those settings for that cluster for all future remediation tasks. The global
remediation settings remain unchanged and are applied to all other clusters.
In the Image Compliance card, vSphere Lifecycle Manager displays a message that the global
remediation settings are overridden. Also, an option to reset the values appears in the card.
When you use vSphere Lifecycle Manager baselines, you can configure vSphere Lifecycle
Manager to let other software initiate the remediation of PXE booted ESXi hosts. The remediation
installs software modules on the hosts, but typically those host updates are lost after a reboot.
To retain updates on stateless hosts after a reboot, use a PXE boot image that contains
VMware, Inc. 71
Managing Host and Cluster Lifecycle
the updates. You can update the PXE boot image before applying the updates with vSphere
Lifecycle Manager, so that the updates are not lost because of a reboot. vSphere Lifecycle
Manager itself does not reboot the hosts, because it does not install updates requiring a reboot
on PXE booted ESXi hosts.
Prerequisites
n To enable Quick Boot, verify that the ESXi host is compatible with the feature. For more
information, see Quick Boot.
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
Option Description
VM power State You can configure vSphere Lifecycle Manager to power off or suspend all
running virtual machines before host remediation. Alternatively, you can
configure vSphere Lifecycle Manager not to change the power state of the
virtual machines.
Maintenance mode failures You can configure how vSphere Lifecycle Manager behaves if a host fails
to enter maintenance mode before remediation. If you enable vSphere
Lifecycle Manager to retry to put the host in maintenance mode, you
must specify the number of retries and the retry delay. vSphere Lifecycle
Manager waits for as much time as you configure for the Retry Delay option,
and retries to put the host in maintenance mode as many times as you
indicate in the Number of retries text box.
PXE booted hosts You can allow the installation of software for solutions on the PXE booted
ESXi hosts in the vSphere inventory that you manage withvSphere Lifecycle
Manager baselines.
VM migration If you enable virtual machine migration by selecting the respective option,
vSphere Lifecycle Manager migrates the suspended and powered off virtual
machines from the hosts that must enter maintenance mode to other hosts
in the cluster.
VMware, Inc. 72
Managing Host and Cluster Lifecycle
Option Description
Removable media devices vSphere Lifecycle Manager does not remediate hosts on which virtual
machines have connected CD/DVD or floppy drives. All removable media
drives that are connected to the virtual machines on a host might prevent
the host from entering maintenance mode and interrupt remediation.
So, you can disconnect all removable media devices to ensure that the
respective host enters maintenance mode successfully. After remediation,
vSphere Lifecycle Manager reconnects the removable media devices if they
are still available.
Quick Boot Quick Boot reduces the host reboot time during remediation. By default,
Quick Boot is deactivated.
Parallel remediation Enabling parallel remediation allows you to remediate multiple ESXi hosts
simultaneously. By selecting the Parallel remediation option, you enable
vSphere Lifecycle Manager to remediate all hosts that are in maintenance
mode in parallel instead of in sequence. Alternatively, you can specify the
maximum number of concurrent remediations manually.
Note If the hosts have NSX virtual distributed switches that are ready to
be migrated to vSphere Distributed Switches, you must manually set the
maximum number of parallel remediations to no more than 4. In cases when
host switch migration is needed, if more than 4 hosts are remediated in
parallel, the remediation might fail, because the host switch migration takes
more time than the time vSphere Lifecycle Manager needs to complete the
parallel remediation.
Results
These settings become the default failure response settings with vSphere Lifecycle Manager
baselines. You can specify different settings when you configure individual remediation tasks.
A recommendation baseline group can contain upgrades or only host patches and updates. By
default, vSphere Lifecycle Manager is set to generate recommendation baselines that contain
upgrades, not only patches and updates. However, you can change the default configuration at
any time. For any vSAN cluster that you manage with baselines, you can also configure vSphere
Lifecycle Manager to generate no recommendation baseline group at all. In such cases, you can
still manually create baselines and perform host upgrades.
Prerequisites
n Verify that you manage the vSAN cluster with vSphere Lifecycle Manager baselines and not a
single vSphere Lifecycle Manager image.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
VMware, Inc. 73
Managing Host and Cluster Lifecycle
Procedure
1 In the vSphere Client, navigate to a vSAN cluster that you manage with baselines.
3 In the Remediation Settings for this Cluster pane, click the Edit button.
4 Select what type of baseline to include in the recommendation baseline group that vSphere
Lifecycle Manager generates for the selected vSAN cluster.
n To include upgrade baselines into the recommendation baseline group for that cluster,
select the Include upgrades to new ESXi versions radio button.
The Include upgrades to new ESXi versions options is the default selection for any newly
created vSAN cluster.
n To include only patches and updates in the recommendation baseline group for that
cluster, select the Include patches and updates for current ESXi version radio button.
n To stop the generation of the recommendation baseline group for that cluster, select the
No recommendation baseline group.
5 Click the Done button to save your selection and exit the dialog box.
The option that you select becomes the default configuration for the vSAN cluster.
VMware, Inc. 74
Creating and Managing vSphere
Lifecycle Manager Clusters 4
A vSphere Lifecycle Manager cluster is a cluster of ESXi hosts that you manage either with
baselines or with a single image. You decide whether to manage a cluster with baselines or with a
single image during the creation of the cluster.
Starting with vSphere 8.0, the default selections in the New Cluster wizard are based on the
presumption that you are creating a cluster that uses a single image.
You can add hosts of ESXi version 7.0 or later to a cluster that you manage with a single image.
You can add a host to a cluster and at the same time use the image on that host as an image for
the entire cluster.
VMware, Inc. 75
Managing Host and Cluster Lifecycle
Note When you remove a host from a vSAN cluster that you manage with a single image,
vSphere Lifecycle Manager invalidates the results from the last hardware compatibility check for
the cluster. To obtain valid hardware compatibility information about the cluster, you must re-run
a hardware compatibility check. For instructions on how to check the hardware compatibility for
a cluster, see Check the Hardware Compatibility of a Cluster .
All cluster-related operations are described in full detail in the vCenter Server and Host
Management documentation.
For information about using Auto Deploy to deploy and provision ESXi hosts, see the VMware
ESXi Installation and Setup documentation.
Read the following topics next:
n Create a Cluster That Uses a Single Image by Importing an Image from a Host
When you set up an image manually, you must specify the ESXi version for the image and,
optionally, a vendor add-on. After the cluster creation is complete, you can further customize the
image. For example, you can add components to the image. You can also configure a hardware
support manager and add a firmware and drivers add-on to the image. For information about
editing an image, see Edit a vSphere Lifecycle Manager Image.
If you decide to enable vSphere Configuration Profiles on the cluster, you must set up the host
configuration manually after you complete the cluster creation.
Prerequisites
n Review the requirements for using a single image in What Are the Requirements for Using
vSphere Lifecycle Manager.
VMware, Inc. 76
Managing Host and Cluster Lifecycle
n Verify that you have an ESXi image available in the vSphere Lifecycle Manager depot.
n If you want to enable vSphere Configuration Profiles on the cluster, verify that the following
requirements are met:
Procedure
3 On the Basics page, enter a name for the cluster and enable vSphere DRS, vSphere HA, or
vSAN.
4 Leave the Manage all hosts in the cluster with a single image check box and Compose a new
image radio button selected.
5 (Optional) To enable vSphere Configuration Profiles on the cluster, select the Manage
configuration at a cluster level.
6 Click Next.
7 On the Image page, set up the desired image and click Next.
8 If the cluster has vSphere Configuration Profiles enabled, review the information on the
Configuration and click Next.
9 On the Review page, review your selections and the image setup.
Results
A cluster that uses a single image appears in the vCenter Server inventory. You can view and
customize the cluster image on the Updates tab for the cluster.
If the cluster has vSphere Configuration Profiles enabled, you can configure the settings of the
hosts in the cluster collectively by going to the Configure tab for the cluster and clicking Desired
State > Configuration. See Edit the Host Settings of a Draft Configuration in vSphere Client.
What to do next
VMware, Inc. 77
Managing Host and Cluster Lifecycle
During image import, along with extracting the software specification from the reference host,
vSphere Lifecycle Manager also extracts the software depot associated with the image, and
imports the software components to the vSphere Lifecycle Manager depot in the vCenter Server
instance where you create the cluster. As a result, in air-gap scenarios, you only need one
reference host to obtain the necessaryESXi image and components in the local depot and to
create a software specification for your clusters.
You can import an image from an ESXi host that is in the same or a different vCenter Server
instance. You can also import an image from an ESXi host that is not managed by vCenter Server.
The reference host can also be in a cluster that you manage with baselines. Along with importing
the image, you can also choose to move the reference host to the cluster. As a result, the newly
created cluster uses the same image as the image on the reference host, which is now part of
that cluster. If the reference host is in another vCenter Server instance, you can import the image
from that host, but you cannot move it to the cluster.
Note When you import an image from a host, vSphere Lifecycle Manager retrieves the ESXi
version, vendor add-on, and user-added components from the host. vSphere Lifecycle Manager
does not extract the components from solutions and firmware updates installed on the reference
host. Therefore, the image for the new cluster does not contain solution components or a
firmware and drivers add-on. To obtain firmware updates in the depot and add a firmware and
drivers add-on to your cluster image, you must configure a hardware support manager for the
cluster after the cluster is created. For more information about firmware updates, see Firmware
Updates with vSphere Lifecycle Manager.
In vSphere 8.0, you can use the image of a reference host that is in a DPU-based cluster and
import it into a non-DPU cluster. Similarly, you can select a non-DPU host as the reference host
for a DPU-based cluster.
Prerequisites
n Verify that the reference host is version ESXi 7.0 Update 2 or later.
n Obtain the user name and password of the root user account for the reference host if it is not
in your vCenter Server instance.
VMware, Inc. 78
Managing Host and Cluster Lifecycle
n Review the requirements for using a single image in What Are the Requirements for Using
vSphere Lifecycle Manager.
n If you want to enable vSphere Configuration Profiles on the cluster, verify that the following
requirements are met:
Procedure
3 On the Basics page, enter a name for the cluster and enable vSphere DRS, vSphere HA, or
vSAN.
4 Leave the Manage all hosts in the cluster with a single image check box selected.
5 Choose the method of creating an image for the cluster and click Next .
n To import an image from a host that is in the same vCenter Server inventory, select the
Import image from an existing host in vCenter inventory radio button.
6 (Optional) To enable vSphere Configuration Profiles on the cluster, select the Manage
configuration at a cluster level.
VMware, Inc. 79
Managing Host and Cluster Lifecycle
Import image from an existing host a On the Image page, select the reference host which you want to extract
in the vCenter Server inventory the image from and click Next.
Note After you select a reference host, detailed information about the
image on the selected host appears at the bottom of the page. You can
view the ESXi version and all additional components.
b If the cluster has vSphere Configuration Profiles enabled, review the
information on the Configuration and click Next.
c On the Review page, review your selections and ensure that the
selected reference host and its image are what you need.
d Click Finish.
Import image from a new host a On the Image page, enter the host details and click the Find Host
button.
b If a Security Alert dialog box appears, click Yes to confirm that you want
to connect to the host.
c To move the host to the cluster, select the Also move selected host to
cluster check box and click Next.
d If the cluster has vSphere Configuration Profiles enabled, review the
information on the Configuration and click Next.
e On the Review page, review your selections and verify that the selected
reference host and its image are what you need.
f Click Finish.
Results
A cluster that uses a single image appears in the vCenter Server inventory. Depending on your
selections, the reference host might be in the newly created cluster. The image for that cluster
is identical to the image on the selected reference host. You can view and customize the cluster
image on the Updates tab for the cluster.
If the cluster has vSphere Configuration Profiles enabled, you can configure the settings of the
hosts in the cluster collectively by going to the Configure tab for the cluster and clicking Desired
State > Configuration. See Edit the Host Settings of a Draft Configuration in vSphere Client.
What to do next
VMware, Inc. 80
Managing Host and Cluster Lifecycle
the hosts against the image, and then remediate the cluster against the image to apply the new
software specification to all hosts.
Along with extracting the software specification from the appointed reference host, vSphere
Lifecycle Manager also extracts the software depot associated with the image, and imports the
components to the vSphere Lifecycle Manager depot in the vCenter Server instance where the
target cluster is.
Note When you import an image from a host, vSphere Lifecycle Manager retrieves the ESXi
version, vendor add-on, and user-added components from the host. vSphere Lifecycle Manager
does not extract the components from solutions and firmware updates installed on the reference
host. Therefore, the new image for the cluster does not contain solution components or a
firmware and drivers add-on. To obtain firmware updates in the depot and add a firmware and
drivers add-on to your cluster image, you must configure a hardware support manager. For more
information about firmware updates, see Firmware Updates with vSphere Lifecycle Manager.
Adding a host to a cluster and importing its image to the target cluster changes the compliance
state of the other hosts in the cluster. After adding the host and setting its image as the new
cluster image, you can run a compliance check. The newly added host is compliant against the
new cluster image. The rest of the hosts become non-compliant. To apply the new cluster image
to all the hosts in the cluster and make them compliant, you must remediate the cluster.
Note You cannot downgrade the software that is actually installed on the hosts in the cluster.
If the image on the reference host contains software components of lower version, you can still
import and use that image for the cluster. However, the hosts in the cluster become incompatible
with the new image, and you cannot proceed and remediate the cluster against that image.
Prerequisites
n Verify that the hosts to add are of version ESXi 7.0 or later.
n Verify that the hosts that you add to the cluster are of the same main and patch version as
the rest of the hosts.
n Obtain the user name and password of the root user account for the hosts that are not in
your vCenter Server instance.
n Review the requirements for using a single image in What Are the Requirements for Using
vSphere Lifecycle Manager.
n To add a host and import its image to the cluster, verify that the following requirements are
met.
VMware, Inc. 81
Managing Host and Cluster Lifecycle
n To add a host to a cluster that has vSphere Configuration Profiles enabled, verify that the
following requirements are met.
Procedure
3 On the Add hosts, specify the hosts that you want to add to the cluster and click Next.
b Enter the required information about the host in the text boxes.
c To add more new hosts, click the Add Host button and enter the required information.
d Select the Use the same credentials for all hosts check box.
Note If you want to add multiple hosts, you do not need to specify only new hosts or only
existing hosts. You can specify new hosts and select from the existing hosts at the same time.
4 On the Host Summary page, review the information about the hosts and click Next.
5 On the Import Image page, select the host whose image to use as the image for the cluster.
n To add the specified hosts to the cluster without changing the current image for that
cluster, select the Don't import an image radio button.
n To use any of the specified hosts as a reference host and use its image as the new image
for that cluster, select the Select which host to import the image from radio button and
select a host from the list.
Note If the image on the host that you select is of version earlier than ESXi 7.0 Update 2,
you cannot proceed with importing the image from that host.
When you select a host to import an image from, a card with information about the image
appears. you can view the ESXi version, the vendor add-on, and the additional components
that the image on the reference host contains.
VMware, Inc. 82
Managing Host and Cluster Lifecycle
6 If you selected the Select which host to import the image from radio button, click Show
Cluster's Current Image at the bottom of the page.
A card with information about the current image for the cluster appears. Before you proceed,
you can review and compare the current cluster image with the image on the selected host
before you proceed. In this way, you can ensure that you selected the right reference host.
7 Click Next.
8 On the Ready to Complete page, review the information about the selected hosts and the
new cluster image.
Results
If you chose to import an image from a host during the host addition procedure, the image for
the cluster changes. The new software specification for the cluster is identical to the one on the
selected and added reference host.
What to do next
If you chose to import an image from a host during the host addition procedure, remediate the
cluster to apply the new image to all the hosts.
VMware, Inc. 83
Managing Standalone ESXi Hosts
with vSphere Lifecycle Manager
Images
5
Starting with vSphere 8.0, you can use an image to manage the lifecycle of any standalone ESXi
host that is part of your vCenter Server inventory. In vSphere 8.0 Update 1, you can use both, the
vSphere Client and the vSphere Automation API, to manage the lifecycle of a standalone host.
A standalone host is a host that is connected to a vCenter Server instance but is not part of any
cluster. In your inventory, standalone hosts are the hosts directly under a data center object or in
a host folder.
The permissions and privileges that you need to manage a standalone host with an image are
the same as the vSphere Lifecycle Manager permissions and privileges that you need for the
respective operations at a cluster level.
No limits exist for the number of standalone hosts that you can manage with vSphere Lifecycle
Manager images. The real limit is the number of hosts that vCenter Server can support.
By using the vSphere Client and the vSphere Automation API commands, you can start using
images on a standalone host that you already manage with baselines. When you take a host out
of a cluster that you manage with vSphere Lifecycle Manager image, the host does not retain
the image. The host becomes managed by baselines. The reverse action, moving a standalone
host that you manage with a single image to a cluster that you manage with an image is not
supported.
In vSphere 8.0 Update 1, you can perform on standalone hosts all vSphere Lifecycle Manager
operations that you can perform at a cluster level by using the vSphere Client or the respective
API commands.
When you add a standalone host to a data center or a folder, the option to use a single image
for the host is selected by default. You must keep it selected unless you want to manage the
lifecycle of that standalone host with baselines. During the addition of the standalone host, you
must set up an image manually by specifying the ESXi version for the image and, optionally, a
vendor add-on. For information, see Add a Standalone Host that Uses a Single Image to a Data
Center or a Folder.
After the standalone host is added to the data center or folder, you can further customize the
image. For more information, see Edit a vSphere Lifecycle Manager Image.
VMware, Inc. 84
Managing Host and Cluster Lifecycle
For information about how to convert an existing standalone host to a host that is managed with
a single image and all available workflows for managing a standalone host with vSphere Lifecycle
Manager images, see Chapter 6 How to Use vSphere Lifecycle Manager Images .
n Add a Standalone Host that Uses a Single Image to a Data Center or a Folder
When you add a standalone host to a data center or a folder, you must specify the ESXi version
for the image and, optionally, a vendor add-on. After the standalone host is added to the data
center or folder, you can further customize the image. For example, you can add components
to the image. You can also configure a hardware support manager and add a firmware and
drivers add-on to the image. For information about editing an image, see Edit a vSphere Lifecycle
Manager Image.
Prerequisites
n Review the requirements for using a single image in What Are the Requirements for Using
vSphere Lifecycle Manager.
n Obtain the user name and password of the root user account for the host.
n Verify that you have an ESXi image available in the vSphere Lifecycle Manager depot.
n Verify that you have the proper privileges. For more information, see vSphere Lifecycle
Manager Privileges For Using Images.
Procedure
1 In the vSphere Client, navigate to a data center or folder within a data center.
3 On the Name and location page, enter the IP address or the name of the host and click Next.
4 On the Connection settings page, enter administrator credentials and click Next.
5 On the Host summary page, review the host summary and click Next.
6 On the Host lifecycle page, leave the Manage host with an image check box selected.
VMware, Inc. 85
Managing Host and Cluster Lifecycle
7 On the Image page, set up the desired image and click Next.
8 On the Assign license page, add a license to the host and click Next.
9 (Optional) Select a lock-down mode option to deactivate the remote access for the
administrator account after vCenter Server takes control of this host and click Next.
10 On the VM location page, select a location for the virtual machines that reside on the host
and click Next.
11 On the Ready to complete page, review your selections and the image setup and click Finish.
Results
A standalone host that uses a single image appears in the vCenter Server inventory. You can
view and customize the host image on the Updates tab for the standalone host.
VMware, Inc. 86
How to Use vSphere Lifecycle
Manager Images 6
Using vSphere Lifecycle Manager images provides a simplified and unified workflow for
patching and upgrade of ESXi hosts. You can also use vSphere Lifecycle Manager images for
bootstrapping purposes and firmware updates.
An image defines the exact software stack to run on all ESXi hosts in a cluster or on a standalone
host.
General Workflow
Using images to apply software and firmware updates to ESXi hosts is a multi-stage process.
1 Software updates must become available in the vSphere Lifecycle Manager depot.
To set up and use an image, you use the software updates that are available in the vSphere
Lifecycle Manager depot. The depot contains base images, vendor add-ons, and additional
components.
Updates get into the vSphere Lifecycle Manager local depot through synchronization with
configurable download sources. By default, vSphere Lifecycle Manager is configured to
synchronize with the official VMware depot. You can also import updates into the depot
manually.
You can see the contents of the vSphere Lifecycle Manager depot in the vSphere Lifecycle
Manager home view.
For more information, see Chapter 2 The vSphere Lifecycle Manager Depot.
vSphere Lifecycle Manager provides you with the option to start using images during the
procedure for creating a cluster or adding a host to a data center or folder. If you do not set
up an image during the creation of a cluster or the addition of a standalone host, you can
switch from using vSphere Lifecycle Manager baselines to using vSphere Lifecycle Manager
images at a later time.
Even when you save the image, no software is installed on the ESXi hosts during image setup.
VMware, Inc. 87
Managing Host and Cluster Lifecycle
For more information, see Chapter 4 Creating and Managing vSphere Lifecycle Manager
Clusters, Chapter 5 Managing Standalone ESXi Hosts with vSphere Lifecycle Manager Images,
and Convert a Cluster or a Host That Uses Baselines Into a Cluster or a Host That Uses
vSphere Lifecycle Manager Images.
3 Check the compliance of the ESXi hosts in the cluster or the standalone host against the
image specification.
The compliance check compares the current image on the ESXi hosts in the cluster or the
standalone host against the desired image that you specified during the setup process, and
defines compatibility status of the hosts.
For more information, see Check the Compliance of a Cluster Against a vSphere Lifecycle
Manager Image and View Host Compliance Information .
4 Review the compliance statuses of the hosts in the cluster or the standalone host.
5 You can run a remediation pre-check on an ESXi host to ensure software and hardware
compatibility with the image.
6 Remediate the non-compliant ESXi hosts in the cluster or the non-compliant standalone host.
Remediation is the process through which the software specification defined by the vSphere
Lifecycle Manager image that you use for a cluster or a host is actually applied to the hosts in
the cluster or to the standalone host.
For more information about remediating hosts against an image, see Remediating a Cluster or
a Standalone Host Against a Single Image.
Limitations
n When you set up and save an image for a cluster or a standalone host, the image is not
applied to the hosts in the cluster or to the standalone host unless you remediate the hosts.
The mere action of changing the management method does not alter the hosts in the cluster
or the standalone host.
n After you set up an image for the cluster or the standalone host and remediate the hosts in
the cluster or the standalone host against the image, standalone VIBs are deleted from the
hosts.
n After you set up an image for the cluster or the standalone host and remediate the hosts
in the cluster or the standalone host against the image, non-integrated solution agents are
deleted from the hosts.
n Convert a Cluster or a Host That Uses Baselines Into a Cluster or a Host That Uses vSphere
Lifecycle Manager Images
VMware, Inc. 88
Managing Host and Cluster Lifecycle
n Staging vSphere Lifecycle Manager Images to ESXi Hosts in a Cluster or Standalone Hosts
n Run a Remediation Pre-Check for a Cluster, a Host Within a Cluster, or a Standalone Host
n View Last Remediation or Remediation Pre-Check Results for a Cluster or a Standalone Host
that Uses a Single Image
To switch a cluster to vSphere Lifecycle Manager images, you must set up a new image or import
an existing one. In vSphere 8.0 Update 1, to switch a standalone host to a vSphere Lifecycle
Manager images, you can either set up a new image or import an existing one. Before you
proceed with setting up or importing an image, vCenter Server checks and reports if the cluster
or host is eligible for using images. For more information about cluster or host eligibility, see
Cluster or Standalone Host Eligibility to Use vSphere Lifecycle Manager Images.
System Requirements
To switch to using images, the cluster or host must meet multiple requirements.
n All ESXi hosts in the cluster or the standalone host must be of version 7.0 and later.
n All ESXi hosts in the cluster or the standalone host must be stateful.
n No host in the cluster or standalone host can contain any unknown components.
If a host is of version earlier than ESXi 7.0, you must first use an upgrade baseline to upgrade
the host and then you can successfully switch to using images. For more information about
using baselines for host patching and upgrade operations, see Chapter 8 Using vSphere Lifecycle
Manager Baselines and Baseline Groups .
VMware, Inc. 89
Managing Host and Cluster Lifecycle
For more information about converting a stateless host into a stateful host, find information
about Auto Deploy in the VMware ESXi Installation and Setup documentation.
n If you switch to using images, you cannot revert to using baselines for the cluster. You can
move the hosts to a cluster that uses baselines, but you cannot change a cluster that already
uses a single image for management purposes.
n If you switch to using images for a standalone host, you cannot revert to using baselines for
the host except if you re-add the standalone host to the vCenter Server inventory.
n When you set up and save an image for a cluster or host, the image is not applied to the
hosts in the cluster or to the standalone host unless you remediate the hosts. The mere
action of changing the management method does not alter the hosts in the cluster or the
standalone host.
n After you set up an image for the cluster or the standalone host and remediate the hosts in
the cluster or the standalone host against the image, standalone VIBs are deleted from the
hosts.
n After you set up an image for the cluster or host and remediate the hosts in the cluster or
the standalone host against the image, non-integrated solution agents are deleted from the
hosts.
n If you enable a solution that cannot work with vSphere Lifecycle Manager, for example Dell
EMC VxRail, on an empty cluster and attempt to switch to using an image for that cluster, the
transition operation succeeds. However, the result is an unsupported cluster configuration,
because both vSphere Lifecycle Manager and the non-integrated solution are enabled on the
cluster.
n If you take a host out of a cluster that you manage with vSphere Lifecycle Manager image,
the host does not retain the image. The host becomes managed by baselines. The reverse
action, moving a standalone host that you manage with a single image to a cluster that you
manage with an image is not supported.
The Check cluster's eligibility to be managed with a single image and Check host's eligibility
to be managed with a single image tasks ensure that the cluster or host is not undergoing
remediation against a baseline and check whether all requirements for using vSphere Lifecycle
Manager images are met.
VMware, Inc. 90
Managing Host and Cluster Lifecycle
Also, the tasks check for standalone VIBs and ensure that no unintegrated solutions are enabled
for the cluster or host. You might not be able to switch to using vSphere Lifecycle Manager
images if unintegrated solutions are enabled on the cluster or host.
Note If you use any third-party products or solutions, you must confirm with your third-party
software vendor whether the respective solution works with vSphere Lifecycle Manager.
The tasks return three types of notifications: error, warning, and info.
Errors
The Check cluster's eligibility to be managed with a single image and Check host's eligibility to
be managed with a single image tasks report an error in case one of the following conditions
occurs:
n The cluster contains at least one host that is not stateful or the standalone host is not stateful.
n The cluster contains at least one host that is not of a compatible ESXi version or the
standalone host is of version different than 7.0 and later.
n The cluster or the standalone host contain VIBs of unintegrated solutions. In that case, you
must deactivate the unintegrated solution and retry the transition.
Warnings
The Check cluster's eligibility to be managed with a single image and Check host's eligibility to
be managed with a single image tasks issue a warning if the cluster contains at least one host
with or the standalone host contains a standalone VIB or an unknown VIB. Warnings do not block
the transition to using vSphere Lifecycle Manager images, but they require special attention or a
user action.
For example, you see a warning notification if a host in the cluster contains a standalone VIB, for
example a driver, for which a component is available in the vSphere Lifecycle Manager depot.
If you want to keep the VIB, you must add the respective component to the vSphere Lifecycle
Manager image. Otherwise, the standalone VIB is deleted upon remediation.
You also get a warning if a host in the cluster or the standalone host contain an unknown
VIB. Unknown VIBs are standalone VIBs for which no component is available in the vSphere
Lifecycle Manager depot. If vSphere Lifecycle Manager detects an unknown VIB, you must import
a component that contains the VIB into the vSphere Lifecycle Manager depot and restart the
transition. Otherwise, the unknown VIB is deleted upon remediation.
Info
The Check cluster's eligibility to be managed with a single image and Check host's eligibility
to be managed with a single image tasks give an info notification if the cluster contains at least
one host with a standalone VIB or the standalone host contains a standalone VIB, but you can
still proceed to setting up a vSphere Lifecycle Manager image for the cluster or host without any
additional actions.
VMware, Inc. 91
Managing Host and Cluster Lifecycle
For example, you see an info notification if the cluster is enabled for an integrated solution, for
example vSphere HA or vSAN.
If you switch to using images, you cannot revert to using baselines for the cluster. You can
move the hosts to another cluster, which uses baselines, but you cannot change the cluster that
already uses a single image.
If you switch to using images for a standalone host, you cannot revert to using baselines for the
host.
For conceptual information about vSphere Lifecycle Manager images, see vSphere Lifecycle
Manager Images.
For information about how to use vSphere Lifecycle Manager images to manage hosts and
clusters, see Chapter 6 How to Use vSphere Lifecycle Manager Images .
Prerequisites
n Verify that all ESXi hosts in the cluster or the standalone host are of version 7.0 and later.
n Verify that all ESXi hosts in the cluster or the standalone host are stateful. A stateful install is
one in which the host boots from a disk.
n Verify that all ESXi hosts in the cluster are from the same hardware vendor.
n Verify that no unintegrated solution is enabled for the cluster or the host.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with baselines and
baseline groups.
vSphere Lifecycle Manager starts checking if the cluster or host is eligible for using images. If
no problems are reported, the Convert to an Image pane appears.
4 If the Check cluster's eligibility to be managed with a single image or Check host's eligibility
to be managed with a single image tasks report an error or a warning that requires an action,
resolve the issue and restart the procedure.
VMware, Inc. 92
Managing Host and Cluster Lifecycle
a Click Select.
An information panel appears on the right. The information panel shows information
about the components that the add-on adds to the ESXi image and the components that
it removes from the image.
c From the Version drop-down menu for the selected add-on, select the add-on version.
d Click Select.
a Click Select.
An information panel appears on the right. The information panel shows information
about the supported ESXi versions and whether the add-on contains a driver or not.
d From the Version drop-down menu for the selected add-on, select the add-on version.
e Click Select.
c (Optional) Use the Show drop-down menu to sift out the components that are not part of
the selected vendor add-on.
An information panel appears on the right. The information panel shows information
about the component that you selected first.
e From the Version drop-down menu for the selected component, select the component
version.
f Click Select.
The selected components appear in the list of components that the image contains. You
can use the Show drop-down menu to sift out the additional components.
VMware, Inc. 93
Managing Host and Cluster Lifecycle
You validate an image to check for missing dependencies and component conflicts.
10 Click Save.
Saving the image triggers an automatic compliance check. All hosts in the cluster or the
standalone host are checked against the image.
b In the Finish image setup dialog box, click Yes, finish image setup.
Results
You set up an image for the cluster or host. You now manage all hosts in the cluster collectively
or the standalone host with a single image for the cluster or host. Upon remediation, the image is
installed on all hosts in the cluster or the standalone host.
What to do next
To apply the image to all hosts in the cluster or the standalone host, remediate the cluster or host
against the image.
If you switch to using images, you cannot revert to using baselines for the cluster. You can
move the hosts to another cluster, which uses baselines, but you cannot change the cluster that
already uses a single image.
If you switch to using images for a standalone host, you cannot revert to using baselines for the
host.
For conceptual information about vSphere Lifecycle Manager images, see vSphere Lifecycle
Manager Images.
For information about how to use vSphere Lifecycle Manager images to manage hosts and
clusters, see Chapter 6 How to Use vSphere Lifecycle Manager Images .
Prerequisites
n Verify that all ESXi hosts in the cluster or the standalone host are of version 7.0 and later.
n Verify that all ESXi hosts in the cluster or the standalone host are stateful. A stateful install is
one in which the host boots from a disk.
n Verify that all ESXi hosts in the cluster are from the same hardware vendor.
n Verify that no unintegrated solution is enabled for the cluster or the host.
VMware, Inc. 94
Managing Host and Cluster Lifecycle
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with baselines and
baseline groups.
n Click the Browse button and select a JSON file on your local machine.
vSphere Lifecycle Manager starts checking if the cluster or host is eligible for using images.
If no problems are reported, the Convert to an Image pane appears. The elements of the
imported image appear in the Define Image card.
You validate an image to check for missing dependencies and component conflicts.
7 Click Save.
Saving the image triggers an automatic compliance check. All hosts in the cluster or the
standalone host are checked against the image.
b In the Finish image setup dialog box, click Yes, finish image setup.
Results
You now manage all hosts in the cluster collectively or the standalone host with a single image
for the cluster or host. Upon remediation, the image is installed on all hosts in the cluster or on
the standalone host.
What to do next
To apply the image to all hosts in the cluster or the standalone host, remediate the cluster or host
against the image.
VMware, Inc. 95
Managing Host and Cluster Lifecycle
remove components, and you can also change the version of the included components. You can
also reuse an image by exporting it and importing it into a different cluster or a standalone host.
Using vSphere Lifecycle Manager images starts with setting up an image for a cluster or a host.
After you start managing a cluster or a host with a single image, you can edit the image at
any time. You can validate the image before saving it to verify that it includes no conflicting
components or missing dependencies.
Note When you set up an image, you select an ESXi version and a vendor add-on from the
vSphere Lifecycle Manager depot. If no ESXi base images and vendor add-ons are available
in the vSphere Lifecycle Manager depot, you must populate the depot with software updates
by synchronizing the depot or uploading updates to the depot manually. For detail information
about the corresponding procedures, see Synchronize the vSphere Lifecycle Manager Depot and
Import Updates to the vSphere Lifecycle Manager Depot.
If you do not set up an image during the creation of the cluster or the addition of the standalone
host to a data center or folder, the cluster or the host use baselines, but you can switch to
images at any time. When you set up an image during the transition workflow, you can define
the full stack of software to run on the hosts in the cluster or on the standalone host. For more
information about switching from baselines to images, see Convert a Cluster or a Host That Uses
Baselines Into a Cluster or a Host That Uses vSphere Lifecycle Manager Images.
Whereas switching from baselines to images is possible, the reverse operation is not. If a cluster
or a host use a single image, regardless of whether you set up the image during the cluster
creation or the host addition to the data center or folder, you cannot switch to using baselines
for that cluster or standalone host.
The Image card contains information about the image that the cluster or host uses. In that card,
you perform all image-related operations. You edit the image, you export the image, you validate
your selections, and so on. You can also check and view the recommendations that VMware
provides.
VMware, Inc. 96
Managing Host and Cluster Lifecycle
The Image Compliance card contains compliance information about the hosts in the cluster or
the standalone host. In that card, you perform host-related operations. You check the compliance
of the hosts in the cluster or the standalone host, you run remediation pre-checks, you remediate
the hosts in the cluster or the standalone host, and so on.
In the Image Compliance card, you edit remediation settings for that cluster or host and manage
depot overrides.
When you edit an image, vSphere Lifecycle Manager saves the working copy of the image as
a draft. The draft is an edited but unsaved version of an image. If you edit an image but for
some reason you do not save the new image set-up, when you restart editing the image, you
can use the saved draft version as a starting point or you can altogether discard the changes
that you previously made.
Validation
You can validate an image draft before you save it. Validation checks whether the image
is correct and complete. During validation, vSphere Lifecycle Manager checks for missing
dependencies and conflicting components. In case of issues, vSphere Lifecycle Manager
returns messages with information about the existing issues. You must resolve all issues
before you can save the image.
Editing an image and validating a draft before saving it are supported operations for clusters with
hosts or standalone hosts that have a DPU device. During validation, vSphere Lifecycle Manager
validates both the VIBs that are applicable to the ESXi version on the host and to the ESXi
version on a DPU device.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a vSphere Lifecycle
Manager image.
VMware, Inc. 97
Managing Host and Cluster Lifecycle
ESXi Version From the ESXi Version drop-down menu, select a new ESXi base image.
Vendor Addon n To add a vendor add-on to the image, click Select and select a vendor
add-on.
n To change the version of the vendor add-on in the image or to select a
new vendor add-on, click the pencil icon and make your changes.
n To remove the vendor add-on from the image altogether, click the trash
icon.
Firmware and Drivers Addon n To add a firmware add-on to the image, click Select. In the Select
Firmware and Drivers Addon dialog box, specify a hardware support
manager and select a firmware add-on to add to the image.
n To select a new firmware add-on, click the pencil icon and make your
changes.
n To remove the firmware add-on element from the image altogether, click
the trash icon.
Selecting a firmware add-on for a family of vendor servers is possible only if
the respective vendor-provided hardware support manager is registered as
an extension to the vCenter Server where vSphere Lifecycle Manager runs.
Components Click Show details and view the list of additional components in the image.
n To add components to the image, click Add Components and select the
components and their corresponding versions to add to the image.
n To delete a component from the image, click the trash icon in the table
with components.
n To delete a manually added component that overrides a component in
the selected vendor add-on or base image, click the undo icon in the
table with components.
You validate an image to check for missing dependencies and component conflicts.
6 Click Save.
The save operation triggers validation. If the image is valid, vSphere Lifecycle Manager saves
it and runs a compliance check against the new image. You can view compliance information
in the Image Compliance card.
If the image is invalid, saving the image fails and vSphere Lifecycle Manager returns an error.
Results
The new image is validated and displayed in the Image card. vSphere Lifecycle Manager
performs an automatic hardware compatibility check against the new image.
If there are recommended images generated for the cluster or host, those recommendations
become invalidated and updated. vSphere Lifecycle Manager automatically generates a new
recommendation based on the new image.
VMware, Inc. 98
Managing Host and Cluster Lifecycle
You can export the image of a cluster as an ISO image, ZIP file, or a JSON file.
You can import an image to a cluster that uses vSphere Lifecycle Manager images only in the
JSON format.
In vSphere 8.0, the export and import operations work for clusters with hosts that have DPU
devices.
ISO Image
Distributing an image created with vSphere Lifecycle Manager in an ISO format is useful when
you need the image to perform clean installs of ESXi and for bootstrapping purposes, for
example the kickstart workflow.
You cannot use an image exported as an ISO file with another cluster that uses vSphere Lifecycle
Manager images.
ZIP File
Distributing an image created with vSphere Lifecycle Manager as an offline bundle is useful when
you want to import the components that the image contains into the depot of the target vSphere
Lifecycle Manager instance.
Unlike the ISO image, you cannot use a ZIP file to create upgrade baselines. You also cannot use
the ZIP file to create a vSphere Lifecycle Manager image for a cluster.
JSON File
Distributing an image created with vSphere Lifecycle Manager as a JSON file is useful when you
want to reuse the same image for other clusters that use images for host management.
When you distribute the JSON file to clusters in a different vCenter Server instance, you
must make sure that the depot of the target vSphere Lifecycle Manager instance contains all
components that the JSON file contains.
The JSON file contains only metadata and not the actual software payloads.
VMware, Inc. 99
Managing Host and Cluster Lifecycle
However, when you want to use an existing image for a cluster in another vCenter Server
instance, exporting the image as a JSON file might not be enough. You might also need to export
the image as a ZIP file. At the target location, you must import the JSON file as an image to
the target cluster. But you might also need to import the ZIP file to the target vSphere Lifecycle
Manager depot to make sure that all components included in the image are available to the
target vSphere Lifecycle Manager instance.
To reuse an existing cluster image for a cluster that you manage with baselines, you must export
the source image as an ISO image. You must then import the ISO image into the local depot
of the target vSphere Lifecycle Manager instance and use the imported ISO file to create an
upgrade baseline.
Export an Image
You export an image when you want to use the same image for another cluster or standalone
host in the same or in a different vCenter Server instance.
Depending on your goals, you can export an image as a JSON file, as an installable ISO image, or
as an offline bundle that contains all software packages included in the image. The export format
depends on your needs and goals.
For example, if you intend to use the image for a cluster or host in another vCenter Server, you
must export it as a JSON file and as a ZIP file. Afterwards, you must import both the JSON file
and the ZIP file to the target vCenter Server system. For information about importing updates
to the vSphere Lifecycle Manager depot, see Import Updates to the vSphere Lifecycle Manager
Depot.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a vSphere Lifecycle
Manager image.
4 In the Export Image dialog box, select a file format, and click Export.
Results
What to do next
Import the image to a target cluster or standalone host in the same or in a different vCenter
Server instance.
Import an Image
Instead of setting up a new image manually, you can reuse an existing image by importing it to a
cluster or a standalone host. Upon remediation, the imported image is applied to all hosts in the
cluster or to the standalone host.
You can import an image only if it is in a JSON format. The JSON file contains only the image
metadata, but not the actual software payloads. To successfully import an image to a cluster or
host and apply the software specification to the hosts in the cluster or to the standalone host,
all the components must specified in the image be available in the vSphere Lifecycle Manager
depot.
So, if you want to distribute and reuse an image across vCenter Server instances, importing
the JSON file might not be enough if the components from the image are not available in the
target vSphere Lifecycle Manager depot. In such cases, before you import the JSON file to
the target cluster or host, you must first import an offline bundle that contains all components
included in the image to the target vSphere Lifecycle Manager depot. If you try to import a JSON
file to a cluster or host but the target vSphere Lifecycle Manager depot does not contain the
corresponding components, the import operation fails due to validation errors.
For information about importing updates to the vSphere Lifecycle Manager depot, see Import
Updates to the vSphere Lifecycle Manager Depot.
Prerequisites
n Verify that the vSphere Lifecycle Manager depot contains all components included in the
image that you import.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a vSphere Lifecycle
Manager image.
4 In the Import Image dialog box, select a JSON file and click Next.
n Enter a URL address to the JSON file that you want to import.
ESXi Version From the ESXi Version drop-down menu, select a new ESXi base image.
Firmware and Drivers Addon n To add a firmware add-on to the image, click Select.
n To select a new firmware add-on, click the pencil icon.
n To remove the firmware add-on element from the image altogether, click
the trash icon.
Selecting a firmware add-on for a family of vendor servers is possible only if
the respective vendor-provided hardware support manager is registered as
an extension to the vCenter Server where vSphere Lifecycle Manager runs.
Components Click Show details and view the list of additional components in the image.
n To add components to the image, click Add Components and select
components to add to the image.
n To delete a component from the image, click the trash icon in the table
with components.
n To delete a manually added component that overrides a component
in the selected vendor add-on, click the undo icon in the table with
components.
6 If the image contains conflicting components or unresolved dependencies, resolve the issues
and retry the procedure.
You validate an image to check for missing dependencies and component conflicts.
8 Click Save.
A compliance check task is automatically triggered. You can view compliance information in
the Image Compliance card.
Results
The imported JSON file is imported and set as your new image for the target cluster or host.
At that stage, nothing is installed on the hosts in the cluster or on the standalone host. The
installation of software on the hosts happens during remediation.
What to do next
Remediate the hosts in the cluster or the standalone host against the new image. See Run
a Remediation Pre-Check for a Cluster, a Host Within a Cluster, or a Standalone Host and
Remediate a Cluster Against a Single Image.
In addition to calculating the compliance state for each host in the cluster or the standalone host,
the compliance check gives you information about the impact that the remediate operation will
have on a single host, for example if remediation will cause host reboot or if maintenance mode is
needed for the host.
A host can have any of the four compliance states: compliant, non-compliant, incompatible, and
unknown. If a host has a DPU device, the compliance state of the DPU device is merged into the
overall host compliance result.
Compliant
A host is compliant if the image on the host matches the image that you set for the cluster or
host.
A DPU-backed host is compliant when the software and firmware on the server and on the
DPU device are the same as the software and firmware specified in the image for the cluster
or host.
Non-Compliant
A host is non-compliant if the image on the host does not match the image that you set
for the cluster or host. A compliant host becomes non-compliant when you set a new image
for the cluster or host or manually add or remove components on the host. You remediate
non-compliant hosts to make them compliant.
n The ESXi version on the host is earlier than the ESXi version included in the image for the
cluster or host.
n The firmware on the host is different from the firmware add-on in the image for the
cluster or host.
n The host has a component that is not included in the image for the cluster or host.
n ESXi on the server, ESXi on the DPU device, or both have software components of earlier
versions than the software and firmware specified in the image for the cluster or host.
n You edit the image for the cluster or host and add a component that contains one or
multiple VIBs that are applicable to ESXi on the server, ESXi on the DPU device, or both
platforms.
n The remediation of a cluster or a host fails and as a result, the software and firmware
components on the host are updated, but the DPU is not updated or the reverse.
Incompatible
A host is incompatible when the image for the cluster or host cannot be applied to the host.
n The ESXi version on the host is later than the ESXi version included in the image for the
cluster or host.
n The host does not have sufficient resources, for example RAM.
n The hardware of the host is incompatible with the vSphere Lifecycle Manager image for
the cluster or host.
A DPU-backed host has the incompatible compliance state when the ESXi version on the DPU
is later than the ESXi version included in the image for the cluster or host.
Unknown
The unknown compliance state indicates that there is no compliance information about the
host.
For example, the compliance state of a host is unknown in the following cases.
n You add a new host to the cluster. The compliance state of the newly added hosts is
unknown until you perform a compliance check operation on the cluster.
n You add a new standalone host to the data center or folder. The compliance state of the
standalone host is unknown until you perform a compliance check operation on the host.
n You edit the image for the cluster or host and save the modifications. The compliance
state of all hosts in the cluster or the standalone host is unknown until you check the
compliance of the cluster or host against the new image.
Compliance information about the hosts in a cluster or the standalone hosts is displayed on the
Updates tab for that cluster or host, in the Image Compliance card. If you select a cluster, the
Image Compliance card displays a list of all hosts in the cluster that are out of compliance with
the image for the cluster. When you select a host from the cluster, the compliance information
about the host appears on the right. If you select a standalone host, the Image Compliance card
displays the compliance information about the host.
If a host has a DPU device, it is listed directly below the host. The compliance information about
the DPU device appears on the right and is presented in an identical manner as the overall
compliance information about the host. You can see full image comparison or drift comparison.
When you initiate the check compliance operation on an object that contains multiple clusters
that you manage with a single image, for example a data center or vCenter Server instance,
vSphere Lifecycle Manager performs compliance checks on all those clusters.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
Results
The Image Compliance card displays information about the overall number of non-compliant and
incompatible hosts in the cluster. You can view detailed compliance information for every host. If
the host has a DPU device, you can also view compliance information about the DPU device only.
What to do next
Remediate the cluster to make the non-compliant hosts compliant. See Run a Remediation Pre-
Check for a Cluster, a Host Within a Cluster, or a Standalone Host and Remediate a Cluster
Against a Single Image.
Detailed compliance information is displayed only for hosts that are out of compliance with the
image in the cluster or the standalone host. vSphere Lifecycle Manager displays no compliance
details for compliant hosts.
For hosts that have the incompatible compliance state, vSphere Lifecycle Manager shows in a
signpost information about what causes the compatibility issues.
Prerequisites
n Verify that no host is added to the cluster after your last compliance check.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a single image.
3 View compliance information for the hosts in a cluster or for a standalone host.
Option Action
View the compliance information for a In the Image Compliance card, select a host from the Hosts list.
a host in the cluster.
Note Only non-compliant hosts are listed.
b (Optional) To view the full comparison between the image on the host
and the image for the cluster, select Full image comparison from the
drop-down menu for the Software compliance table.
c (Optional) To view only the image elements that make the host non-
compliant with the image for the cluster, select Only drift comparison
from the drop-down menu for the Software compliance table.
View the compliance information for You can view the compliance information for a standalone host in the Image
a standalone host. Compliance card.
n To view the full comparison between the software that runs on the host
and the image for the host, select Full image comparison from the drop-
down menu for the Software compliance table.
n To view only the image elements that make the host non-compliant with
the image, select Only drift comparison from the drop-down menu for
the Software compliance table.
4 If you want to view compliance details about a DPU device on a host, select the DPU device
listed for the host.
DPU devices are listed directly under the host they belong to.
n To view the full comparison between the image on the DPU device and the image for the
cluster or the standalone host, select Full image comparison from the drop-down menu
for the Software compliance table.
n To view only the image elements that make the DPU device non-compliant with the image
for the cluster or the standalone host, select Only drift comparison from the drop-down
menu for the Software compliance table.
An information panel appears on the right. In the Software compliance table, you can see
what software runs on the selected host and what is the software specification in the image
for the cluster or the standalone host.
In vSphere 8.0, staging exists as a separate operation that you can initiate. Staging is also
automatically triggered when you remediate a cluster, a host in the cluster, or a standalone
host. By default, vSphere Lifecycle Manager performs the staging operation onto all hosts in the
cluster in parallel.
If you manage a cluster with a single image, you can stage the image to all hosts in the cluster or
to a single host from that cluster. Staging is also supported for clusters with hosts and standalone
hosts that have DPU devices. During staging, vSphere Lifecycle Manager downloads to the hosts
all components that are applicable to the DPU device.
After staging is successful, a staged icon ( ) appears for any host to which the image is
staged. The icon shows that both the software and firmware components from the image are
successfully staged to the respective host. If for any reason vSphere Lifecycle Manager can't
stage the firmware components to the host, staging does not fail, but you don't see the staged
icon for that host.
If for some reason staging is successful but the subsequent remediation process fails, the
compliance status of the cluster or the standalone host changes from non-compliant to staged.
During staging, vSphere Lifecycle Manager validates the checksum and signature of the VIBs
and downloads them to the appointed folder only after the validation is successfully completed.
When the VIBs become available locally on the hosts, only a root user can modify them.
When you stage an image to a cluster, vSphere Lifecycle Manager downloads all software and
firmware components defined in the image from the vSphere Lifecycle Manager depot to all
hosts in the cluster. Before you can stage an image to a cluster or a host, you must run a
compliance check for the cluster and ensure that the host or hosts to which you stage the image
are non-compliant with that image. Staging content to compliant hosts doesn't alter the hosts in
any way. Staging the image on hosts whose compliance status is unknown triggers an automatic
compliance check.
Prerequisites
n Verify that the hosts in the cluster are non-compliant with the image.
n Verify that the hosts in the cluster are connected to vCenter Server.
n Verify that you have the required privileges to perform the task.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
4 (Optional) Click Skip Remaining Hosts if you want to stop the staging process while it is
ongoing.
Results
After staging finishes successfully, an icon ( ) appears for each host for the cluster. The icon
shows that all software and firmware from the image are successfully staged to the hosts in the
cluster. If for any reason vSphere Lifecycle Manager can't stage the firmware components to the
host, staging is still successful, but you don't see the staged icon for the hosts.
What to do next
Remediate the cluster to install the staged software and firmware to the hosts in the cluster.
Prerequisites
n Verify that the hosts in the cluster or the standalone host are non-compliant with the image.
n Verify that the hosts in the cluster or the standalone host are connected to vCenter Server.
n Verify that you have the required privileges to perform the task.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a single image.
Option Action
Stage a single host in a cluster. a In the Image Compliance card, select a host from the Hosts list.
Stage a standalone host. a In the Image Compliance card, click the Stage button.
Results
After staging finishes successfully, an icon ( ) appears for the host. The icon shows that all
software and firmware components from the image are successfully staged to the host. If for
any reason vSphere Lifecycle Manager can't stage the firmware components to the host, staging
does not fail, but you don't see the staged icon for the host.
What to do next
Remediate the host to install the staged software and firmware components to the host.
The remediation pre-check operation includes a series of checks for the cluster and for each
host in the cluster, and for the standalone host. These checks include extensive health checks to
determine whether the cluster or host is in a stable state and to ensure successful remediation.
Also, the remediation pre-check triggers a compliance check for the cluster or for the standalone
host. As a result, after the remediation pre-check, you can view compliance information for each
host and whether host reboot or maintenance mode are necessary for successful remediation.
For vSAN clusters, the remediation pre-check operation includes a hardware compatibility
check. Depending on how you configure the vSphere Lifecycle Manager remediation settings,
vSphere Lifecycle Manager might prevent remediation if hardware compatibility issues exist. For
information about configuring the global vSphere Lifecycle Manager remediation settings, see
Configure vSphere Lifecycle Manager Remediation Settings for Clusters or Standalone Hosts that
You Manage with A Single Image . For information about configuring the remediation settings for
a particular cluster, seeOverride the Global vSphere Lifecycle Manager Remediation Settings for a
Cluster That You Manage with a Single Image.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a single image.
You can observe the progress of the pre-check task. When the task finishes, vSphere
Lifecycle Manager displays information about the issues found during the pre-check.
What to do next
If vSphere Lifecycle Manager reports no issues, remediate the cluster or the standalone host. See
Remediate a Cluster Against a Single Image or Remediate a Single Host Within a Cluster or a
Standalone Host Against an Image.
If issues are reported, resolve the issues before you remediate the cluster or the standalone host.
The remediation pre-check task ensures that the host can be successfully remediated.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
3 Run a remediation pre-check for the standalone host or a single host within the cluster.
Option Action
Run a pre-check for a single host a In the Image Compliance card, select a host from the list of hosts.
within the cluster.
An information panel appears on the right.
b Select Actions > Run pre-check.
The Running pre-check card appears above the list of hosts. You can
observe the progress of the task.
Run a pre-check for a standalone a In the Image Compliance card, click the Run pre-check button.
host.
The Running pre-check dialog appears inside the Image Compliance
card. You can observe the progress of the task.
Results
When the pre-check finishes, vSphere Lifecycle Manager displays information about the issues
found during the pre-check.
What to do next
If vSphere Lifecycle Manager reports no issues, you can remediate the host. See Remediate a
Single Host Within a Cluster or a Standalone Host Against an Image.
If vSphere Lifecycle Manager reports any issues, resolve the issues before you remediate the
host.
To initiate remediation of a cluster or host, you must have the required privileges. For a list of
all vSphere Lifecycle Manager privileges and their descriptions, see vSphere Lifecycle Manager
Privileges For Using Images. For more information about managing users, groups, roles, and
permissions, see the vSphere Security documentation
During remediation, the image that you set up for the cluster is installed on all ESXi hosts in the
cluster.
When you remediate a cluster that contains a single ESXi host or that has vSphere Storage DRS
deactivated or in manual mode, the remediation process cannot put that host into maintenance
mode. So, to proceed with the remediation, you must power off the virtual machines that
are running on the host, move them to another host, or select a user policy that allows the
remediation process to power off the virtual machines. You can also set a user policy to power
on the virtual machines after the host is remediated.
For vSAN clusters, the remediation operation includes a hardware compatibility check.
Depending on how you configure the vSphere Lifecycle Manager remediation settings, vSphere
Lifecycle Manager might not proceed with the remediation task if hardware compatibility issues
exist. For information about configuring the global vSphere Lifecycle Manager remediation
settings, see Configure vSphere Lifecycle Manager Remediation Settings for Clusters or
Standalone Hosts that You Manage with A Single Image . For information about configuring
the remediation settings for a particular cluster or standalone cluster, see Override the Global
vSphere Lifecycle Manager Remediation Settings for a Cluster That You Manage with a Single
Image.
Maintenance Mode
If the update requires it, hosts are put into maintenance mode before remediation. Virtual
machines cannot run when a host is in maintenance mode. To ensure a consistent user
experience,vCenter Server migrates the virtual machines to other hosts within the cluster before
a host is put into maintenance mode. vCenter Server can migrate the virtual machines if the
cluster is configured for vMotion and if DRS and VMware Enhanced vMotion Compatibility
(EVC) are enabled. EVC guarantees that the CPUs of the hosts are compatible, but it is not a
prerequisite for vMotion.
You can configure vSphere Lifecycle Manager to deactivate HA admission control for the
cluster before remediation. However, deactivating HA admission control before you remediate
a two-node cluster that uses a single vSphere Lifecycle Manager image causes the cluster to
practically lose all its high availability guarantees. The reason is that when one of the two hosts
enters maintenance mode, vCenter Server cannot failover virtual machines to that host and HA
failovers are never successful. For more information about HA admission control, see the vSphere
Availability documentation.
Parallel Remediation
During the remediation of a cluster against a vSphere Lifecycle Manager image, the ESXi hosts
in the cluster are remediated sequentially by default. So, if the remediation for a single host
in the cluster fails, the remediation of the entire cluster stops. However, you can configure
vSphere Lifecycle Manager to remediate in parallel the hosts within a cluster that uses images.
Parallel remediation reduces the overall remediation time and optimizes the maintenance window
for the cluster. You can remediate in parallel only ESXi hosts that are already in maintenance
mode. During parallel remediation, hosts do not enter maintenance mode automatically. Similarly,
after remediation finishes, the hosts do not exit maintenance mode automatically. To remediate
hosts in parallel, you must manually enter and exit maintenance mode. If you activate parallel
remediation, vSphere Lifecycle Manager does not remediate the ESXi hosts that are not in
maintenance mode.
When you configure vSphere Lifecycle Manager to remediate hosts in parallel, you can set the
maximum number of hosts to be remediated in a single remediation task. Alternatively, you can
let vSphere Lifecycle Manager calculate the optimal number of hosts to remediate in parallel.
When you remediate hosts in parallel, if the remediation of a single host fails, the remediation
task for the entire cluster does not stop and the rest of the hosts are remediated successfully.
After remediation finishes, vSphere Lifecycle Manager reports an error for the respective host.
Parallel remediation is deactivated by default, but you can activate it during remediation or in
the vSphere Lifecycle Manager general remediation settings. Parallel remediation and all other
remediation settings apply to remediation tasks that you start in vCenter Server. Solutions such
as NSX, for example, might have separate parallel remediation settings.
You cannot remediate in parallel the witness host and the hosts in the associated vSAN cluster.
Parallel remediation is also not possible for clusters that are enabled for vSphere with Tanzu or
NSX.
During remediation, the hosts in the cluster are remediated in sequence by default. You can
configure vSphere Lifecycle Manager to remediate hosts in parallel.
The hosts that have the incompatible compliance state are not remediated.
If a vCenter HA failover is initiated during the remediation of a cluster, the remediation task is
canceled. After the failover finishes, you must restart the remediation task on the new node.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
The Review Remediation Impact dialog box appears. The dialog box contains detailed
information about all changes that remediation will enforce on the hosts in the cluster.
4 In the Review Remediation Impact dialog box, review the impact summary, the applicable
remediation settings, and the EULA.
5 To save and review the impact details later, click Export Impact Details.
The Remediate Cluster task appears in the Recent Tasks pane. You can also observe the
progress of the remediation task in the Image Compliance card. If remediation fails, vSphere
Lifecycle Manager gives information about the reasons for the failure.
Prerequisites
n Verify that the host is non-compliant with the image for the cluster or the standalone host.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or host that you manage with a single image.
Option Action
Remediate a single host within a a In the Image Compliance card, select a host from the Hosts list.
cluster.
A card with information about the host appears on the right.
b Click Actions > Remediate > .
The Review Remediation Impact dialog box appears. The dialog box
contains detailed information about all changes that remediation will
enforce on the host.
Remediate a standalone host. a In the Image Compliance card, click the Remediate button.
The Review Remediation Impact dialog box appears. The dialog box
contains detailed information about all changes that remediation will
enforce on the host.
4 Review the impact summary, the applicable remediation settings, and the EULA.
5 If you remediate a single host in a cluster, to save and review the impact details later, click
Export Impact Details.
The Remediate Cluster or the Remediate Host tasks appear in the Recent Tasks pane. You
can also observe the progress of the remediation task in the Image Compliance card. If
remediation fails, vSphere Lifecycle Manager gives information about the reasons for the
failure.
Prerequisites
Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For Using
Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
3 In the Image Compliance card, click the horizontal ellipsis icon and select your task.
n To view the results from the last remediation pre-check performed on the cluster or the
standalone host, select Last pre-check results.
n To view the results from the last remediation of the cluster or the standalone host, select
Last remediation results.
Results
The Image Compliance displays detailed information about the last remediation or remediation
pre-check task that ran on the cluster or the standalone host.
A ROBO cluster or a ROBO standalone host has limited or no access to the Internet or limited
connectivity to vCenter Server. As a result, clusters and standalone hosts in ROBO deployments
might have limited access to the vSphere Lifecycle Manager depot during the compliance check,
remediation pre-check, and remediation operations.
With vSphere Lifecycle Manager images, you can use a local depot for ROBO clusters and
hosts, and configure vSphere Lifecycle Manager to use the local depot during the compliance
check, remediation pre-check, and the remediation tasks. The local depot overrides the vSphere
Lifecycle Manager depot. Using local depots with ROBO clusters and ROBO standalone hosts
saves time and network bandwidth.
Starting with vSphere 8.0 Update 1, you can manage local depot overrides for ROBO standalone
hosts in the vSphere Client and by using the vSphere Automation API.
For each cluster or standalone host that you manage with a single image, you can add and
use multiple local depots instead of the default vSphere Lifecycle Manager depot. You can also
delete the depot overrides that you configure. If depot overrides are not active for a cluster or
a standalone host, the cluster or the host uses the general vSphere Lifecycle Manager depot in
vCenter Server.
Prerequisites
n Export an offline bundle with components from a vSphere Lifecycle Manager image and
import the offline bundle to the target local depot.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
3 In the Image Compliance card, click the horizontal ellipsis icon and select Manage depot
overrides.
Option Description
Add depot overrides Enter a URL or a file path to a local depot and click Add.
The depot is added to the Depot override URL list.
Delete a depot override Click the horizontal ellipsis icon for a depot override from the list and click
Delete.
The depot is removed from the Depot override URL list.
5 Click Close.
Results
In the Image Compliance pane, you see a notification if depot overrides are active for the cluster
or the standalone host.
When you set up or edit an image, you manually combine the image elements (ESXi
version, vendor add-on, firmware add-on, and additional components) in such a way as to
define the full software stack to run on all hosts in the cluster. You must manually check
whether a particular image set-up is complete and valid, and suitable to your environment.
The vSphere Lifecycle Manager recommendations save you the effort of exploring the
possible and applicable combinations of image elementsvSphere Lifecycle Manager generates
recommendations automatically under certain conditions and upon certain events. Alternatively,
you can trigger recommendation generation manually.
Recommended images are validated through a series of checks that ensure that a recommended
image has no missing dependencies or conflicting components. For vSAN clusters, the validation
also runs a hardware compatibility check against the vSAN Hardware Compatibility List (vSAN
HCL). The extensive validation checks ensure that if you decide to use a recommended image for
a cluster, the remediation against the recommended image is successful.
You can manually cancel the recommendation generation task from the Recent Tasks pane.
The latest image in a series contains the latest minor ESXi version or patch for that version. For
example, if the current image for a cluster contains a base ESXi image of version 7.0 and base
images of version 7.0 Update 1, 7.0 Update 2, 7.0 Update 3, and 8.0 are available in the vSphere
Lifecycle Manager depot, the latest image in the current series recommendation contains ESXi
version 7.0 Update 3.
In some cases, the ESXi version in a recommended image might be the same as the ESXi version
in the current image for a cluster, but the recommended image might contain a later version of
any other image element, for example the vendor add-on, a component, or the firmware add-on.
For example, the current image for a cluster contains a base ESXi image of version 7.0 Update
1 and the vSphere Lifecycle Manager depot contains ESXi images of version 7.0 Update 2,
a hot patch for 7.0 Update 2, and 8.0. Upgrading to the ESXi 7.0 Update 2 with the hot
patch is an allowed upgrade path. Upgrading further to ESXi 8.0 causes regression, because
the recommended image that contains ESXi 8.0 does not contain the hot patch. So, vSphere
Lifecycle Manager lists ESXi Update 2 with the hot patch as the latest in current series
recommendation. ESXi 8.0 is listed as a not recommended ESXi version.
In some cases, vSphere Lifecycle Manager might list as not recommended an ESXi version within
the current release series. The reason is possible hardware compatibility issues.
In the vSphere Client, you can view a list of all ESXi versions that are not recommended for use
together with an explanation about the reason why they are not recommended.
By default, the depot updates every 24 hours. Also, the content of the depot changes when
you import an offline bundle to the depot or you manually trigger synchronization to the
configurable download sources.
Note If the depot gets updated with solution components only, vSphere Lifecycle Manager
does not generate new recommendations. Similarly, if the depot gets updated by adding or
removing base images that are of a major ESXi version as compared to the current image of
a cluster, vSphere Lifecycle Manager does not start a recommendation generation task.
n You edit the image that you use for a cluster and save the new image set-up.
Note If you edit an image by only adding solution components to the image, vSphere
Lifecycle Manager generates no new recommendation.
The automated recommendation generation is available only for clusters that already have
recommended images generated. When vSphere Lifecycle Manager starts the generation of
a new recommendation automatically, the Compute Image recommendations for cluster task
appears in the Recent tasks pane. You can observe the progress of the task or cancel it. vCenter
Server issues an event when a recommendation generation task starts or ends. If the task fails,
vCenter Server issues an alarm of the warning type. In cases of failure, you must check for
recommended images for the cluster manually. The recommendation generation task cannot
run simultaneously with other vSphere Lifecycle Manager operations, for example remediation
and compliance checks. If you need to start another operation immediately, you can cancel the
Compute Image recommendations for cluster task at any time.
A recommended image contains updates for your cluster or host. The recommendations is
based on the ESXi versions available in the vSphere Lifecycle Manager depot. When you trigger
the Compute image recommendations task, vSphere Lifecycle Manager first determines the
recommended ESXi version for the cluster or host. After that, vSphere Lifecycle Manager checks
sequentially for newer versions of the vendor add-on, additional components, and firmware
add-on that are compatible with the recommended ESXi version and the hardware of the hosts
in the cluster or the standalone host. So, sometimes, a recommended image might contain the
same ESXi version as the ESXi version in the current image for the cluster or host but combined
with an updated vendor add-on, component, or firmware add-on.
The Compute image recommendations task is non-cancellable. You must rerun the task
periodically to ensure that the recommendations are valid and still suitable to the cluster or host.
Before you check for recommended images, you must ensure that the cluster or host is not being
remediated. Recommendations generation and remediation are mutually exclusive operations.
They cannot run simultaneously.
Prerequisites
n Verify that remediation is not running for the cluster or the standalone host.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
3 In the Image card, click the horizontal ellipsis icon and select Check for recommended
images.
When the task finishes, a blue badge appears in the Image card.
4 To view the recommended images, click the horizontal ellipsis icon and select View
recommended images.
Results
vSphere Lifecycle Manager suggests a recommended image for the cluster or for the standalone
host or reports that no recommended images are available for the cluster or the host.
When no recommended images are available, vSphere Lifecycle Manager displays detailed
information about why no recommendations are available or why certain ESXi versions are not
recommended.
What to do next
View the recommendations. You can import a recommended image to the cluster or host and
replace the current image that the cluster or the host uses. See Use the vSphere Lifecycle
Manager Recommended Image as the New Image for a Cluster or a Standalone Host.
Prerequisites
n Verify that the Compute image recommendations task is performed for the cluster or the
host or check for recommended images for the cluster or the host manually. See Check for
Recommended Images.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
3 If no recommendations are available for the cluster or host at all, click View Details in the
banner at the top of the pane to see details.
4 If recommendations are available, in the Image card, click the horizontal ellipsis icon and
select View recommended images.
n To view the image that vSphere Lifecycle Manager recommends for the cluster or the
host, check the Latest in current series column in the Recommended Images dialog box.
n To view the ESXi versions that vSphere Lifecycle Manager doesn't recommend for the
cluster or the host, in the Recommended Images dialog box, click Show versions that are
not recommended.
Note The Show versions that are not recommended link is visible only if the vSphere
Lifecycle Manager depot contains more recent ESXi versions than the ESXi version in
the current cluster or host image, but those more recent versions are not within the
major release series of the current base image or might lead to hardware compatibility
issues. For example, if the image for your cluster or host contains ESXi version 7.0, and
ESXi 8.0 is available in the vSphere Lifecycle Manager depot, the latter is listed as a not
recommended version.
If the View recommended images option is dimmed, no recommended images are available
for this cluster or host. If recommendations are available, in the Image card, you see a label
indicating the number of recommendations.
What to do next
You can decide to use the recommended image and set it as the new image for the cluster or the
host.
Prerequisites
n Check for recommended images for a cluster or a host. See Check for Recommended Images.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or to a standalone host that you manage with a
single image.
3 In the Image card, click the horizontal ellipsis icon and select View recommended images.
If the View recommended images option is dimmed, no recommended images are available
for this cluster or host.
4 In the Recommended Images dialog box, select a recommended image by clicking the
respective radio button and click Continue.
The recommended image is based on the latest ESXi version within the current release series.
For example, if the ESXi version in your current image is 7.0, this option might include ESXi
version 7.0 Update 3 and a related vendor add-on. The recommended image cannot contain
ESXi 8.0 or any other minor release version within the 8.0 release series.
The selected image is imported to the cluster or the standalone host as a draft. The Edit
Image card appears.
5 (Optional) Edit the image and validate the new image set-up.
6 Click Save.
If you do not save the image, it is saved as a draft. The next time you start editing the image
for that cluster or host, you can use the draft as a starting point.
Results
The recommended image is saved for that cluster or host. If a draft exists for the cluster or the
host, the draft is overridden by the recommended image. No software is installed on the hosts in
the cluster or on the standalone host at this stage.
What to do next
To apply the software specification that the image defines, remediate the cluster or the host
against the new image. See Run a Remediation Pre-Check for a Cluster, a Host Within a Cluster,
or a Standalone Host and Remediating a Cluster or a Standalone Host Against a Single Image.
In earlier vSphere releases, you could perform firmware updates on vSAN clusters by using
system-managed baselines. For non-vSAN clusters, firmware updates had to be manual.
vSphere Lifecycle Manager enables you to easily update the firmware in any cluster or host that
you manage with a single image. Firmware updates are not available for clusters or hosts that
you manage with baselines.
To apply firmware updates to the hosts in a cluster or to the standalone host that you manage
with a single image, you must include a special type of add-on, the firmware and drivers add-on,
in the image and remediate the cluster or the host to apply the image to the hosts. The firmware
and drivers add-on is a vendor-provided add-on that contains the components that encapsulate
firmware update packages. The firmware and drivers add-on might also contain the necessary
drivers.
Unlike vendor add-ons, firmware and drivers add-ons are not distributed through the official
VMware online depot or as offline bundles available at https://my.vmware.com. For a given
hardware vendor, firmware updates are available in a special vendor depot, whose content you
access through a software module called a hardware support manager. The hardware support
manager is a plug-in that registers itself as a vCenter Server extension. Each hardware vendor
provides and manages a separate hardware support manager that integrates with vSphere. For
each cluster or host that you manage with a single image, you select the hardware support
manager that provides the firmware updates for the cluster or the host. After you determine the
hardware support manager that you want to use for a cluster or a standalone host, the hardware
support manager provides you with a list of the available firmware updates. When you select
and include a firmware add-on to an image, that add-on might modify the specified image by
adding or removing components. The firmware add-on also defines the firmware versions to be
installed on the hosts. During remediation, vSphere Lifecycle Manager applies the image to the
hosts and requests the selected hardware support manager to update the firmware on the hosts
in accordance with the firmware add-on specified in the image.
Selecting a hardware support manager and including a firmware add-on in your image
guarantees that during a compliance check, vSphere Lifecycle Manager also determines the
firmware compliance for the cluster or the host. So, you can easily detect and remediate any
unwanted drifts. The hardware support manager is also responsible for retrieving the firmware
versions on the host hardware, and, in some cases, determining the appropriate drivers for the
updated firmware version.
For vSAN clusters, the hardware support manager inspects the hosts in the cluster to determine
their current I/O device controllers and firmware. During a hardware compatibility check for the
cluster, vSphere Lifecycle Manager checks whether the firmware in the image is compatible with
the hardware in the cluster as per vSAN Hardware Compatibility List (vSAN HCL). The hardware
compatibility check ensures that when vSphere Lifecycle Manager remediates the cluster and
applies the image to all hosts, the firmware and drivers on the hosts are certified for use with
vSAN.
Several of the major OEMs develop and supply hardware support managers. For example:
n Dell
The hardware support manager that Dell provides is part of their host management solution,
OpenManage Integration for VMware vCenter (OMIVV), which you deploy as an appliance.
n HPE
The hardware support managers that HPE provides are part of their management tools, iLO
Amplifier and OneView, which you deploy as appliances.
n Lenovo
The hardware support manager that Lenovo provides is part of their server management
solution, Lenovo XClarity Integrator for VMware vCenter, which you deploy as an appliance.
n Hitachi
The hardware support manager that Hitachi provides, Hitachi Unified Compute Platform
Advisor, is infrastructure automation and management software for all Hitachi converged,
hyperconverged, and integrated systems, which you deploy as an appliance.
n Cisco
The hardware support manager that Cisco provides is integrated with Cisco Intersight
Infrastructure Service, which is part of Cisco Intersight and you activate the hardware support
manager from within the Cisco Intersight SaaS-based management platform. No additional
appliances are required on your vCenter Server instance.
You can find the full list of all VMware-certified hardware support managers in the
VMware Compatibility Guide at https://www.vmware.com/resources/compatibility/search.php?
deviceCategory=hsm.
Note If vCenter Server is configured with a proxy for internet access, the proxy must be
able to reach any hardware support manager registered with that vCenter Server instance. You
must either assign the hardware support manager a private IP address within the 10.x.x.x
range, which is automatically exempt from proxy use, or enable a direct access to the registered
hardware support manager by configuring the proxy settings with an exception for its IP address.
After you deploy the appliance, you must power on the appliance virtual machine and register
the appliance as a vCenter Server extension. You might need to log in to the appliance as an
administrator. Each hardware support manager might register with only one or multiple vCenter
Server systems.
A vCenter Server plug-in user interface might become available in the vSphere Client after you
deploy a hardware support manager appliance, but the hardware support manager might also
have a separate user interface of its own. For example, OMIVV, iLO Amplifier, and Lenovo
XClarity Integrator for VMware vCenter all have a vCenter Server plug-in user interface, which
helps you configure and work with the respective hardware support manager.
Each hardware support manager has its own mechanism of managing the actual firmware
packages and making firmware add-ons available for you to choose.
The successful integration between the hardware support manager and vSphere Lifecycle
Manager might require a specific configuration of the hardware support manager. For example,
with OMIVV, you must first create a connection profile. Then, you must create a cluster profile
and associate it with a cluster before you can add a firmware add-on from Dell to the image for
that cluster.
For detailed information about deploying, configuring, and managing hardware support
managers, refer to the respective OEM-provided documentation.
Prerequisites
n If you use the hardware support manager provided by Dell, create a cluster profile and
associate it with the cluster. For more information, review the OpenManage Integration for
VMware vCenter (OMIVV) documentation.
n Verify that all hosts in the cluster are from the same vendor.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a cluster or a standalone host that you manage with a
single image.
4 In the Edit Image card, for the Firmware and Drivers Addon, click Select.
5 In the Firmware and Drivers Addon dialog box, select a hardware support manager from the
drop-down menu.
The selected hardware support manager must be from the same hardware vendor as
the hosts in the cluster or as the standalone host. Otherwise, during a compliance check,
the hardware support manager reports the selected firmware and drivers add-on to be
incompatible with the host or hosts that are from a different vendor. Firmware remediation
fails.
An information panel appears on the right. The panel contains information about the
supported ESXi versions and whether the selected add-on contains the necessary drivers.
7 Click Select.
After the image is saved, a compliance check against the new image is triggered for the
cluster or host.
9 In the Image Compliance card, review the compliance check results for the cluster and for the
host.
10 If any host in the cluster or the standalone host has firmware that is non-compliant with the
new image firmware, remediate the respective host or the cluster.
a (Optional) In the Image Compliance card, run a remediation pre-check to ensure that
remediation finishes successfully.
n To run a pre-check for all hosts in the cluster, click the Run Pre-check button.
n To run a pre-check for a single host in the cluster, click the vertical ellipsis icon for the
host and select Run Pre-check.
n To remediate all hosts in the cluster, click the Remediate All button.
During cluster remediation, if the remediation of a single host fails, the remediation for
the cluster ends prematurely.
n To remediate a single host, click the vertical ellipsis icon for the host and select
Remediate.
You are not obliged to start remediation immediately after setting up an image for a cluster
or a standalone host. However, nothing is installed on the hosts unless you remediate them
against the image for the cluster or the host. The firmware on the hosts is actually updated
only after successful remediation. You can remediate the objects in your environment at any
time that is convenient for you.
Results
The firmware on the hosts in the cluster or the standalone host is updated to the firmware
version specified in the firmware add-on for the image.
With vSphere Lifecycle Manager, you can perform the following tasks.
In general, hardware incompatibilities do not prevent remediation and are not resolved upon
remediation. However, you can configure vSphere Lifecycle Manager to prevent remediation
when hardware compatibility issues exist for a cluster. For information about configuring
the global vSphere Lifecycle Manager remediation settings, see Configure vSphere Lifecycle
Manager Remediation Settings for Clusters or Standalone Hosts that You Manage with A Single
Image . For information about configuring the remediation settings for a particular cluster, see
Override the Global vSphere Lifecycle Manager Remediation Settings for a Cluster That You
Manage with a Single Image.
Cluster-level hardware compatibility checks are available only for vSAN clusters that you manage
with a single image. If a vSAN cluster uses baselines, hardware compatibility checks are
not available. Also, if a cluster uses a single vSphere Lifecycle Manager image but vSAN is
not enabled for that cluster, hardware compatibility checks for that cluster are not available.
Hardware compatibility checks for vSAN clusters are performed against the vSAN HCL.
To perform a hardware compatibility check for a vSAN cluster, the vSAN HCL data that is
available to vSphere Lifecycle Manager must be up to date. vSAN HCL data is synchronized
automatically or, in environments without connection to the Internet, manually. For more
information about maintaining the vSAN HCL data up-to-date, see the vSAN documentation.
When you initiate a hardware compatibility check for a cluster, vSphere Lifecycle Manager scans
the image and verifies that all elements of the image are compatible with the hardware of
all hosts within the cluster. vSphere Lifecycle Manager validates only those hardware devices
that vSAN uses. Because cluster-level hardware compatibility checks validate the compatibility
between the cluster hardware and the cluster image, the compatibility results might not be
accurate unless you remediate the cluster successfully and apply the image to all hosts in the
cluster.
Note vSphere Lifecycle Manager performs the full driver and firmware verification of PCI
devices and disk drives only if you configure vSphere Lifecycle Manager with a hardware support
manager and add a firmware add-on to the vSphere Lifecycle Manager image. Without using a
hardware support manager, vSphere Lifecycle Manager only validates the PCI and NIC devices
and their respective driver versions, and the disk drive version.
Hardware compatibility issues are reported as warnings, and as such, they do not prevent you
from remediating the hosts in the cluster against the image unless you change that behavior by
editing the remediation settings for the cluster. For information about configuring remediation
settings for a cluster, see Configure vSphere Lifecycle Manager Remediation Settings for Clusters
or Standalone Hosts that You Manage with A Single Image and Override the Global vSphere
Lifecycle Manager Remediation Settings for a Cluster That You Manage with a Single Image.
Depending on the type of device, during a hardware compatibility check for a cluster,
vSphere Lifecycle Manager performs different validations and verifications during a hardware
compatibility check.
Storage I/O controllers For storage I/O controllers, vSphere Lifecycle Manager
performs the following verifications:
n Verifies that all storage device controllers are certified
for use with the ESXi version specified in the image.
n Verifies that the image contains the correct storage
device driver and firmware versions as per the vSAN
HCL.
n Suggests a compatible storage device driver and
firmware version combination as per the vSAN HCL.
Network controllers For NIC devices, vSphere Lifecycle Manager performs the
following verifications:
n Verifies that the physical RDMA-enabled NICs on the
hosts in the cluster are certified for use with the ESXi
version specified in the image as per the vSAN HCL.
n Verifies that the image that the cluster uses contains
the correct NIC driver and firmware versions as per the
vSAN HCL.
n Suggests a compatible NIC driver and firmware version
combination for the cluster as per the vSAN HCL.
n Verifies that the device is certified for all active features
that are enabled on that device.
Disk drives For disk drives, vSphere Lifecycle Manager performs the
following verifications:
n Verifies that all disk drives in the cluster are certified for
use with the ESXi version specified in the image as per
vSAN HCL.
n Verifies that the disk drive firmware version specified
in the image for the cluster is equal to or higher than
the earliest supported firmware version for the device
as per vSAN HCL.
When a solution or service, for example vSAN or NSX, enables a set of features on a device,
those features impose certain hardware compatibility constraints upon the device. The device
must be certified for those active features that vSAN uses. During a hardware compatibility
check, in addition to validating the driver and firmware combination for a PCI device, vSphere
Lifecycle Manager also validates the constraints that the active features impose on that device.
So, by running a hardware compatibility check, you ensure that only certified features are
enabled on the devices in the vSAN cluster. You don't get compatibility issues for features that
are not enabled on the device.
When the set of active features for a device changes, you must re-run the hardware compatibility
check to get correct compliance results.
Compliant
A device is compliant when it is compatible with the ESXi version and the driver and firmware
version defined in the cluster for the image. For PCI devices, the driver-firmware version
combination must also be certified for all active features enabled on the respective device.
Non-compliant
A device is non-compliant when it is incompatible with the ESXi, driver, or firmware version
defined in the cluster for the image. Additionally, PCI devices are non-compliant when the
driver-firmware version combination is not certified for all active features enabled on the
respective device.
If a device is not present in the vSAN HCL at all, vSphere Lifecycle Manager marks the device
as non-compliant.
Unavailable
The hardware compatibility status for a NIC device is unavailable in the following cases:
n Compatibility information for PCI devices is unavailable if the vSAN HCL data is not
updated and does not contain information about the constraints imposed upon a device
by the active features that are enabled on that device.
n The cluster has no hosts or some hosts in the cluster are inaccessible.
n No hardware support manager is registered in vCenter Server or the image for the cluster
does not contain a firmware and drivers add-on.
For information about hardware compatibility checks and instructions how to manually perform a
hardware compatibility check for a cluster or for a single host, see Chapter 7 vSphere Lifecycle
Manager Hardware Compatibility Checks for Clusters and Hosts.
Changes in the vSAN HCL database might make your hardware compatibility results invalid
and outdated. To provide you with valid hardware compatibility information, vSphere Lifecycle
Manager runs a periodic hardware compatibility check against the latest vSAN HCL data.
The periodic hardware compatibility check is a preconfigured scheduled task that you can edit
and force to run at any time. By default, the task runs every 24 hours. The scheduled task
is configured at a vCenter Server level. If a vCenter Server system contains no vSAN clusters
that you manage with a single image, vSphere Lifecycle Manager skips the scheduled hardware
compatibility check. This periodic task runs only for vSAN clusters that you manage with a single
image.
n You edit the image for the cluster and save the image.
When you edit and save an image, vSphere Lifecycle Manager starts the Check hardware
compatibility of cluster's host with image task even for clusters without vSAN. In such case,
vSphere Lifecycle Manager only returns a warning that image hardware compatibility is not
verified in non- vSAN clusters.
If the automatically triggered hardware compatibility task fails, you can still save the new
image for the cluster.
The hardware compatibility check is a part of the remediation pre-check and remediation
task for vSAN clusters. If a cluster is not vSAN-enabled, vSphere Lifecycle Manager does
not perform a hardware compatibility check when you initiate a remediation pre-check or
remediation.
You can configure how vSphere Lifecycle Manager behaves in case of hardware compatibility
issues by editing the remediation settings for the cluster. For information about configuring
remediation settings for a cluster, see Configure vSphere Lifecycle Manager Remediation
Settings for Clusters or Standalone Hosts that You Manage with A Single Image and Override
the Global vSphere Lifecycle Manager Remediation Settings for a Cluster That You Manage
with a Single Image.
When you add or remove a host to and from the cluster, vSphere Lifecycle Manager
invalidates the hardware compatibility check results for the cluster and issues a warning.
You must rerun a hardware compatibility check to obtain valid information about potential
hardware compatibility issues. Alternatively, you can remediate the cluster or run a
remediation pre-check, which both automatically trigger a hardware compatibility check.
NIC validation
Starting with vSphere 8.0, hardware compatibility checks for vSAN clusters are enhanced to
incorporate NIC validation against the vSAN HCL. Determining the compatibility between the
NICs in a vSAN cluster and the software defined in the image that the cluster uses is crucial to a
successful cluster upgrade.
During a hardware compatibility check, for each NIC device, vSphere Lifecycle Manager verifies
that the driver and firmware version combination defined in the image for the cluster is certified
for use with all active features enabled on the device.
For NIC devices, vSphere Lifecycle Manager checks the exact firmware version during the
hardware compatibility check.
In a vSAN cluster, during a hardware compatibility check, vSphere Lifecycle Manager validates
only the RDMA-capable NICs that vSAN uses. That is, if a host has a RDMA-capable NIC but the
NIC is not in use, vSphere Lifecycle Manager does not calculate the hardware compatibility of
that device. vSphere Lifecycle Manager does not validate non-RDMA NICs. Non-RDMA NICs in
use by vSAN need no certification and therefore vSphere Lifecycle Manager does not validate
them during a hardware compatibility check.
The disk drives in a vSAN cluster and the firmware installed on the drives are of paramount
importance for the overall vSAN cluster health. For example, a faulty disk drive firmware might
cause performance issues and unexpected vSAN input-output behavior. You can use vSphere
Lifecycle Manager hardware support managers to perform disk drive firmware upgrades. Before
you upgrade the disk drive firmware, however, you must ensure that the target firmware version
is supported as per the vSAN HCL.
Note For SAS and SATA disk drives, the vSAN HCL lists the earliest supported firmware version.
All firmware versions later than the specified in the vSAN HCL are supported. For NVMe devices
behind a VMD controller, the vSAN HCL lists the exact driver-firmware combination certified for
use with a given ESXi base image version. Only that specific driver-firmware version combination
listed in the vSAN HCL is supported.
n HDD (SAS/SATA)
n SSD (SAS/SATA)
Note vSphere Lifecycle Manager treats NVMe devices that are not VMD-enabled as PCI
storage controllers. In the vSphere Client, hardware compatibility information about NVMe
devices that are not VMD-enabled is available on the PCI Devices tab and not on the Disks
tab.
n For validation of NVMe devices behind a VMD controller, vCenter Server 8.0 and later and
ESXi 8.0 and later
Important Hardware compatibility checks do not validate NVMe devices behind a VMD
controller, if the ESXi version of the hosts is earlier than 8.0. If you want to check the
hardware compatibility of NVMe devices behind a VMD controller for hosts running an earlier
version of ESXi, for example 7.0 Update 3, you have the following workarounds:
n Override manually the compliance status of the NVMe device behind a VMD controller.
For more information about the RAID and mixed mode, see the VMware knowledge base
article at https://kb.vmware.com/s/article/53573.
n The hardware support manager must be upgraded and certified to work with vSphere 7.0
Update 3.
If the you do not use an upgraded version of the hardware support manager, the compliance
status of the physical drives behind RAID-0 logical volumes is unknown. In this case, you
must manually validate the disk drives and the target firmware version and override the
compliance status for those disks.
Disk drives can be compliant or non-compliant. In the cases when vSphere Lifecycle Manager
cannot find a unique match for a disk device in the vSAN HCL, vSphere Lifecycle Manager
prompts you to manually specify the exact device that you want to validate. vSphere Lifecycle
Manager then calculates the compliance status based on your selection.
When vSphere Lifecycle Manager is unable to determine the disk drive compliance, the
respective devices are listed as non-compliant. You can manually validate those devices and
set the compliance status to compliant or non-compliant. For more information, see Change the
Compliance Status of a Disk Device Manually.
For each entry in the disk device list, you can view summarized information about the disk, the
compliance status, the number of affected hosts, and a label that shows whether the compliance
status is manually set or whether the device is certified. The Used by vSAN label is attached to all
disk devices that vSAN uses.
If you expand the entry, you can view detailed compliance information about the respective disk
device and the affected hosts.
When a new disk is added to a vSAN cluster, you must manually re-run the check to obtain
the new compliance information about the cluster. Similarly, if you remove a disk from the vSAN
disk group, you must re-run the hardware compatibility check to obtain an updated compliance
information about the cluster.
Prerequisites
n Verify that all hosts in the cluster are from the same vendor.
n To validate the compatibility between the PCI device and disk device hardware and target
firmware version, verify that the image for the cluster includes a firmware add-on.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a vSAN cluster that you manage with a single image.
In the Hardware Compatibility pane, you see the results from the previous compatibility
check.
Results
vSphere Lifecycle Manager displays all compatibility information and issues in the Hardware
Compatibility pane. You can see detailed compatibility information for each PCI device or disk
drive.
What to do next
In cases when the compliance status of a disk drive is unavailable, you must perform the
hardware compatibility check manually and mark the device as compliant or non-compliant.
Prerequisites
n Verify that all hosts in the cluster are from the same vendor.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
1 In the vSphere Client, navigate to a vSAN cluster that you manage with a single image.
In the Hardware Compatibility pane, you see the results from the previous compatibility
check.
4 Click the disk device whose compliance status you want to override.
7 (Optional) To undo the override selection, select Don't Override from the Change
Classification drop-down menu.
Results
You changed the compliance status of a disk device. However, the disk device remains in its
original list until you run a new hardware compatibility check.
If you marked the device as verified, a User Reviewed label appears for the disk group.
If you marked the device as non-compliant, a Flagged label appears for the disk group.
What to do next
Run a new hardware compatibility check so that the new compliance status for a disk is saved.
You can check the hardware compatibility of any host, whether it is in a cluster that uses a
single image or baselines. You can also check the hardware compatibility of a standalone host.
Host-level hardware compatibility checks don't validate the firmware on the host, even if it is part
of a cluster that you manage with a single image or if it is a standalone host that you manage
with a vSphere Lifecycle Manager image.
After the hardware compatibility check, vSphere Lifecycle Manager shows the compliance
status for the server and hardware devices. The server and devices might have one of the
three different states: compatible, incompatible, and unknown. For more information about
compatibility statuses, see Hardware Compatibility Report for a Host.
If the server status is incompatible, vSphere Lifecycle Manager does not proceed with checking
the compatibility for the hardware devices.
Prerequisites
n If needed, synchronize hardware compatibility data. See Sync Hardware Compatibility Data.
n Verify that you have the proper privileges. See vSphere Lifecycle Manager Privileges For
Using Images.
Procedure
n To run a hardware compatibility check for the host for the first time, select a target ESXi
from the drop-down menu and click Apply.
n To check the hardware compatibility between the host and the already selected target
ESXi version, click Re-run Checks.
n To choose a new target ESXi version for the hardware compatibility check, click Edit and
select a new target ESXi version.
n To export the hardware compatibility report in a CSV format, click the Export button.
Results
vSphere Lifecycle Manager displays the result from the compatibility check. You can see a list of
the compatible, incompatible, and unknown devices. For each device, you can see full details by
clicking the expand button.
This compatibility status indicates that there are no records for the selected ESXi version
in the VCG. If the host is not compatible with the selected ESXi version, vSphere Lifecycle
Manager does not proceed to checking the compatibility of the devices.
In the Host Model Compatibility card, you can see details about the host: server model name,
CPU model, and the BIOS version running on the host. At the bottom of the card, you see a
list of all certified CPU series for the target ESXi version.
This compatibility status indicates that the host is certified for use with the selected ESXi
version as per VCG. When the host is compatible, vSphere Lifecycle Manager proceeds with
the device validation.
In the Host Model Compatibility card, you can see details about the host: server model name,
CPU model, and the BIOS version running on the host. Because in VCG the information about
CPUs is based on CPU series, and not specific models, you might need to manually check if
the CPU of the host is part of the supported CPU series. You might also need to manually
check if the BIOS version on the host matches any of the compatible BIOS versions for the
CPU series as per VCG.
Hardware Compatibility Checks Not Supported for the Host Vendor Model
When the server model is not part of the list of certified OEMs, vSphere Lifecycle
Manager does not perform a hardware compatibility check and you do not see a hardware
compatibility report for the selected host.
Unknown
Unknown devices are devices for which no records exist in VCG. When you click the expand
button for the device, you see the following device information: device IDs, driver and
firmware currently running on the device. No compatibility data is generated and displayed.
The unknown status might also indicate that multiple matches exist in the VCG for the
respective device. In such cases, use the device ID to manually check if the hardware device
matches any of the supported devices for the target ESXi version in the VCG.
Incompatible
The incompatible status indicates that no records exist in the VCG for the selected ESXi
version. When you click the expand button for the device, you see information about the
ESXi versions that are compatible with the device as per VCG.
Compatible
The compatible status indicates that the device is compatible with the selected ESXi version
as per VCG. When you click the expand button for the device, you see the following device
information: device IDs, driver and firmware currently running on the device. For compatible
devices, you might need to manually confirm that the driver-firmware combination running on
the device is supported as per VCG.
Synchronizing compatibility ensures that the compatibility information from VCG becomes
available to vSphere Lifecycle Manager. The synchronization task is not automated. When no
compatibility data is available for use to vSphere Lifecycle Manager, you must trigger the
compatibility data synchronization manually.
vSAN HCL data is not updated through synchronization. If you want to check the hardware
compatibility of a host that is in a vSAN cluster, you must first verify that vSAN HCL data is up to
date. For more information about updating vSAN HCL data, see the vSAN documentation.
Prerequisites
n vvs.esp.vmware.com
n auth.esp.vmware.com
Procedure
4 In the Sync hardware compatibility data dialog box, click Go to Lifecycle Manager.
The Update HCL data task appears in the Recent Taks pane.
Results
After the Update HCL data task finishes, the compatibility data from the VCG becomes available
to vSphere Lifecycle Manager.
What to do next
Check the hardware compatibility of your hosts against VCG before you update or upgrade them
to a later ESXi version.
1 Populate the vSphere Lifecycle Manager repository with patches, extensions, and updates.
The vSphere Lifecycle Manager repository contains software updates that you can use with
both vSphere Lifecycle Manager baselines and vSphere Lifecycle Manager images. On the
Updates tab of the vSphere Lifecycle Manager home view, you see all software updates
available in the vSphere Lifecycle Manager depot as bulletins.
Updates get into the vSphere Lifecycle Manager local depot through synchronization with
configurable download sources. By default, vSphere Lifecycle Manager is configured to
synchronize updates from the official VMware depot.
For host upgrade operations through baselines, you use ESXi ISO images, which you must
also import to the vSphere Lifecycle Manager depot manually.
For more information about working with the vSphere Lifecycle Manager depot, see Chapter
2 The vSphere Lifecycle Manager Depot.
2 Create baselines by combining bulletins from the depot and using manually uploaded ESXi
ISO images.
You can also combine several non-conflicting baselines to create a baseline group. Baseline
groups can contain different types of baselines. If a baseline group contains both upgrade
and patch or extension baselines, the upgrade runs first.
For more information about creating baselines and baseline groups, see Types of vSphere
Lifecycle Manager Baselines and Baseline Groups.
3 Attach the baselines to individual ESXi hosts or container objects for ESXi hosts.
For more information, see Attach Baselines and Baseline Groups to Objects.
4 Check the compliance of ESXi hosts against a selected baseline or baseline group.
You can run a compliance check on an individual ESXi host or a container object.
For more information about compliance checks against baselines and baseline groups, see
Checking Compliance Against vSphere Lifecycle Manager Baselines and Baseline Groups.
For more information about compliance states, see Viewing Compliance Information About
ESXi Hosts and Updates.
6 Optionally, you can stage the patches and extensions to ESXi hosts before remediation.
Staging is not a mandatory step, it is a step that you can skip.
For more information about staging updates before remediation, see Stage Patches and
Extensions to ESXi Hosts.
7 Remediate the non-compliant objects. After remediation, you can review the compliance
status again to make sure that the updates are installed.
For more information about remediating objects against baselines and baseline groups, see
Remediating ESXi Hosts Against vSphere Lifecycle Manager Baselines and Baseline Groups .
n Create, Edit, or Delete vSphere Lifecycle Manager Baselines and Baseline Groups
n Checking Compliance Against vSphere Lifecycle Manager Baselines and Baseline Groups
n Remediating ESXi Hosts Against vSphere Lifecycle Manager Baselines and Baseline Groups
n Using vSphere Lifecycle Manager to Migrate an NSX Virtual Distributed Switch to a vSphere
Distributed Switch
When you initiate a compliance check for an ESXi host, you evaluate it against baselines and
baseline groups to determine its level of compliance to those baselines or baseline groups.
If your vCenter Server system is connected to other vCenter Server systems by a common
vCenter Single Sign-On domain, the baselines and baseline groups that you create and manage
are applicable only to the inventory objects managed by the vCenter Server system where the
selected vSphere Lifecycle Manager instance runs.
In the vSphere Client, the baselines and baseline groups are displayed on the Baselines tab of the
vSphere Lifecycle Manager home view.
Predefined baselines cannot be edited or deleted, you can only attach or detach them to
inventory objects.
The Host Security Patches baseline checks ESXi hosts for compliance with all security
patches.
The Critical Host Patches baseline checks ESXi hosts for compliance with all critical
patches.
The Non-Critical Host Patches baseline checks ESXi hosts for compliance with all optional
patches.
The Host Security Patches, and Critical Host Patches predefined baselines are attached by
default to the vCenter Server instance where vSphere Lifecycle Manager runs.
Recommendation Baselines
You use recommendation baselines to update your vSAN clusters with recommended critical
patches, drivers, updates, or the latest supported ESXi host version for vSAN.
These baselines appear by default when you use vSAN clusters with ESXi hosts of version 6.0
Update 2 and later in your vSphere inventory. If your vSphere environment does not contain
any vSAN clusters, no recommendation baselines are created.
Custom Baselines
Custom baselines are the baselines that you create. You can create custom patch, extension,
and upgrade baselines to meet the needs of your specific deployment.
Host upgrade baselines define the version to which you upgrade the hosts in your
environment. With vSphere Lifecycle Manager 8.0, you can upgrade ESXi hosts from version
6.7 and 7.0 to ESXi 8.0. Host upgrades to ESXi 5.x, ESXi 6.7, or ESXi 7.0 are not supported. In
case of an unsuccessful upgrade from ESXi 6.7 or ESXi 7.0 to ESXi 8.0, you cannot roll back
to your previous ESXi 6.7 or ESXi 7.0 instance.
To create an upgrade baseline, you must first import an ESXi ISO image to the vCenter Server
inventory. You can use the ESXi installer image distributed by VMware with the name format
VMware-VMvisor-Installer-8.0-build_number.x86_64.iso or a custom image created
by using vSphere ESXi Image Builder. You can also use ISO images created and distributed by
OEMs.
Patch Baselines
Patch baselines define a number of patches that must be applied to a given host. Patch
baselines can be either dynamic or fixed.
Baseline Description
Dynamic Patch A dynamic baseline is a set of patches that meet certain criteria. You specify the criteria for patch
Baseline inclusion in the baseline. Only the patches that meet the criteria are included in the baseline. As the
set of available patches in the vSphere Lifecycle Manager depot changes, dynamic baselines are
updated as well. You can manually include or exclude patches from the baseline.
Fixed Patch A fixed baseline is a set of patches that does not change as patch availability in the depot
Baseline changes. You manually select the patches from the total set of patches available in the vSphere
Lifecycle Manager depot.
Extension Baselines
Extension baselines contain additional software modules for ESXi hosts, for example device
drivers. This additional software might be VMware software or third-party software. All third-
party software for ESXi hosts is classified as host extension, but extensions are not restricted
to just third-party software.You can install additional modules by using extension baselines,
and update the installed modules by using patch baselines.
Extensions deliver additional host features, updated drivers for hardware, Common
Information Model (CIM) providers for managing third-party modules on the host,
improvements to the performance or usability of the existing host features, and so on.
The host extension baselines that you create are always fixed. You must carefully select the
appropriate extensions for the ESXi hosts in your environment.
You use extension baselines to install extensions on the ESXi hosts in your environment. After
an extension is installed on a host, you can update the extension module through either
patch, or extension baselines.
Note When you use extension baselines, you must be aware of the functional implications
that the installation of new modules on the host might have. Extension modules might alter
the behavior of ESXihosts. During the installation of extensions, vSphere Lifecycle Manager
only performs the checks and verifications expressed at the package level.
Baseline Groups
You create a baseline group by assembling existing and non-conflicting baselines. Baseline
groups allow you to scan and remediate objects against multiple baselines at the same time.
The following are valid combinations of baselines that can make up a baseline group:
To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline
privilege. To attach baselines and baseline groups to target inventory objects, you must have the
Attach Baseline privilege. The privileges must be assigned on the vCenter Server system where
vSphere Lifecycle Manager runs.
For more information about managing users, groups, roles, and permissions, see the vSphere
Security vSphere Security documentation.
For a list of all vSphere Lifecycle Manager privileges and their descriptions, see vSphere Lifecycle
Manager Privileges For Using Baselines.
Starting with vSphere 7.0, some changes are also introduced in the way VMware content is
packaged. As a result, at patch and update releases, you might see additional bulletins on
the patch selection page of the Create Baseline and Edit Baseline wizards. Those bulletins
are usually of the Enhancement or BugFix category. When you include those bulletins in a
baseline, you might need to also include base ESXi bulletins in that baseline. To ensure successful
application of VMware patches and updates, always include the appropriate roll-up bulletin into
your baselines. Otherwise, remediation might fail.
Prerequisites
n To create an upgrade baseline, verify that you have an ESXi 8.0 image available in inventory.
For more information, see Import an ISO Image to the vSphere Lifecycle Manager Depot.
Procedure
1 In the vSphere Client, click the bars icon and select Lifecycle Manager.
2 (Optional) Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are connected
by a common vCenter Single Sign-On domain. By selecting a vCenter Server system, you
specify which vSphere Lifecycle Manager instance you want to administer.
If you want to create an upgrade baseline, you can start the Create Baseline wizard from the
Imported ISOs tab. Select an ESXi image from the list and click New Baseline.
4 On the Name and Description page, enter information about the baseline, select the baseline
type and click Next.
Patch Baseline To create a fixed patch baseline, perform the following steps:
a On the Select Patches Automatically page, stop the automatic updates
by deselecting the respective check box and click Next.
b On the Select Patches Manually page, select the patches that you want
to include in the baseline and click Next.
n To view only the rollup bulletins in the list, turn on the Show only
rollup updates toggle switch.
n To filter the patches that are available in the vSphere Lifecycle
Manager depot and find specific patches to include in the baseline,
use the filter icon next to each column header. If you use several
criteria to filter the patches, the relationship between those filter
criteria is defined by the Boolean operator AND.
c On the Summary page, review your selections and click Finish.
To create a dynamic patch baseline, perform the following steps:
a On the Select Patches Automatically page, set the criteria for adding
patches to the baseline.
1 Enable the automatic update of the baseline by selecting the
respective check box.
2 On the Criteria tab, specify the criteria that a patch must meet to be
added to the baseline and click Next.
You can use the filter icon next to each column header on the
Matched, Excluded, and Selected tabs to filter the patches that
are available in the vSphere Lifecycle Manager depot. This way,
you can easily find specific patches to exclude from or include in
the baseline. If you use several criteria to filter the patches, the
relationship between those filter criteria is defined by the Boolean
operator AND.
b On the Select Patches Manually page, select individual patches to
include in the baseline and click Next.
The patches that are displayed on this page are patches that do not
meet the criteria you set on the Select Patches Automatically page. You
can use the filter icon next to each column header to filter the patches
that are available in the vSphere Lifecycle Manager depot and find
specific patches to include in the baseline. If you use several criteria to
filter the patches, the relationship between those filter criteria is defined
by the Boolean operator AND.
The patches that you add manually to the dynamic baseline stay in the
baseline regardless of the automatically downloaded patches.
c On the Summary page, review your selections and click Finish.
Upgrade Baseline a On the Select ISO page, select an ESXi image from the list and click
Next.
b On the Summary page, review your selections and click Finish.
Extension Baseline a On the Select Extensions page, select individual extensions to include in
the baseline and click Next.
You can use the filter icon next to each column header to filter the
extensions that are available in the vSphere Lifecycle Manager depot
and find specific extensions to include in the baseline. If you use several
criteria to filter the patches, the relationship between those filter criteria
is defined by the Boolean operator AND.
b On the Summary page, review your selections and click Finish.
Results
The new baseline appears in the baselines list on the Baselines tab.You can attach the baseline to
a data center, a cluster, or a host.
A baseline group might contain a single host upgrade baseline and multiple patch or extension
baselines, or a combination of host patch and host extension baselines.
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
3 On the Name and Description page, enter a unique name and, optionally, a description for
the baseline group, and click Next.
4 (Optional) On the Upgrade Baseline page, select an upgrade baseline to include in the
baseline group and click Next .
a Select the Add the following Upgrade Baseline to the Group check box.
5 (Optional) On the Patch Baselines page, select patch baselines to include in the baseline
group and click Next.
6 (Optional) On the Extension Baselines page, select extension baselines to include in the
baseline group and click Next.
Results
The new host baseline group appears in the baselines list on the Baselines tab. You can attach
the baseline group to a data center, a cluster, or a host.
Prerequisites
Procedure
1 In the vSphere Client, click the bars icon and select Lifecycle Manager.
2 (Optional) Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are connected
by a common vCenter Single Sign-On domain. By selecting a vCenter Server system, you
specify which vSphere Lifecycle Manager instance you want to administer.
3 On the Baselines tab, select a baseline or a baseline group from the list and click Edit.
4 Follow the prompts to finish editing the selected baseline or baseline group.
What to do next
Attach the edited baseline or baseline group to a data center, a cluster, or a host.
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
You see a list of all updates in the vSphere Lifecycle Manager depot.
3 Select a patch or extension from the list, and click Add/Remove Baselines.
n To add the patch to a baseline, select that baseline in the Custom Patch Baselines list.
n To remove the patch from a baseline, deselect that baseline in the Custom Patch
Baselines list.
5 Click OK.
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
2 On the Baselines tab, select a baseline or a baseline group from the list and click Delete.
3 Click Yes to confirm the deletion of the selected baseline or baseline group.
You attach baselines and baseline groups to individual hosts or objects that contain hosts, such
as clusters, data centers, and vCenter Server instances. In the vSphere infrastructure hierarchy,
the baseline and baseline groups that you attach to container objects are also attached to the
child objects. For example, if you attach a baseline or baseline group to a folder, the baseline or
the baseline groups is inherited by all the objects in the folder, including subfolders.
You cannot use vSphere Lifecycle Manager to update the hosts in a cluster that uses a single
vSphere Lifecycle Manager image. For more information about using vSphere Lifecycle Manager
images to manage hosts in clusters collectively, see Chapter 6 How to Use vSphere Lifecycle
Manager Images .
Prerequisites
n If you want to attach a baseline or a baseline group to a cluster, verify that the cluster is not
configured to use a single image.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
3 In the Attached Baselines pane, click Attach > Attach Baseline or Baseline Group.
If you select a baseline group, all the baselines in it are attached to the object.
The selected baselines or baseline groups are attached to the object. They appear on the
list in the Attached Baselines pane. If the selected object is a container object, the selected
baselines or baseline groups are attached to all the child objects.
What to do next
vSphere inventory objects might have inherited properties, so instead of detaching baselines and
baseline groups directly from an object, you might need to select its container object and detach
the baselines or baseline groups from the container object. For example, if you want to detach
a baseline or a baseline group from a host that is a part of a cluster, you must select the cluster
and not the host.
Prerequisites
n Verify that the cluster is not configured to manage all its hosts collectively.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
3 In the Attached Baselines pane, select one or more baselines or baseline groups and click
Detach.
4 Select the object to detach the baseline or baseline group from and click Detach.
You use vSphere Lifecycle Manager to check the compliance status of ESXi hosts against the
baselines and baseline groups that you attach to the hosts or to a parent container object.
You do a compliance check on hosts to determine whether they have the latest patches or
extensions. During the compliance check, attributes of the host are evaluated against all patches,
extensions, and upgrades from an attached baseline or baseline group.
You can check the compliance status of a single ESXi host or a valid container object. Supported
groups of ESXi hosts include virtual infrastructure container objects such as folders, clusters, and
data centers. When you initiate a compliance check for a container object, vSphere Lifecycle
Manager scans all the ESXi hosts in that container object.
Note If you initiate a compliance check for an inventory object, for example data center,
that contains clusters that use vSphere Lifecycle Manager images, the compliance check is not
performed for those clusters. Operations
To generate compliance information, you can initiate compliance checks manually or you can
schedule the compliance checks to run at regular periods. Schedule compliance checks at a
data center or vCenter Server system level to make sure that the objects in your inventory are
up-to-date.
You check the compliance status of vSphere objects from the vSphere Lifecycle
Manager compliance view.
To initiate or schedule compliance checks, you must have the Scan for Applicable Patches,
Extensions, and Upgrades privilege.
For more information about managing users, groups, roles, and permissions, see the vSphere
Security documentation.
For a list of all vSphere Lifecycle Manager privileges and their descriptions, see vSphere Lifecycle
Manager Privileges For Using Baselines.
Prerequisites
If you want to check the compliance status of a cluster, verify that the cluster is not configured to
use a single image.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
The Baselines pane shows three panels. In those panels, you obtain host information about
the selected object, host compliance information, and remediation information.
Results
The selected inventory object and all child objects are scanned against all attached patch,
extension, and upgrade baselines. The larger the virtual infrastructure and the higher up in the
object hierarchy that you initiate the scan, the longer the scan takes.
Prerequisites
If you want to check the compliance status of a cluster, verify that the cluster is not configured to
use a single image.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
The Baselines pane shows three panels. In those panels, you obtain host information about
the selected object, host compliance information, and remediation information.
a Set the frequency and the starting point of the compliance check.
b Enter a unique name, and optionally, a description for the scan task.
c (Optional) Specify one or more email addresses to receive notification after the scan task
is complete.
You must configure mail settings for the vCenter Server system to enable this option.
For information about the different compliance statuses that an update might have, see
Compliance Statuses of Updates.
Prerequisites
n Verify that the host for which you want to view compliance information uses baselines and is
not managed with a single vSphere Lifecycle Manager image.
Procedure
1 In the vSphere Client, navigate to a single ESXi host, cluster, or a valid container object.
A new pane appears below the Attached Baselines and Baseline Groups pane. Depending
on the selected object, the bottom pane might contain information about the updates and
ESXi images in the baseline that you select. If the selected object is a container for ESXi
hosts, the bottom pane shows the compliance of each ESXi in the container object against
the selected baseline.
Patch The bottom pane contains a table that lists all patches in
the baseline. For each update, you can see the following
information.
n Update Name
n Update ID
VMware Certified
VMware Accepted
Partner Supported
Community Supported
The messages that vSphere Lifecycle Manager provides correspond to error or warning codes
from running the host upgrade precheck script.
For interactive installations and upgrades performed by using the ESXi installer, the errors or
warnings from the precheck script are displayed on the final panel of the installer, where you are
asked to confirm or cancel the installation or upgrade. For scripted installations and upgrades,
the errors or warnings are written to the installation log.
vSphere Lifecycle Manager displays scan result information in the bottom pane of the vSphere
Lifecycle Manager compliance view. To see the original errors and warnings returned by the
precheck script during an vSphere Lifecycle Manager host upgrade scan operation, review the
vSphere Lifecycle Manager log file.
Table 8-1. Scan Result Messages and Corresponding Error and Warning Codes
Host CPU is unsupported. New ESXi version This message appears if the host processor is 32-bit and
requires a 64-bit CPU with support for LAHF/ does not support required features.
SAHF instructions in long mode. The corresponding error code is
64BIT_LONGMODESTATUS.
Trusted boot is enabled on the host but the This message indicates that the host upgrade scan did not
upgrade does not contain the software package locate the esx-tboot VIB on the upgrade ISO.
esx-tboot. Upgrading the host will remove the The corresponding error code is TBOOT_REQUIRED
trusted boot feature.
VMkernel and Service Console network Warning. An IPv4 address was found on an enabled
interfaces are sharing the same subnet Service Console virtual NIC for which there is no
subnet_name. This configuration is not corresponding address in the same subnet in the
supported after upgrade. Only one interface vmkernel. A separate warning appears for each such
should connect to subnet subnet_name. occurrence.
The corresponding error code is COS_NETWORKING.
New ESXi version requires a minimum of The host must have at least two cores.
core_count processor cores. The corresponding error code is CPU_CORES.
Processor does not support hardware Host performance might be impaired if the host processor
virtualization or it is disabled in BIOS. does not support hardware virtualization or if hardware
Virtual machine performance may be slow. virtualization is not turned on in the host BIOS. Enable
hardware virtualization in the host machine boot options.
See your hardware vendor's documentation.
The corresponding error code is
HARDWARE_VIRTUALIZATION.
Table 8-1. Scan Result Messages and Corresponding Error and Warning Codes (continued)
Insufficient memory, minimum size_in_MB The host requires the specified amount of memory to
required for upgrade. upgrade.
The corresponding error code is MEMORY_SIZE.
Host upgrade validity checks for file_name are This test checks whether the precheck script itself can be
not successful. run.
The corresponding error code is PRECHECK_INITIALIZE.
The host partition layout is not suitable for Upgrade is possible only if there is at most one VMFS
upgrade. partition on the disk that is being upgraded and the VMFS
partition starts after sector 1843200.
The corresponding error code is PARTITION_LAYOUT.
The host does not have sufficient free space The host disk must have enough free space to store the
on a local VMFS datastore to back up current ESXi 5.x configuration between reboots.
host configuration. A minimum of size_in_MB is The corresponding error code is SPACE_AVAIL_CONFIG.
required.
The upgrade is not supported for current host Upgrading to ESXi 8.0 is possible only from ESXi 6.7 and
version. ESXi 7.0 hosts.
The corresponding error code is
SUPPORTED_ESX_VERSION.
Unsupported devices device_name found on the The script checks for unsupported devices. Some PCI
host. devices are not supported with ESXi 8.0.
The corresponding error code is UNSUPPORTED_DEVICES.
Host software configuration requires a reboot. To ensure a good bootbank for the upgrade, you must
Reboot the host and try upgrade again. reboot the hosts before remediation.
The corresponding error code is UPDATE_PENDING.
Table 8-1. Scan Result Messages and Corresponding Error and Warning Codes (continued)
In an environment with Cisco Nexus 1000V Distributed If Cisco's Virtual Ethernet Module (VEM) software is found
Virtual Switch, vSphere Lifecycle Manager displays on the host, the precheck script checks if the software is
different messages in different situations. For details, see part of the upgrade as well, and that the VEM supports
Host Upgrade Compliance Messages When Cisco Nexus the same version of the Virtual Supervisor Module (VSM)
1000V Is Present. as the existing version on the host. If the software is
missing or is compatible with a different version of the
VSM, the script returns a warning and the scan result
indicates the version of the VEM software that was
expected on the upgrade ISO, and the version, if any, that
was found on the ISO.
The corresponding error code is
DISTRIBUTED_VIRTUAL_SWITCH.
The host uses an EMC PowerPath multipathing The script checks for installation of EMC PowerPath
module file_name to access storage. The host software, consisting of a CIM module and a kernel module.
will not be able to access such storage after If either of these components is found on the host, the
upgrade. script verifies that matching components (CIM, VMkernel
module) also exist in the upgrade. If they do not, the
script returns a warning that indicates which PowerPath
components were expected on the upgrade ISO and
which, if any, were found.
The corresponding error code is POWERPATH.
vSphere Lifecycle Manager supports Cisco Nexus 1000V, a virtual access software switch that
works with VMware vSphere and consists of two components.
The control plane of the switch and a virtual machine that runs NX-OS.
vSphere Lifecycle Manager determines whether a host is managed by Cisco Nexus 1000V.
vSphere Lifecycle Manager verifies whether the Cisco Nexus 1000V VEM VIBs in the ESXi
upgrade image are compatible with the Cisco Nexus 1000V VSM that manages the host.
By using vSphere ESXi Image Builder, you can create custom ESXi images, which contain third-
party VIBs that are required for a successful remediation operation.
Table 8-2. Compliance Check Results for the Cisco Nexus 1000V Network Switch
The upgrade does not contain any Cisco Nexus A VEM VIB is not available on the ESXi 8.0 upgrade
1000V software package that is compatible with image.
the Cisco Nexus 1000V software package on
the host. Upgrading the host will remove the
feature from the host.
The host is currently added to a Cisco Nexus The VEM VIB on the ESXi 8.0 upgrade image is not
1000V virtual network switch. The upgrade compatible with the version of the VSM.
contains a Cisco Nexus 1000V software package
VIB_name that is incompatible with the Cisco
Nexus 1000V VSM. Upgrading the host will
remove the feature from the host.
The host is currently added to a Cisco Nexus The host and the image do not contain VEM VIBs, but the
1000V virtual network switch. The upgrade does host is still listed in vCenter Server as managed by Cisco
not contain any Cisco Nexus 1000V software Nexus 1000V.
package that is compatible with the Cisco
Nexus 1000V VSM. Upgrading the host will
remove the feature from the host.
Cannot determine whether the upgrade breaks There was a problem with determining compatibility
Cisco Nexus 1000V virtual network switch between the VEM VIB on the ESXi 8.0 upgrade image
feature on the host. If the host does not have and the VSM. Check whether the version of the VSM
the feature, you can ignore this warning. managing the host is certified as being compatible with
vCenter Server 8.0 and ESXi 8.0.
Supported groups of ESXi hosts include virtual infrastructure container objects such as folders,
clusters, and data centers.
The host or the container object must have an attached baseline or baseline group to be
examined for compliance information. Compliance with baselines and baseline groups is assessed
at the time of viewing.
The overall compliance status of an ESXi hosts depends on the compliance statuses of all
baselines and baseline groups that are attached to the object. For information about the different
compliance statuses that an object, a baseline or a baseline group might have, see Compliance
Statuses of ESXi Hosts, Baselines, and Baseline Groups .
The compliance status of a baseline depends on the compliance statuses of all updates in
the baseline. For information about the compliance statuses that updates might have, see
Compliance Statuses of Updates.
The ability to view the compliance status of vSphere objects depends on the privileges that
you have. To view the compliance status of an inventory object, you must have the View
Compliance Status privilege. Users that have privileges to remediate against patches, extensions,
and upgrades and to stage patches and extensions on a particular inventory object, can view
the compliance status of the same object even if they do not have the View Compliance Status
privilege.
n Users with the privilege to view a container, but not all the contents of the container, can
view the aggregate compliance status of all objects in the container.
n If a user does not have the permission to view an object, its contents, or a particular virtual
machine, the results of those scans are not displayed.
For more information about managing users, groups, roles, and permissions, see the vSphere
Security documentation.
For a list of all vSphere Lifecycle Manager privileges and their descriptions, see vSphere Lifecycle
Manager Privileges For Using Baselines.
For information about checking the compliance of hosts against an image, see Check the
Compliance of a Cluster Against a vSphere Lifecycle Manager Image.
The vSphere Lifecycle Manager compliance view for objects that you manage with baselines and
baseline groups consists of three panes.
Pane Description
For individual ESXi hosts, this panel shows information about the ESXi
version installed on the host. You can also view all updates that are
installed on the host.
For container objects, this panel shows information about the ESXi
versions of all hosts in the container object.
n Compliance Information panel
For individual ESXi hosts, this panel shows the overall compliance status
of the host against all attached baselines and baseline groups. You
can also view compliance information about the baselines and baseline
groups attached to the host.
For container objects, this panel shows the overall number of compliant
and non-compliant hosts.
This panel also shows the last time a compliance check was completed.
n Remediation Information panel
This panel shows the result of the remediation pre-check and indicates
whether the selected object is ready for remediation. The panel also
contains information about the issues that require user attention or
action.
This panel also shows the last time a remediation pre-check was
completed.
The information in the Baselines pane changes dynamically depending on
the inventory object, baselines, and baseline groups that you select.
Attached Baselines and Baseline Displays the baselines and baseline groups attached to the selected object.
Groups
Bottom pane The bottom pane appears when you select a baseline or a baseline group
from the Attached Baselines and Baseline Groups pane. The information in
this pane depends on the type of inventory object that you select.
For individual hosts, the bottom pane shows information about all updates
in the baseline or baseline group that you select from the Attached
Baselines and Baseline Groups pane.
n If you select a patch baseline or extension baseline, the bottom pane
shows a list of all updates that the selected baseline contains.
n If you select an upgrade baseline, the bottom pane shows information
about the ESXi image that the upgrade baseline contains.
n If you select a baseline group, the bottom pane shows all baselines
included in the group along with their compliance statuses. You can also
view all the updates that the baseline group contains. If the baseline
group contains an ESXi image, information about it is also displayed in
the bottom pane.
Pane Description
The compliance statuses of the updates in a baseline define the overall compliance status of that
baseline. For more information about baseline compliance statuses, see Compliance Statuses of
ESXi Hosts, Baselines, and Baseline Groups .
Conflict
The update conflicts with either an existing update on the host or another update in the
vSphere Lifecycle Manager depot. vSphere Lifecycle Manager reports the type of conflict. A
conflict does not indicate any problem on the target object. It just means that the current
baseline selection is in conflict. You can perform compliance checks, remediation, and staging
operations. In most cases, you must resolve the conflict.
The host update is a new module that provides software for the first time, but it is in
conflict with either an existing update on the host or another update in the vSphere Lifecycle
Manager depot. vSphere Lifecycle Manager reports the type of conflict. A conflict does not
indicate any problem on the target object. It just means that the current baseline selection
is in conflict. You can perform scan, remediation, and staging operations. In most cases, you
must resolve the conflict.
Incompatible Hardware
The hardware of the selected object is incompatible or has insufficient resources to support
the update. For example, when you perform a host upgrade scan against a 32-bit host or if a
host has insufficient RAM.
Installed
The update is installed on the target object and no further user action is required.
Missing
The update is applicable to the target object, but it is not yet installed. You must perform a
remediation on the target object with this update, so that the update becomes compliant.
Missing Package
The metadata for the update is in the depot, but the corresponding binary payload is missing.
The reasons can be that the product might not have an update for a given locale; the
vSphere Lifecycle Manager depot is corrupt, and vSphere Lifecycle Manager no longer has
Internet access to download updates; or you have manually deleted an upgrade package
from the vSphere Lifecycle Manager depot.
New Module
The update is a new module. An update with this compliance status cannot be installed
when it is part of a host patch baseline. When it is part of a host extension baseline, the
new module status indicates that the module is missing on the host and can be provisioned
by remediation. The compliance status of the baseline depends on the type of baseline
containing the update with the New Module status. If the baseline is a host patch baseline,
the overall status of the baseline is compliant. If the baseline is a host extension baseline, the
overall status of the baseline is non-compliant.
Not Applicable
The update is not applicable to the target object. A patch might have the not applicable
compliance status for one of the following reasons:
n There are other patches in the vSphere Lifecycle Manager depot that obsolete this patch.
Not Installable
The update cannot be installed. The compliance check might succeed, but the remediation of
the target object cannot be performed.
Obsoleted By Host
This compliance status is mainly applicable to patches. The target object has a newer version
of the patch. For example, if a patch has multiple versions, after you apply the latest version
to the host, the earlier versions of the patch have the Obsoleted By Host compliance status.
Staged
This compliance status applies to host patches and host extensions. It indicates that the
update is copied from the vSphere Lifecycle Manager depot to the host, but it is not yet
installed. Staged compliance status might occur only when you check the compliance status
of hosts running ESXi6.7 and later.
Unknown
A patch is in the unknown state for a target object until vSphere Lifecycle Manager
successfully scans the object. A scan might not succeed if the target object is of an
unsupported version, if vSphere Lifecycle Manager lacks metadata, or if the patch metadata
is corrupt.
Unsupported Upgrade
The upgrade path is not supported. For example, the current hardware version of the virtual
machine is later than the latest version supported by the host.
Compliant
The compliant status indicates that a vSphere object is compliant with all baselines in an attached
baseline group or with all patches, extensions, and upgrades in an attached baseline. The
compliant state requires no further action. If a baseline contains patches or upgrades that are
not relevant to the target object, the individual updates, and baselines or baseline groups that
contain them, are treated as not applicable, and represented as compliant. Compliant are also
hosts with attached patch baselines containing extensions or patches with the obsoleted by host
status.
n Target objects are compliant with the baselines and baseline groups when all updates in the
baseline or baseline group are either installed on the target object, obsoleted by host, or are
not applicable to the target object.
n The updates in a baseline are compliant when they are installed on the target object, or are
not applicable to the object.
Non-Compliant
The non-compliant status indicates that one or more baselines in a baseline group, or one or
more patches, extensions, or upgrades in a baseline are applicable to the target object, but are
not installed (missing) on the target. You must remediate the target object to make it compliant.
When a baseline contains a non-compliant update, the overall status of the baseline is non-
compliant. When a baseline group contains a non-compliant baseline, the overall status of
the baseline group is non-compliant. The non-compliant status takes precedence over the
incompatible, unknown, and compliant states.
Unknown
When you attach a baseline or a baseline group to a vSphere object and you do not initiate a
compliance check for the object, the status of the vSphere object against the baseline or baseline
group is unknown. This status indicates that a compliance check is required, that the compliance
check has failed, or that you initiated a compliance check on an unsupported platform.
When a baseline contains updates in the compliant and unknown states, the overall status of
the baseline is unknown. When a baseline group contains unknown baselines and compliant
baselines, the overall status of the baseline group is unknown. The unknown compliance status
takes precedence over the compliant status.
Incompatible
The incompatible status requires attention and further action. You must determine the reason for
incompatibility by probing further. You can remediate the objects that have this status, but the
operation might not be successful. In most cases,vSphere Lifecycle Manager provides sufficient
details for the incompatibility.
When a baseline contains updates in the incompatible, compliant, and unknown states, the
overall status of the baseline is incompatible. When a baseline group contains incompatible,
unknown, and compliant baselines, the overall status of the baseline group is incompatible. The
incompatible compliance status takes precedence over the compliant and unknown compliance
statuses.
Compliance checks provide information about the degree of compliance of an object with the
attached baselines and baseline groups.
In the compliance view for an object, you can view information about the compliance of the
object with the attached baselines and baselines groups. You can also view the individual
compliance statuses of the attached baselines and baseline groups. The compliance view
changes dynamically and depends on the object that you want to view compliance information
about. For a full description of the compliance information that you can obtain about an object,
seeThe vSphere Lifecycle Manager Compliance View.
For information about the different compliance statuses that an object might have, see
Compliance Statuses of ESXi Hosts, Baselines, and Baseline Groups .
Prerequisites
n Verify that the host for which you want to view compliance information uses baselines and is
not managed with a single vSphere Lifecycle Manager image.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
2 Select Hosts > Baselines and review the compliance information in the compliance view.
Results
To stage patches or extensions to hosts, first attach a patch or extension baseline or a baseline
group containing patches and extensions to the host. Staging patches and extensions does not
require that hosts enter maintenance mode.
With the vSphere Client, you can stage a single baseline, multiple baselines, or baseline groups to
a single host or a group of hosts in a container object.
Some limitations exist depending on the compliance status of the patches or extensions that you
want to stage.
Patches cannot be staged if they are obsoleted by other patches in the baselines or baseline
groups for the same stage operation. vSphere Lifecycle Manager stages only the patches that it
can install in a subsequent remediation process, based on the current compliance status of the
host. If a patch is obsoleted by patches in the same selected patch set, the obsoleted patch is
not staged.
If a patch is in conflict with the patches in the vSphere Lifecycle Manager depot and is not in
conflict with a host, after a compliance check, vSphere Lifecycle Manager reports this patch as a
conflicting one. You can still stage the patch to the host and after the stage operation, vSphere
Lifecycle Manager reports this patch as staged.
During the stage operation, vSphere Lifecycle Manager performs pre-scan and post-scan
operations and updates the compliance status of the baseline.
For more information about the different compliance statuses that an update might have, see
Compliance Statuses of Updates.
After you stage patches or extensions to hosts, you must remediate the hosts against all staged
patches or extensions.
After remediation finishes, the host deletes all staged patches or extensions from its cache
regardless of whether they were applied during the remediation. The compliance status of the
patches or extensions that were staged but not applied to the hosts reverts from Staged to its
previous value.
Important Staging patches and extensions is supported for hosts that are running ESXi 6.7
and later. You can stage patches to PXE booted ESXi hosts, but if the host is restarted before
remediation, the staged patches are lost and you must stage them again.
Prerequisites
n Attach a patch or extension baseline or a baseline group containing patches and extensions
to the host.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
4 Click Stage.
6 To view the patches or extensions that will download to the selected hosts, expand the Stage
list.
7 Click Stage.
Results
The staging operation starts. You can monitor the progress of the task in the Recent Tasks pane.
What to do next
After remediation, all staged patches and extensions, whether installed or not during the
remediation, are deleted from the host.
General Considerations
n vSphere Lifecycle Manager supports the remediation of ESXi hosts against patch, extension,
and upgrade baselines.
n You can initiate remediation manually or schedule a regular remediation task to run at a time
that is convenient for you.
n You can remediate a single ESXi host or multiple hosts in a container object. You can initiate
remediation at a folder, a cluster, a data center, and even vCenter Server level.
Note If you initiate remediation against a baseline for an object that contains clusters
that use a single vSphere Lifecycle Manager image, remediation is not performed on those
clusters.
n By default, the remediation process runs sequentially. That is, vSphere Lifecycle Manager
remediates the hosts in a cluster or another container object one by one. However, you can
configure vSphere Lifecycle Manager to remediate multiple hosts in parallel.
n To remediate vSphere objects against baselines or baseline groups, you must have the
Remediate to Apply Patches, Extensions, and Upgrades privilege. For more information
about managing users, groups, roles, and permissions, see the vSphere Security
documentation.
For a list of all vSphere Lifecycle Manager privileges and their descriptions, see vSphere
Lifecycle Manager Privileges For Using Baselines.
n If a vCenter HA failover is initiated during the remediation of a cluster, the remediation task is
canceled. After the failover finishes, you must restart the remediation task on the new node.
Orchestrated upgrades can be performed at a host, cluster, folder, or a data center level.
Instead of creating a baseline group, you can select and work with multiple baselines instead of
grouping them into a baseline group first.
Maintenance Mode
If the update requires it, vSphere Lifecycle Manager puts hosts into maintenance mode during
remediation. Virtual machines cannot run when a host is in maintenance mode. To ensure a
consistent user experience, vCenter Server migrates the virtual machines to other hosts within
the cluster before the host is put in maintenance mode. vCenter Server can migrate the virtual
machines if the cluster is configured for vMotion and if VMware Distributed Resource Scheduler
(DRS) and VMware Enhanced vMotion Compatibility (EVC) are enabled. However, EVC is not
a prerequisite for vMotion. EVC guarantees that the CPUs of the hosts are compatible. For
container objects or individual hosts that are not in a cluster, migration with vMotion cannot be
performed. After remediation, hosts exit maintenance mode. In case of failure during remediation,
hosts might be unable to exit maintenance mode.
Parallel Remediation
You can enable vSphere Lifecycle Manager to remediate in parallel the hosts within a cluster
that uses baselines. Parallel remediation reduces the time needed for patching or upgrading
the hosts in your environment. You can remediate in parallel only ESXi hosts that are already
in maintenance mode. During parallel remediation, hosts do not enter maintenance mode
automatically. Similarly, after remediation finishes, the hosts do not exit maintenance mode
automatically. To remediate hosts in parallel, you must manually enter and exit maintenance
mode. If you enable parallel remedation, vSphere Lifecycle Manager does not remediate the ESXi
hosts that are not in maintenance mode.
When you configure vSphere Lifecycle Manager to remediate hosts in parallel, you can set the
maximum number of hosts to be remediated in a single remediation task. Alternatively, you can
let vSphere Lifecycle Manager to remediate all hosts in maintenance mode in parallel.
When you remediate hosts in parallel, if the remediation of a single host fails, the remediation
task for the entire cluster does not stop and the rest of the hosts are remediated successfully.
After remediation finishes, vSphere Lifecycle Manager reports an error for the respective host.
Parallel remediation is deactivated by default, but you can enable it during remediation or in the
vSphere Lifecycle Manager general remediation settings.
Remediation Pre-Check
Before you remediate an object, you can perform a remediation pre-check on the object. During
that check, vSphere Lifecycle Manager identifies possible issues that might prevent successful
remediation and takes or suggests actions to fix the issues.
For more information about the possible issues that might prevent successful remediation, see
Remediation Pre-Check Report.
If there is any additional software installed on the PXE booted ESXi host, the software might be
lost if the host restarts. Update your image profile with the additional software so that it will be
present after the reboot.
To patch PXE booted ESXi hosts, you must enable the respective setting in the Edit Settings for
Host Remediation dialog box, which you open from the Settings tab in the vSphere Lifecycle
Manager home view.
The ESXi image on the host maintains two copies. The first copy is in the active boot and the
second one is in the standby boot. When you patch an ESXi host, vSphere Lifecycle Manager
creates an image based on the content of the active boot and the content of the patch. The new
ESXi image is then located in the standby boot and vSphere Lifecycle Manager designates the
active boot as the standby boot and reboots the host. When the ESXi host reboots, the active
boot contains the patched image and the standby boot contains the previous version of the ESXi
host image.
When you upgrade an ESXi host, vSphere Lifecycle Manager replaces the backup image of the
host with the new image and replaces the active boot and the standby boot. During the upgrade,
the layout of the disk that hosts the boots changes. The total disk space for an ESXi host remains
1GB, but the disk partition layout within that 1GB disk space changes to accommodate the new
size of the boots where the ESXi 8.0 image is stored.
For rollback purposes, the term update refers to all ESXi patches, updates, and upgrades. Each
time you update an ESXi host, a copy of the previous ESXi build is saved on your host.
If an update fails and the ESXi 8.0 host cannot boot from the new build, the host reverts to
booting from the original boot build. ESXi permits only one level of rollback. Only one previous
build can be saved at a time. In effect, each ESXi 8.0 host stores up to two builds, one boot build
and one standby build.
The remediation of ESXi 6.7 and 7.0 hosts to their respective ESXi update releases is a patching
process, while the remediation of ESXi hosts from version 6.7 or 7.0 to 8.0 is an upgrade process.
From the vSphere Lifecycle Manager settings, you can configure the host remediation process
to skip a host reboot during host patch and host upgrade operations. This configuration setting
is called Quick Boot. For more information about configuring the vSphere Lifecycle Manager
remediation settings, see Chapter 3 vSphere Lifecycle Manager Remediation Settings.
You can upgrade hosts by using custom ESXi images that contain third-party modules for
ESXi8.0. In such a case, third-party modules that are compatible with ESXi8.0 stay available on
the upgraded host.
Host upgrade in a high-latency network in which vSphere Lifecycle Manager and the hosts are at
different locations might take a few hours because the upgrade file is copied from the vSphere
Lifecycle Manager depot to the host before the upgrade. During this time, the host stays in
maintenance mode.
vSphere Lifecycle Manager 8.0 supports upgrade from ESXi 6.7 and ESXi 7.0 to ESXi 8.0.
Upgrading to ESXi8.0 requires a boot device that is a minimum of 4 GB. When booting from a
local disk, SAN or iSCSI LUN, up to 128 GB of disk space is used to create ESXi system partitions.
You can create a VMFS datastore on a boot disk larger than 128 GB.
Note After you upgrade your host to ESXi8.0, you cannot roll back to the previous ESXi
versions, ESXi6.7, ESXi7.0. So, back up your host configuration before performing an upgrade. If
the upgrade fails, you can reinstall the ESXi6.7 or ESXi7.0 software that you upgraded from and
restore your host configuration. For more information about backing up and restoring your ESXi
configuration, see the VMware ESXi Upgrade documentation. To upgrade ESXi hosts, you must
first import ESXi ISO images to the vSphere Lifecycle Manager depot. You then create baselines
and baseline groups to manage the upgrades for the ESXi hosts.
The remediation of ESXi 6.7 and 7.0 hosts to their respective ESXi update releases is a patching
process, while the remediation of ESXi hosts from version 6.7 or 7.0 to 8.0 is an upgrade process.
n If a patch in a patch baseline requires the installation of another patch, vSphere Lifecycle
Manager detects the prerequisite in thedepot and installs it together with the selected patch.
n If a patch is in a conflict with other patches that are installed on the host, the conflicting
patch might not be staged or installed. However, if another patch in the baseline resolves
the conflicts, the conflicting patch is installed. For example, consider a baseline that contains
patch A and patch C, and patch A conflicts with patch B, which is already installed on
the host. If patch C obsoletes patch B, and patch C is not in a conflict with patch A, the
remediation process installs patches A and C.
n If a patch is in a conflict with the patches in the vSphere Lifecycle Manager depot and is not
in a conflict with the host, after a compliance check, vSphere Lifecycle Manager reports this
patch as a conflicting one. You can stage and apply the patch to the host.
n When multiple versions of the same patch are selected, vSphere Lifecycle Manager installs
the latest version and skips installing the earlier versions.
During patch remediation, vSphere Lifecycle Manager automatically installs the prerequisites of
the patches.
With vSphere Lifecycle Manager8.0, you can remediate hosts of version ESXi6.7 and ESXi7.0
against patches from offline bundles, which you import to the vSphere Lifecycle Manager depot
manually.
When you remediate a cluster of hosts sequentially and one of the hosts fails to enter
maintenance mode, vSphere Lifecycle Manager reports an error and the remediation process
stops and fails. The hosts in the cluster that are remediated stay at the updated level. The ones
that are not remediated after one host fails remain unupdated.
The host upgrade remediation of ESXi hosts in a cluster proceeds only if all hosts in the cluster
can be upgraded.
If you initiate remediation at a data center level, the remediation processes for the clusters run
in parallel. Clusters that you manage with a single vSphere Lifecycle Manager image are not
remediated against the attached baselines or baseline groups. If the remediation process fails for
one of the clusters within a data center, the remaining clusters are still remediated.
Before you start remediation, you can generate a report that shows which cluster, host, or virtual
machine has the cluster features enabled. For more information, see Remediation Pre-Check
Report.
Remediation of hosts in a cluster requires that you temporarily deactivate cluster features such
as VMware DPM and HA admission control. Also, you must turn off Fault Tolerance if it is enabled
on any of the virtual machines on a host, and disconnect the removable devices connected to
the virtual machines on a host, so that they can be migrated with vMotion. For more information
about configuring the vSphere Lifecycle Manager remediation settings, see Chapter 3 vSphere
Lifecycle Manager Remediation Settings.
If a vCenter HA failover is initiated during the remediation of a cluster, the remediation task is
canceled. After the failover finishes, you must restart the remediation task on the new node.
When you perform remediation on a cluster that consists of not more than two hosts,
deactivating HA admission control might not be enough to ensure successful remediation.
You might need to deactivate vSphere High Availability (HA) for the cluster. If you keep HA
enabled, the remediation attempts on hosts in the cluster fail, because HA cannot provide
recommendation to vSphere Lifecycle Manager to place any of the hosts into maintenance mode.
The reason is that if one of the two hosts is placed into maintenance mode there is no failover
host left available in the cluster. To ensure successful remediation on a two-node cluster, you
must deactivate HA for the cluster or place the hosts in maintenance mode manually and then
remediate the two hosts in the cluster.
vSAN Clusters
vSphere Lifecycle Manager remediates hosts that are part of a vSAN cluster sequentially. The
reason is that by design only one host from a vSAN cluster can be in a maintenance mode at any
time. For more information about using vSphere Lifecycle Manager with vSAN clusters, see vSAN
Clusters and vSphere Lifecycle Manager.
If the host or the installer ISO image contains a VIB that creates a conflict and prevents the
upgrade, an error message identifies the VIB that creates the conflict.
To discover potential problems with third-party software before an upgrade operation, scan
the hosts against an upgrade baseline and review the scan messages in the vSphere Lifecycle
Manager compliance view. See Host Upgrade Compliance Messages and Host Upgrade
Compliance Messages When Cisco Nexus 1000V Is Present.
For information about upgrading with third-party customization, see the VMware ESXi Upgrade
documentation.
For information about using vSphere ESXi Image Builder to make a custom ISO, see the VMware
ESXi Installation and Setup documentation.
Remediating ESXi 6.7 or ESXi 7.0 Hosts Against an ESXi 8.0 Image
When you upgrade an ESXi 6.7 or ESXi 7.0 host to ESXi 8.0, all supported custom VIBs remain
intact on the host after the upgrade, regardless of whether the VIBs are included in the installer
ISO.
When you perform a compliance check, the target host is scanned against a set of VIBs from
the upgrade image. If you check the compliance of a host against an upgrade baseline that
contains an ISO image of the same version as the target host, vSphere Lifecycle Manager
displays Compliant or Non-compliant compliance status. If the upgrade image is the basic one
distributed by VMware, or is a custom ISO image that contains the same set of VIBs as the ones
already installed on the target host, the scan result is Compliant. If the upgrade ISO contains VIBs
that are of different kind or version than the VIBs that are already on the target host, the scan
result is Non-compliant.
The remediation process of an ESXi 6.7 or ESXi 7.0 host against an ESXi 8.0 image is an upgrade
process.
Note Upgrading to ESXi 8.0 requires a boot device that is a minimum of 4 GB. When booting
from a local disk, SAN or iSCSI LUN, up to 128 GB of disk space is used to create ESXi system
partitions. You can create a VMFS datastore on a boot disk larger than 128 GB.
You can use an ISO 8.0 image in an upgrade operation of an ESXi 8.0 host. The remediation
process of ESXi 8.0 host by using ESXi 8.0 image with additional VIBs is equivalent to a patching
process. Because the upgrade image is of the same version as the target host, upon completing
the upgrade operation, the additional VIBs are added to the target host.
Table 8-4. Scan and Remediation Situations for ESXi 6.7 and ESXi 7.0 Hosts Against ESXi 8.0
Images
Action Description
Compliance check and remediation of ESXi 6.7 or ESXi 7.0 vSphere Lifecycle Manager displays a Non-Compliant
hosts against an ESXi 8.0 image that contains additional compliance status for the host. Remediation succeeds. All
non-conflicting and non-obsoleting VIBs with the target VIBs on the target host before remediation remain on
host. the host. All VIBs from the upgrade image that are not
present on the target host before remediation are added
to the host.
Compliance check and remediation of ESXi 6.7 or ESXi 7.0 vSphere Lifecycle Manager displays a Non-Compliant
hosts against an ESXi 8.0 image that contains VIBs of a compliance status for the host. Remediation succeeds.
version later than the version of the same VIBs on the VIBs on the target host are updated to the later version.
target host.
Table 8-4. Scan and Remediation Situations for ESXi 6.7 and ESXi 7.0 Hosts Against ESXi 8.0
Images (continued)
Action Description
Compliance check and remediation of ESXi 6.7 or ESXi 7.0 vSphere Lifecycle Manager displays an Incompatible
hosts against an ESXi 8.0 image that contains conflicting compliance status for the host. Remediation fails. The host
VIBs with the target host. remains intact.
Scan and remediation of ESXi 6.7 or ESXi 7.0 hosts n If the vendor-tagged VIBs do not match the
against an ESXi 8.0 image that contains vendor-tagged host hardware, vSphere Lifecycle Manager displays
VIBs. an Incompatible compliance status for the host.
Remediation fails.
n If the vendor-tagged VIBs match the host hardware,
vSphere Lifecycle Manager displays a Non-Compliant
compliance status for the host and remediation
succeeds.
Scan and remediation of ESXi 6.7 or ESXi 7.0 hosts Remediation succeeds. All VIBs that have been installed
against an ESXi 8.0 image that contains VIBs that on the target host before remediation are replaced by the
obsolete the VIBs installed on the host. newer VIBs from the ESXi image.
The remediation pre-check report contains information about issues at the cluster, host, and VM
level that might prevent the completion of remediation.
For information about the possible issues that might prevent successful remediation, see
Remediation Pre-Check Report.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
In the bottom pane of the Remediation Pre-check dialog box, you see a list of issues at the
host and virtual machine level.
Results
The Remediation Pre-check dialog box lists the issues with cluster, hosts, and virtual machines
that might prevent successful remediation of the selected object.
In the upper pane of the Remediation Pre-check dialog box, you see a list of issues at a cluster
level.
In the bottom pane of the Remediation Pre-check dialog box, you see a list of issues at the host
and virtual machine level.
What to do next
Fix all issues that vSphere Lifecycle Manager identifies during the pre-remediation check and
remediate the selected object.
You can generate a pre-check remediation report in the vSphere Lifecycle Manager compliance
view for an object.
DRS is deactivated on Enable DRS on the cluster. DRS enables vCenter Server to place and migrate virtual
the cluster. machines automatically on hosts to attain the best use of
cluster resources.
vSAN health check fails Navigate to the vSAN Health The vSAN health check performs a series of tests on the
during the pre-check. page and address any health hosts in the vSAN cluster. The vSAN health check must
issues before proceeding succeed to ensure the hosts are successfully remediated.
with remediation. If you start a remediation task in a vSAN cluster that
failed the vSAN health check during the remediation pre-
check, the hosts enter maintenance mode, get upgraded,
but might fail to exit maintenance mode. The remediation
eventually fails.
Insufficient licenses for Ensure that you have One CPU license covers up to 32 physical cores. If a
one or multiple ESXi multiple licenses for the ESXi CPU has more than 32 cores, you must assign additional
hosts in the cluster. hosts that have more than 32 CPU licenses to the respective ESXi host. For more
cores per CPU. information, see https://www.vmware.com/company/
news/updates/cpu-pricing-model-update-feb-2020.html.
DPM is enabled on the None. If a host has no running virtual machines, DPM might put
cluster. vSphere Lifecycle the host in standby mode before or during remediation
Manager deactivates DPM and vSphere Lifecycle Manager cannot remediate them.
automatically.
A CD/DVD drive is attached to Disconnect the CD/DVD Any CD/DVD drives or removable devices connected
a virtual machine on the ESXi drive. to the virtual machines on a host might prevent the
host. host from entering maintenance mode. When you start a
remediation operation, the hosts with virtual machines
to which removable devices are connected are not
remediated.
A floppy drive is attached to Disconnect the floppy Any floppy drives or removable devices connected to
a virtual machine on the ESXi drive. the virtual machines on a host might prevent the host
host. from entering maintenance mode. When you start a
remediation operation, the hosts with virtual machines
to which removable devices are connected are not
remediated.
Fault Tolerance (FT) is enabled Deactivate FT for the If FT is enabled for any of the virtual machines on a host,
for a virtual machine on the virtual machine. vSphere Lifecycle Manager cannot remediate that host.
ESXi host.
A powered on virtual machine is Deactivate Virtual Flash Virtual Flash Read Cache is not supported. During
configured to use Virtual Flash Read Cache before an upgrade operation, vSphere Lifecycle Manager
Read Cache. proceeding with the removes Virtual Flash Read Cache for all virtual
upgrade. machines on the host. Before remediation, consult
https://kb.vmware.com/s/article/2057840.
VMware vCenter Server is Enable DRS on the One of the virtual machines in the cluster runs the
installed on a virtual machine cluster and ensure that vCenter Server instance that you currently use. If you
on the ESXi host and DRS is virtual machines can be enable DRS on the cluster, vSphere vMotion can migrate
deactivated on the cluster. migrated with vSphere the virtual machine where vCenter Server runs to ensure
vMotion. that the remediation of the hosts is successful.
An ESXi host in the cluster has Assign as many licenses One CPU license covers up to 32 physical cores.
a CPU with more than 32 cores as the host needs. If a CPU has more than 32 cores, you must
and requires multiple licenses. obtain additional CPU licenses. For more information,
see https://www.vmware.com/company/news/updates/
cpu-pricing-model-update-feb-2020.html.
You can upgrade all hosts in your vSphere inventory by using a single upgrade baseline that
contains an ESXi image. You can remediate a single ESXi host or a group of ESXi hosts in a
container object, such as a folder, a cluster, or a data center. You can also initiate remediation at
a vCenter Server level.
Note Because the official VMware online depot hosts certified partner content in addition
to VMware content, a broader set of OEM bulletins are available in the vSphere Lifecycle
Manager depot. As a result, a broader set of OEM bulletins are included in the vSphere Lifecycle
Manager predefined bulletins. During remediation, always inspect the contents of those baselines
to exclude the bulletins that you do not need in the baseline. For the bulletins that you do
need, consult the corresponding KB articles for information about deployment specifics and
dependencies. Verify that dependent bulletins are also included in the baselines that you use for
remediation.
Prerequisites
n In upgrade scenarios, verify that the ESXi hosts to upgrade have a boot disk of at least 4
GB. When booting from a local disk, SAN or iSCSI LUN, up to 128 GB of disk space is used to
create ESXi system partitions. You can create a VMFS datastore on a boot disk larger than
128 GB.
n To enable Quick Boot, verify that the ESXi host is compatible with the feature. For more
information, see Quick Boot.
Procedure
1 In the vSphere Client, navigate to the vSphere Lifecycle Manager compliance view for an
individual host or a container object.
3 In the Attached Baselines and Baseline Groups pane, select the baselines and baseline
groups to use for remediation.
You can select a single baseline or baseline group. You can also select multiple baselines and
baseline groups. Your selection must contain no more than one upgrade baseline.
4 Click Remediate.
If the selected baselines and baseline groups do not contain an upgrade image, the
Remediate dialog box opens.
If the selected baselines and baseline groups contain an upgrade image, the End User
License Agreement dialog box opens.
5 To proceed to remediation, accept the terms and the license agreement in the End User
License Agreement dialog box.
After you accept the agreement and click OK to close the dialog box, the Remediate dialog
box opens.
6 Expand the list of pre-check issues and review the actions that vSphere Lifecycle Manager
must perform to ensure successful remediation.
7 (Optional) To generate a full remediation pre-check report, click Show Full Remediation
Pre-Check Report.
If you select this option, the Remediate dialog box closes and vSphere Lifecycle Manager
does not proceed with the remediation process. Instead, the Remediation Pre-Check dialog
box opens. After you review the results from the remediation pre-check, you must initiate
remediation again.
8 Expand the list of hosts to be remediated and deselect any host that you do not want to
remediate.
The list contains all the hosts to which the selected baselines and baseline groups are
attached. Even if you navigated to a single host before initiating remediation, the list might
still display multiple hosts to be remediated. All hosts in the list are selected by default.
Deselecting hosts from the list changes the overall number of hosts to be remediated.
9 (Optional) To view information about the updates that will be installed during the remediation,
expand the list of updates.
If the selection of baselines and baseline groups contains an upgrade baseline, information
about the ESXi image is also displayed.
10 (Optional) To schedule the remediation task for a later time, expand Scheduling Options and
configure a scheduled remediation task.
By default, the remediation task starts immediately after closing the Remediate dialog box.
11 Expand Remediation settings and review and edit the remediation settings.
n To turn on or turn off Quick Boot, select or deselect the respective check box in the
Remediation settings table.
n To allow or disallow health checks after remediation, select or deselect the respective
check box in the Remediation settings table.
n To ignore warnings about unsupported hardware devices, select the respective check
box in the Remediation settings table.
n To configure parallel remediation for the selected hosts, expand Parallel remediation,
select the respective check box and configure the maximum number of concurrent
remediations.
Note vSphere Lifecycle Manager remediates in parallel only the ESXi hosts that are in
maintenance mode. Hosts that are not in maintenance mode are not remediated. If you
do not set the maximum number of concurrent remediations, vSphere Lifecycle Manager
remediates all hosts that are in maintenance mode.
If the hosts have NSX virtual distributed switches that are ready to be migrated to
vSphere Distributed Switches, you must set the maximum number of parallel remediations
to no more than 4. In cases when host switch migration is needed, if more than 4 hosts
are remediated in parallel, the remediation might fail, because the host switch migration
takes more time than the time vSphere Lifecycle Manager needs to complete the parallel
remediation.
n To change any other of the remediation settings, click the Close Dialog And Go To
Settings link above the table.
If you select this option, the Remediate dialog box closes and vSphere Lifecycle Manager
does not proceed with the remediation process. Instead, you are redirected to the
Baselines Remediation Settings pane on the Settings tab of the vSphere Lifecycle
Manager home view. To change any of the remediation settings, click the Edit button.
Remediation does not resume automatically. After you make the desired changes, you
must initiate remediation again.
12 Click Remediate.
Results
Depending on the remediation schedule you configure, the remediation task starts immediately
or runs later.
Migrating your host switch to vSphere Distributed Switch 7.0 or later ensures optimal pNIC
usage, and lets you manage the networking for your NSX hosts from vCenter Server.
During an upgrade remediation, vSphere Lifecycle Manager checks if an NSX virtual distributed
switch is present on each of the hosts in the cluster and if it is ready to be migrated. To prepare
the NSX virtual distributed switch for migration, you must run the Upgrade Readiness Tool before
upgrading the cluster. If the NSX distributed switch on any of hosts in the cluster is not ready to
be migrated to a vSphere Distributed Switch, you cannot proceed with the remediation process.
In this case, you need to go to NSX Manager and run the Upgrade Readiness Tool.
Requirements
n ESXi 7.0 Update 2
n NSX 3.1.1
As a good practice, contact VMware support to assess the impact of migrating to vSphere
Distributed Switch 7.0 or later.
Workflow
1 In NSX Manager, use the Upgrade Readiness Tool to run the migration readiness pre-check,
address any configuration issues, review the recommended topology, and apply the new
topology.
For more information about the steps you need to perform in NSX Manager, see "Migrate
Host Switch to vSphere Distributed Switch" in the NSX Center Administration documentation.
For more information about upgrading vCenter Server, see the vSphere Upgrade
documentation.
3 Create a baseline group that contains an ESXi image version 7.0 Update 2 and the NSX kernel
module for ESXi 7.0 .
a Import an ESXi 7.0 Update 2 ISO image to the vSphere Lifecycle Manager depot.
For more information, see Import an ISO Image to the vSphere Lifecycle Manager Depot.
For more information, see Create, Edit, or Delete vSphere Lifecycle Manager Baselines
and Baseline Groups .
c From customerconnect.vmware.com, download the NSX kernel module for ESXi 7.0.
d Import the downloaded NSX bundle to the vSphere Lifecycle Manager depot.
For more information, see Import Updates to the vSphere Lifecycle Manager Depot.
For more information, see Create, Edit, or Delete vSphere Lifecycle Manager Baselines
and Baseline Groups .
f Create a baseline group that contains the ESXi upgrade baseline and the extension
baseline with NSX VIBs.
For more information, see Attach Baselines and Baseline Groups to Objects.
During the remediation, vSphere Lifecycle Manager upgrades the ESXi version first and then
migrates the host switch, if migration is needed.
For more information, see Remediate ESXi Hosts Against a Single Baseline or Multiple
Baselines.
6 If you use host profiles to configure the hosts in your environment, re-extract a new host
profile from the reference host in the cluster.
After the upgrade, due to the migration of the host switch, the existing host profiles become
invalidated and inapplicable.
Whether you perform an upgrade of the virtual machine hardware version or the VMware Tools
version, the upgrade is a multi-stage process.
vSphere Lifecycle Manager checks the status of a virtual machine against the latest virtual
machine hardware version supported by the host on which the virtual machine runs. Similarly,
vSphere Lifecycle Manager checks the status of the virtual machine against the latest
VMware Tools version supported by the host on which the virtual machine runs.
For more information about checking virtual machine status, see Checking the Status of
Virtual Machines.
3 You upgrade the virtual machine to match the host where it resides.
With vSphere Lifecycle Manager, you can upgrade the virtual machine hardware version and
the VMware Tools version that a virtual machine has. You can use vSphere Lifecycle Manager
to upgrade the virtual machine hardware version to the latest hardware version, vmx-19, and
to the latest VMware Tools version on the hosts.
For more information about upgrading virtual machines, see Upgrading Virtual Machines.
You can configure vSphere Lifecycle Manager to keep snapshots for an indefinite or fixed period
of time. Use the following guidelines when managing snapshots.
n Keeping snapshots indefinitely might consume a large amount of disk space and degrade
virtual machine performance.
n Keeping no snapshots saves space, ensures best virtual machine performance, and might
reduce the remediation time. However, keeping no snapshots limits the availability of a
rollback.
n Keeping snapshots for a fixed period of time uses less disk space and offers a backup for a
short time.
vSphere Lifecycle Manager does not take snapshots of fault tolerant virtual machines and virtual
machines of virtual machine hardware version 3. If you decide to take snapshots of such virtual
machines, the upgrade might fail.
If you configure vSphere Lifecycle Manager to automatically upgrade VMware Tools on power
cycle for selected virtual machines, vSphere Lifecycle Manager does not take snapshots of the
virtual machines before upgrading them and you cannot roll back.
Prerequisites
Procedure
b Select a vCenter Server system from the Lifecycle Manager drop-down menu.
The drop-down menu is available only when multiple vCenter Server systems are
connected by a common vCenter Single Sign-On domain. By selecting a vCenter Server
system, you specify which vSphere Lifecycle Manager instance you want to administer.
6 Click Save to save your changes and close the Edit Default Settings for VM Rollback dialog
box.
Results
These settings become the default rollback option settings for virtual machines. You can specify
different settings when you configure individual remediation tasks.
With vSphere Lifecycle Manager, you can check the status of a single virtual machine or a group
of virtual machines in a parent container object.
Supported groups of virtual machines or ESXi hosts include virtual infrastructure container
objects such as folders, vApps, clusters, and data centers.
vSphere Lifecycle Manager checks the status of virtual machines in two aspects.
n You can use vSphere Lifecycle Manager to check the status of the virtual machines in respect
with the VMware Tools version that they have installed.
The status check is performed against the latest VMware Tools version that the parent host
supports.
n vSphere Lifecycle Manager checks the status of the virtual machines in respect with their VM
hardware compatibility.
vSphere Lifecycle Manager compares the hardware compatibility of the virtual machines with
the default VM hardware compatibility configured for the host.
Procedure
The Scan entity task appears in the Recent Tasks pane. After the task finishes, status
information appears in the VMware Tools and VM Hardware Compatibility panels.
Results
The virtual machines are scanned for VMware Tools and VM hardware compliance.
When you perform a status check for a container object, vSphere Lifecycle Manager checks the
VMware Tools and VM Hardware Compatibility statuses for all child virtual machines. The larger
the virtual infrastructure and the higher up in the object hierarchy you initiate the status check,
the longer the task takes.
Procedure
1 In the vSphere Client, navigate to a virtual machine container object, such as a virtual machine
folder, host, cluster, and so on.
Option Action
Check the VMware Tools status of a Select Hosts > VMware Tools > .
the virtual machines in the container b Click Check Status.
object.
The information about the VMware Tools status appears in the Tools
Status column in the table that lists all virtual machines in the selected
container object. If the container object is a data center or a vCenter
Server instance, you must first specify the cluster that you want to see
results for.
VMware Tools is installed, supported, and the version is newer than the version available on the
ESXi host.
VMware Tools is installed, but the version is too new to work correctly with this virtual machine.
vSphere Lifecycle Manager supports upgrading powered on, suspended, and powered off virtual
machines.
During the upgrade of VMware Tools, the virtual machines must be powered on. If a virtual
machine is in the powered off or suspended state before remediation, vSphere Lifecycle
Manager powers it on. After the upgrade completes, vSphere Lifecycle Manager restarts the
machine and restores the original power state of the virtual machine.
During the virtual hardware upgrade, the virtual machines must be powered off. If a virtual
machine is powered on, vSphere Lifecycle Manager powers the machine off, upgrades the virtual
hardware, and then powers the virtual machine on.
You can also upgrade VMware Tools and the hardware version of a virtual machine template.
A template is a copy of a virtual machine that you can use to create and provision new virtual
machines.
You can set up automatic upgrades of VMware Tools on power cycle. For more information, see
Automatically Upgrade VMware Tools on Reboot.
You can configure vSphere Lifecycle Manager to take snapshots of virtual machines and to keep
the snapshots indefinitely or for a specific period of time. By using snapshots, you can roll back
a virtual machine to its previous state if upgrading the virtual machine with vSphere Lifecycle
Manager fails. After the upgrade finishes, you can delete the snapshots if you do not need them.
For more information about configuring virtual machine rollback settings, see Configure Virtual
Machine Rollback Settings.
You can upgrade virtual machines immediately or schedule an upgrade operation to run at a
convenient time.
If a host is connected to vCenter Server by using an IPv6 address, you cannot scan and
remediate virtual machines that run on the host.
With vSphere Lifecycle Manager, you can upgrade the hardware compatibility version of a
single virtual machine or multiple virtual machines simultaneously. Supported container objects
for virtual machines in the vSphere inventory are folders, vApps, data centers.
Procedure
You can also initiate upgrade at the level of any inventory object where virtual machines run.
For example, you can start the upgrade operation at a host or cluster level.
A list of all virtual machines in the cluster appears in the bottom pane.
d Select the virtual machines to upgrade.
e Click Upgrade to Match Host.
A list of the virtual machines selected for upgrading is visible in the Upgrade VM Hardware to
Match Host dialog box.
3 (Optional) To change the selection of the virtual machines to upgrade, select or deselect
virtual machines from the list.
4 (Optional) To schedule the upgrade for a specific date and time, expand Scheduling Options
and configure the scheduled task.
a Enter a name and, optionally, a description for the scheduled upgrade task.
b Use the Powered On VMs, Powered Off VMs, and Suspended VMs drop-down menus to
configure the upgrade to run immediately or at a specific date and time.
5 (Optional) To configure the use of snapshots, expand Rollback Options and change the
default settings.
d Include the virtual machine memory in the snapshot by selecting the respective check
box.
6 Review your selections and click the Upgrade to Match Host button.
Results
The hardware versions of the selected virtual machines are upgraded and the virtual machine
status changes to Up to Date.
With vSphere Lifecycle Manager, you can upgrade the VMware Tools version of a single virtual
machine or multiple virtual machines simultaneously. Supported container objects for virtual
machines in the vSphere inventory are folders, vApps, data centers.
Procedure
You can initiate the upgrade at the level of any inventory object where virtual machines run.
For example, you can start the upgrade operation at a host or cluster level.
A list of all virtual machines in the cluster appears in the bottom pane.
d In the VMs in Cluster pane, select the virtual machines to upgrade.
e Click Upgrade to Match Host.
A list of the virtual machines selected for upgrading is visible in the Upgrade VMware Tools
to Match Host dialog box.
3 (Optional) To change the selection of the virtual machines to upgrade, select or deselect
virtual machines from the list.
4 (Optional) To schedule the upgrade for a specific date and time, expand Scheduling Options
and configure the scheduled task.
a Enter a name and, optionally, a description for the scheduled upgrade task.
b Use the Powered On VMs, Powered Off VMs, and Suspended VMs drop-down menus to
configure the upgrade to run immediately or at a specific date and time.
5 (Optional) To configure the use of snapshots, expand Rollback Options and change the
default settings.
d Include the virtual machine memory in the snapshot by selecting the respective check
box.
6 Review your selections and click the Upgrade to Match Host button.
Results
The VMware Tools version that runs on the selected virtual machines is upgraded and the
VMware Tools status changes to Up to Date.
You can set up vSphere Lifecycle Manager to check the VMware Tools version of a virtual
machine when the virtual machine is rebooted. If necessary, vSphere Lifecycle Manager upgrades
VMware Tools to the latest version supported by the host on which the virtual machine runs.
Note When you perform a VMware Tools upgrade on power cycle, vSphere Lifecycle Manager
does not take a snapshot of the virtual machine and you cannot roll back to the previous version
of the virtual machine.
Prerequisites
Verify that you have the Manage Patches and Upgrades.Remediate to Apply Patches,
Extensions, and Upgrades privilege.
Procedure
1 In the vSphere Client, navigate to a single virtual machine or an inventory object that contains
virtual machines.
A list of all virtual machines in the cluster appears in the bottom pane.
d In the VMs in cluster pane, select the virtual machines for which you
want to enable the automatic upgrade of VMware Tools.
e Click Set Auto Update and select On.
Results
The next time you power on or restart a virtual machine, vSphere Lifecycle Manager checks the
version of VMware Tools installed on the virtual machines and performs an upgrade, if necessary.
A solution is a VMware product that integrates with vCenter Server and adds some new
functionality to the ESXi hosts in the inventory.
When you enable a solution for a cluster that uses a vSphere Lifecycle Manager image, the
solution automatically uploads an offline bundle with components into the vSphere Lifecycle
Manager depot and adds its component to all hosts in the cluster. You cannot control the
lifecycle of solution components. For example, if you export the image, solution components
are not part of the exported image.
Integrated Solutions
You can manage a cluster with a single image if the cluster has any of the following solutions
enabled.
n vSAN
For more information about the integration between vSAN and vSphere Lifecycle Manager,
see vSAN Clusters and vSphere Lifecycle Manager and the Administering VMware vSAN
documentation.
For detailed information about the integration between vSphere with Tanzu and
vSphere Lifecycle Manager, see the vSphere with Tanzu Configuration and Management
documentation.
n NSX
For more information about the integration between NSX and vSphere Lifecycle Manager,
see the NSX Administration documentation.
Unintegrated Solutions
You cannot manage a cluster with a single image if the cluster has any of the following solutions
enabled.
®
n NSX for vSphere
You can use baselines and baseline groups to manage clusters that have those solutions enabled.
If you want to switch to using images for a vSAN cluster that contains ESXi hosts of versions
earlier than 7.0, you must first use an upgrade baseline to upgrade the hosts. Then, you can
switch to using a vSphere Lifecycle Manager image for the cluster.
For more information about recommendation baselines, see About Recommendation Baseline
Groups.
For more information about using baselines to manage hosts and clusters, see Chapter 8 Using
vSphere Lifecycle Manager Baselines and Baseline Groups .
n You can update the firmware on all hosts in the vSAN cluster.
You perform firmware update by setting up an image that contains a firmware add-on and
remediating the vSAN cluster against that image. For more information about performing
firmware updates by using vSphere Lifecycle Manager images, see Firmware Updates with
vSphere Lifecycle Manager.
The hardware compatibility check task verifies that the image for the cluster can be
successfully applied to all hosts and that it is compliant with the vSAN Hardware Compatibility
List (HCL). For more information about hardware compatibility checks, see Chapter 7 vSphere
Lifecycle Manager Hardware Compatibility Checks for Clusters and Hosts.
When you perform a compliance check against the image for a cluster, firmware compliance
is also checked. As a result, you can easily notice if a driver or firmware in your cluster
becomes non-compliant. For more information about checking the compliance of a cluster
against an image, see Check the Compliance Against a Single Image.
When you manage a vSAN cluster with vSphere Lifecycle Manager images, the vSAN
recommendation engine does not generate vSAN health alarms or recommendation baselines
for that cluster. However, vSphere Lifecycle Manager generates pre-validated images include
a recommended firmware version for the hosts in your vSAN cluster. For more information
about vSphere Lifecycle Manager recommended images, see vSphere Lifecycle Manager
Recommended Images.
When you remediate hosts that are part of a vSAN cluster, you must be aware of the following
behavior:
n vSphere Lifecycle Manager puts only one host at a time in maintenance mode.
n vSphere Lifecycle Manager remediates hosts that are part of a vSAN cluster sequentially.
n Because vSphere Lifecycle Manager handles the remediation of the hosts sequentially, the
host remediation process might take an extensive amount of time to finish.
n vSphere Lifecycle Manager remediates vSAN clusters with configured fault domains by
upgrading all hosts from one fault domain first and then upgrading the hosts in the next
fault domain.
n For a vSAN stretched cluster, vSphere Lifecycle Manager first remediates the hosts from the
preferred site and then proceeds with remediating the hosts in the secondary site.
n You can put the host in maintenance mode manually and remediate the host by using
vSphere Lifecycle Manager.
n You can have the host enter maintenance mode during the vSphere Lifecycle Manager
remediation process.
In the vSphere Client, when you put a host from a vSAN cluster into maintenance mode, you
can choose between multiple options: Ensure accessibility, Full data evacuation, and No data
evacuation. The Ensure accessibility option is the default option, and means that when you put a
host in maintenance mode, vSAN ensures that all accessible virtual machines on the host remain
accessible. To learn more about each of the options, see the "Place a Member of a vSAN Cluster
in Maintenance Mode" topic in the vSphere Storage documentation.
During remediation, vSphere Lifecycle Manager, puts the hosts from the vSAN cluster in
maintenance mode and handles the virtual machines on the host in the manner of the default
Ensure accessibility option.
If a host is a part of a vSAN cluster, and any virtual machine on the host uses a VM storage
policy with the setting for "Number of failures to tolerate=0", the host might experience unusual
delays when it enters maintenance mode. The delay occurs because vSAN has to migrate the
virtual machine data from one disk on the vSAN datastore cluster to another. Delays might take
up to hours. You can work around this by setting the "Number of failures to tolerate=1" for the
VM storage policy, which results in creating two copies of the virtual machine files on the vSAN
datastore.
The vSAN health check gives you information about the cluster state and whether you must
take extra actions to ensure successful remediation. Even if you do not take the recommended
actions, you can still remediate the vSAN cluster or a host from the cluster. vSphere Lifecycle
Manager successfully puts the host in maintenance mode and applies software updates on the
host successfully. However, the host might fail to exit maintenance mode, and the remediation
process might fail. As a result, the host from the vSAN cluster is upgraded, but you must take
manual steps to take the host out of maintenance mode.
You can use vSphere Lifecycle Manager images to manage a vSAN stretched cluster and its
witness host. Starting with vSphere 8.0 Update 2, you define separate images for the vSAN
cluster and for the witness host. See Upgrading vSAN Stretched Clusters by Using a vSphere
Lifecycle Manager Image. The following requirements exist:
n The witness host must be ESXi version 7.0 Update 2 and later.
n The witness host can be a dedicated witness host or a shared witness host.
n The witness host must be upgraded before the hosts in the associated vSAN stretched or
two-node cluster.
n The witness host and the associated vSAN clusters must not be upgraded in parallel.
n You cannot run virtual machines on a witness host. If vSphere Lifecycle Manager detects any
stale virtual machines running on a witness host, during the remediation of the standalone
host vSphere Lifecycle Manager sets the VM power state remediation setting to Do not
change power state. For more information, see Configure vSphere Lifecycle Manager
Remediation Settings for Clusters or Standalone Hosts that You Manage with A Single Image .
You start using vSphere Lifecycle Manager images to manage the witness host by performing
any of the following tasks:
n You switch from using vSphere Lifecycle Manager baselines to using vSphere Lifecycle
Manager images for an existing vSAN stretched or two-node ROBO cluster and for the
dedicated standalone host.
Note The transition to using images is blocked if the witness host is of ESXi version earlier
than 7.0 Update 2. In such cases, you can use baselines to upgrade the witness host to
version 7.0 Update 2 or later, and then you can start managing the witness host with a single
vSphere Lifecycle Manager image.
n You convert an existing vSAN cluster that uses a single image into a stretched cluster with a
virtual witness host.
n You upgrade to version 8.0 Update 2 and later for vCenter Server and version 7.0 Update 2
or later for the witness host.
You stop using vSphere Lifecycle Manager images to manage the witness host in the following
cases:
n You convert an existing vSAN stretched cluster that uses images into a regular vSAN cluster.
n You deactivate vSAN for an existing vSAN stretched cluster that you manage with a single
image.
Important With vSphere 8.0, you can use vSphere Lifecycle Manager images to manage
standalone hosts in your vCenter Server inventory. Starting with vSphere 8.0 Update 2, you
can apply a separate vSphere Lifecycle Manager image to the witness host of a vSAN cluster.
You can start managing the witness host with a vSphere Lifecycle Manager image at the time of
adding the host to the inventory or you can transition an existing standalone host that uses a
single image to a witness host.
n The witness host must be ESXi version 7.0 Update 2 and later.
Starting with vSphere 8.0 Update 2, once you upgrade the vCenter Server instance to version
8.0 Update 2, the virtual dedicated witness host is no longer managed with the vSphere Lifecycle
Manager image that you define for the vSAN cluster. You can use a full vSphere Lifecycle
Manager image to upgrade a witness host in the same way you upgrade a standalone host.
The desired image you apply on a witness host can contain a base ESXi image, and any user
components, solution components, or OEM add-ons.
With vSphere 8.0 Update 2, for stretched vSAN clusters, you must first upgrade the witness
host with the separate vSphere Lifecycle Manager image you configured and then proceeds
to remediating the hosts in the preferred site and the secondary site. If all hosts in the
preferred site are in a compliant state, then vSphere Lifecycle Manager skips the preferred
site and starts remediating the hosts from the secondary site. If any host in the entire cluster
is in an incompatible state, remediation stops. For more information about fault domain-aware
remediation and the order in which vSphere Lifecycle Manager remediates the hosts in a
vSAN cluster, see Using vSphere Lifecycle Manager Images to Remediate vSAN Clusters with
Configured Fault Domains .
To remediate the witness host against a single vSphere Lifecycle Manager image, the following
requirements exist:
n The witness host must be ESXi version 7.0 Update 2 and later.
n The witness host can be a dedicated witness host and a shared witness host.
Remediation starts with the fault domain that has the highest priority. The priority of a fault
domain is determined by the number of non-compliant hosts in that fault domain. The fewer
non-compliant hosts in a fault domain, the higher the priority of that fault domain. However, if
multiple fault domains have the same priority, vSphere Lifecycle Manager selects the first fault
domain from the list of fault domains.
After vSphere Lifecycle Manager selects a fault domain, vSphere Lifecycle Manager uses DRS
recommendations to select the optimal host within that domain to be remediated.
For fault domain-aware remediation of vSAN clusters, the following requirements exist:
For fault domain-aware remediation of vSAN clusters with enabled NSX or vSphere with Tanzu,
the following requirements exist:
In a vSAN cluster, the SCSI controller firmware and the physical drive firmware are handling most
of the data communication. To ensure your vSAN cluster health, you must perform controller
firmware updates, when necessary.
Because firmware updates affect the hardware layer in your vSphere environment, they usually
are rare events. Firmware updates occur during initial ESXi host setup or during major updates of
vSphere or vSAN.
In earlier vSphere releases, firmware updates are delivered as baselines in the vSAN-managed
baseline group. You must use a special vendor-provided tool that vSAN uses to detect,
download, and install firmware updates. However, in vSphere 8.0, the recommendation baseline
group that vSAN generates contains only patch updates and driver updates. It no longer contains
firmware updates. As a result, you cannot use baselines to update the firmware in your vSAN
clusters if the ESXi hosts are of version 7.0 and later. You can still use baselines to perform
firmware updates on hosts of earlier versions, for example ESXi 6.7. But to perform firmware
updates on hosts that are of ESXi version 8.0 and later and that are in a vSAN cluster, you
must manage that cluster with a single image. You must also deploy an OEM-provided hardware
support manager and register it as a vCenter Server extension. The hardware support manager
inspects the hardware of the hosts in the cluster and lists available and compatible firmware
versions, which you can add to the image for the cluster. The actual firmware update happens
upon remediating the cluster against an image that contains a firmware add-on.
For more information about the requirements for using images, see What Are the Requirements
for Using vSphere Lifecycle Manager.
For more information about performing firmware updates by using images, see Firmware
Updates with vSphere Lifecycle Manager.
Recommendation baseline groups can contain any of the following sftware updates:
n An upgrade baseline that contains an ESXi upgrade image by a certified vendor with the
latest tested and recommended version for the vSAN cluster.
n One or multiple patch baselines that contain recommended critical patches for the ESXi
version of the hosts in the vSAN cluster.
Note Recommendation baseline groups no longer contain firmware updates. To update the
firmware on your hosts, you must convert to using a single image for the vSAN cluster.
Every 24 hours, vSphere Lifecycle Manager runs an automatic check for a recommendation
baseline group with build recommendations coming from vSAN. If a new recommendation
baseline group is detected, vSphere Lifecycle Manager automatically attaches the vSAN
recommendation baseline group to the vSAN cluster.
After refreshing the vSAN recommendation baseline group, vSphere Lifecycle Manager
automatically performs a compliance check operation on the vSAN clusters against the updated
recommendation baseline group. Operations such as adding and removing hosts from an existing
vSAN cluster also trigger refresh of the attached recommendation baseline group, followed by a
compliance check.
vSphere Lifecycle Manager runs as a service in vCenter Server 7.0 and later.
n vSAN cluster that contains hosts of ESXi version 6.0 Update 2 and later.
n Constant access of the vSphere Lifecycle Manager host machine to the Internet.
Requirements
n Verify that all ESXi hosts in the Supervisor are version 7.0 Update 1 and later.
n Verify that the ESXi hosts in the Supervisor are assigned the VMware vSphere 7 Enterprise
Plus with Add-on for Kubernetes license.
n Note You can manage the lifecycle of a Supervisor with either vSphere Lifecycle Manager
baselines or vSphere Lifecycle Manager images. However, you cannot convert a Supervisor
that uses vSphere Lifecycle Manager baselines to a Supervisor that uses vSphere Lifecycle
Manager images. To use vSphere Lifecycle Manager images for a Supervisor, you must first
switch the cluster which is not yet enabled for Workload Management to using images and
then enable vSphere with Tanzu on that cluster.
n Review the configuration requirements and additional information in Working with vSphere
Lifecycle Manager chapter in the Maintaining vSphere with Tanzu documentation.
Supported Workflows
The following workflows are supported for any Supervisor that uses vSphere Lifecycle Manager
images and is configured to use the vSphere networking stack.
n You can upgrade a Supervisor to the latest version of vSphere with Tanzu. You can also
upgrade the ESXi version of the hosts in the Supervisor.
You perform the upgrade of the Supervisor from the Workload Management user interface in
the vSphere Client.
You upgrade the ESXi version of the hosts in the Supervisor by remediating the cluster from
the vSphere Lifecycle Manager user interface in the vSphere Client.
Note You cannot perform a simultaneous upgrade of both vSphere with Tanzu and ESXi.
n You deactivate vSphere with Tanzu from the Workload Management user interface in the
vSphere Client.You can deactivate vSphere with Tanzu on a cluster that uses a single vSphere
Lifecycle Manager image.
When you deactivate vSphere with Tanzu, you can use the cluster for traditional virtual
machine workloads.
n You can add and remove hosts to and from a cluster that has both vSphere with Tanzu and
vSphere Lifecycle Manager enabled.
For more information about adding and removing hosts to and from a cluster, see the
vCenter Server and Host Management documentation.
For detailed information about working with a Supervisor that uses a single image, see
the Working with vSphere Lifecycle Manager section in the Maintaining vSphere with Tanzu
documentation.
In a vSAN cluster with configured fault domains, vSphere Lifecycle Manager recognizes the
configured fault domains for the cluster and performs the solution upgrade in accordance with
the fault domain configuration. If the vSAN cluster is a stretched cluster, you must upgrade the
witness host separately, after vSphere Lifecycle Manager finishes remediating all fault domains.
For more information about remediating vSAN stretched clusters and vSAN clusters configured
with fault domains, see Using vSphere Lifecycle Manager Images to Remediate vSAN Clusters
with Configured Fault Domains . For more information about stretched clusters, see the vSAN
Planning and Deployment documentation.
Scalability
For information about the scalability that vSphere Lifecycle Manager supports, visit the VMware
Configuration Maximums Matrix at https://configmax.vmware.com/.
Requirements
n Verify that all ESXi hosts in the Supervisor are version 7.0 Update 2 or later.
n Verify that all ESXi hosts in the Supervisor are assigned the VMware vSphere 7 Enterprise
Plus with Add-on for Kubernetes license.
n Note You can manage the lifecycle of a Supervisor with either vSphere Lifecycle Manager
baselines or vSphere Lifecycle Manager images. However, you cannot convert a Supervisor
that uses vSphere Lifecycle Manager baselines to a Supervisor that uses vSphere Lifecycle
Manager images. To use vSphere Lifecycle Manager images for a Supervisor, you must first
switch the cluster which is not yet enabled for Workload Management to using images and
then enable vSphere with Tanzu on that cluster.
n Review the configuration requirements and additional information in the Working with
vSphere Lifecycle Manager chapter in the Maintaining vSphere with Tanzu documentation.
Supported Workflows
The following workflows are supported for any Supervisor that uses vSphere Lifecycle Manager
images and is configured to use the NSX networking stack.
n You can upgrade a Supervisor to the latest version of vSphere with Tanzu. You can also
upgrade the ESXi version of the hosts in the Supervisor.
You perform the upgrade of the Supervisor from the Workload Management user interface in
the vSphere Client. During upgrade, vSphere Lifecycle Manager upgrades the Spherelet VIB
on the hosts to make it compatible with the new version of vSphere with Tanzu or the new
version of ESXi.
You upgrade the ESXi version of the hosts in the Supervisor by remediating the cluster from
the vSphere Lifecycle Manager user interface in the vSphere Client.
Note You cannot perform a simultaneous upgrade of both vSphere with Tanzu and ESXi.
n You deactivate vSphere with Tanzu from the Workload Management user interface in the
vSphere Client.You can deactivate vSphere with Tanzu on a cluster that uses a single vSphere
Lifecycle Manager image.
When you deactivate vSphere with Tanzu, you can use the cluster for traditional virtual
machine workloads.
n You can add and remove hosts to and from a Supervisor that uses vSphere Lifecycle
Manager images.
When you add a host to a Supervisor that you manage with a single vSphere Lifecycle
Manager image, vSphere Lifecycle Manager automatically installs the Spherelet VIB on the
newly added host.
When you remove a host from a Supervisor that you manage with a single vSphere Lifecycle
Manager image, vSphere Lifecycle Manager removes the Spherelet VIB from the host.
vSphere Lifecycle Manager also deletes the Spherelet VIB from a host that you move to
another Supervisor.
For more information about adding and removing hosts to and from a cluster, see the
vCenter Server and Host Management documentation.
For detailed information about working with a Supervisor that uses a single image, see
the Working with vSphere Lifecycle Manager chapter in the Maintaining vSphere with Tanzu
documentation.
In a vSAN cluster with configured fault domains, vSphere Lifecycle Manager recognizes the
configured fault domains for the cluster and performs the solution upgrade in accordance with
the fault domain configuration. If the vSAN cluster is a stretched cluster, you must upgrade the
witness host separately, after vSphere Lifecycle Manager finishes remediating all fault domains.
For more information about remediating vSAN stretched clusters and vSAN clusters configured
with fault domains, see Using vSphere Lifecycle Manager Images to Remediate vSAN Clusters
with Configured Fault Domains . For more information about stretched clusters, see the vSAN
Planning and Deployment documentation.
Scalability
For information about the scalability that vSphere Lifecycle Manager supports, visit the VMware
Configuration Maximums Matrix at https://configmax.vmware.com/.
Requirements
n Verify that the ESXi hosts to upgrade are version 6.7 or later.
n NSX 3.0
n Verify that the vmknics on the ESXi host are properly configured and the DHCP server works
properly.
Workflow
1 Upgrade vCenter Server to version 7.0.
For more information about upgrading vCenter Server, see the vSphere Upgrade
documentation.
2 Import an ESXi 7.0 ISO image to the vSphere Lifecycle Manager depot.
For more information, see Import an ISO Image to the vSphere Lifecycle Manager Depot.
3 Download the NSX 3.0.0 NSX Kernel Module for VMware ESXi 7.0 from http://
customerconnect.vmware.com.
For more information, see Import Updates to the vSphere Lifecycle Manager Depot.
5 Create an upgrade baseline with the imported ESXi 7.0 ISO image.
For more information, see Create, Edit, or Delete vSphere Lifecycle Manager Baselines and
Baseline Groups .
For more information, see Create, Edit, or Delete vSphere Lifecycle Manager Baselines and
Baseline Groups .
7 Create a baseline group that contains the newly created upgrade and extension baselines.
For more information, see Attach Baselines and Baseline Groups to Objects.
For more information, see Remediate ESXi Hosts Against a Single Baseline or Multiple
Baselines.
Requirements
n Verify that all ESXi hosts in the cluster are version 7.0 Update 1 or later.
n Verify that a vSphere Distributed Switch (VDS) is configured to manage the NSX traffic.
Supported Workflows
The following workflows are supported for clusters that are enabled for both vSphere Lifecycle
Manager images and NSX.
n You can enable NSX on a cluster that you manage with a single vSphere Lifecycle Manager
image.
You perform the operation by configuring a transport node profile (TNP) for the cluster in
the NSX Manager. In the NSX Manager, you can either manually add a TNP to the cluster,
or automatically generate one in the Getting Started wizard. You can continue leveraging
individual transport node configurations, but you must always use a TNP for the clusters
that you manage with a single vSphere Lifecycle Manager image. You cannot enable NSX
on a cluster that uses a single vSphere Lifecycle Manager image if you choose to only use
individual transport node configurations for the hosts in the cluster.
n You can add hosts to a cluster that you manage with a single vSphere Lifecycle Manager
image and that is enabled with NSX. You can also remove hosts from such a cluster.
You perform the add and remove host operations in the vSphere Client. When you add a host
to the cluster, vSphere Lifecycle Manager automatically installs the NSX component to the
newly added host. To add a host to a cluster that you manage with a single vSphere Lifecycle
Manager image, the host must be added to the VDS associated with the TNP. Otherwise, the
host cannot fully work with NSX.
When you move a host from one cluster that uses a single vSphere Lifecycle Manager image
to another, vSphere Lifecycle Manager applies the target cluster's image together with the
target NSX component to the newly added host. If a host is deleted from the vCenter Server
inventory, the NSX component is uninstalled from the host.
For more information about adding and removing hosts to and from a cluster, see the
vCenter Server and Host Management documentation.
n You can upgrade NSX 3.1 to a later version in a cluster that you manage with a single vSphere
Lifecycle Manager image.
n You can upgrade both NSX and ESXi in a single vSphere Lifecycle Manager remediation task.
The workflow is supported only if you upgrade from NSX version 3.1.
In the NSX Manager, you stage the NSX upgrade as part of the image that the cluster uses.
From the vSphere Lifecycle Manager user interface in the vSphere Client, you can further edit
the image and you initiate remediation of the cluster. During remediation, vSphere Lifecycle
Manager applies both the NSX and ESXi upgrades to the hosts in the cluster. For more
information, see the Upgrading NSX Guide documentation.
n You can switch from using vSphere Lifecycle Manager to using a vSphere Lifecycle Manager
image for a cluster that is enabled with NSX.
n You can uninstall NSX from a host or a cluster that you manage with a single vSphere
Lifecycle Manager image.
n You can check the compliance, generate a remediation pre-check report, and remediate a
cluster that you manage with a single vSphere Lifecycle Manager image and that is enabled
with NSX.
You perform the check compliance, generate a remediation pre-check, and remediation
operations in the vSphere Client. Whenever you change the NSX configuration in the NSX
Manager, the compliance state of the cluster that you see on the Updates tab for the cluster
in the vSphere Client changes to non-compliant. You can remediate non-compliant hosts and
clusters in the vSphere Client or you can solve the issues that cause non-compliance in the
NSX Manager.
n You can export the vSphere Lifecycle Manager image of a cluster that is enabled with NSX
and import this image to another cluster that has both vSphere Lifecycle Manager images and
NSX enabled.
For detailed information about all workflows that you perform in the NSX Manager, see the NSX
Administration documentation.
In a vSAN cluster with configured fault domains, vSphere Lifecycle Manager recognizes the
configured fault domains for the cluster and performs the solution upgrade in accordance with
the fault domain configuration. If the vSAN cluster is a stretched cluster, you must upgrade the
witness host separately, after vSphere Lifecycle Manager finishes remediating all fault domains.
For more information about remediating vSAN stretched clusters and vSAN clusters configured
with fault domains, see Using vSphere Lifecycle Manager Images to Remediate vSAN Clusters
with Configured Fault Domains . For more information about stretched clusters, see the vSAN
Planning and Deployment documentation.
Scalability
For information about the scalability that vSphere Lifecycle Manager supports, visit the VMware
Configuration Maximums Matrix at https://configmax.vmware.com/.
n Set a desired host configuration at a cluster level. The configuration is created and managed
in the form of a human-readable JSON file backed by a JSON schema. Starting with vSphere
8.0 Update 2, you can edit the desired cluster configuration settings in the vSphere Client.
n Check the host compliance against the configuration for the cluster.
n Remediate the cluster to make non-compliant hosts compliant with the configuration set at
the cluster level.
To perform all these tasks, you need the proper privileges. To view the full list of privileges
required for using vSphere Configuration Profiles, see Required Privileges for Using vSphere
Configuration Profiles
You can enable vSphere Configuration Profiles only on clusters that you manage with a single
image. You can't use vSphere Configuration Profiles on clusters that you manage with baselines.
For such clusters, you can only use vSphere Host Profiles, see the vSphere Host Profiles
documentation.
You start using vSphere Configuration Profiles by enabling the feature during cluster creation
or by transitioning to vSphere Configuration Profiles. You can switch from using host profiles to
enabling and using vSphere Configuration Profiles at any time. The change is permanent. That is,
if you switch to using vSphere Configuration Profiles, you cannot undo the transition.
For information about how to enable vSphere Configuration Profiles during cluster creation and
set a desired configuration for the cluster, see Enable vSphere Configuration Profiles During
Cluster Creation.
For information about how to switch from using legacy configuration management tools, such
as host profiles, to using vSphere Configuration Profiles, see Transition to Using vSphere
Configuration Profiles
n With vSphere 8.0 Update 1, you can use vSphere Configuration Profiles if you use vSphere
Distributed Switch for your cluster. Both, your vCenter Server instance and all ESXi hosts in
the cluster managed with a single image, must be of version 8.0 Update 1.
Note You can't manage the vSphere Distributed Switch configuration of the hosts in
a cluster with vSphere Configuration Profiles. You must use the workflows for managing
and configuring the vSphere Distributed Switches described in the vSphere Networking
documentation.
n You can't enable vSphere Configuration Profiles on a cluster with DPU-backed hosts.
n You can't enable vSphere Configuration Profiles if NSX is also enabled for the cluster.
Perform a remediation
or a draft pre-check of
the cluster configuration
When you enable vSphere Configuration Profiles during cluster creation, the cluster is created
with a default configuration and you must set up the desired cluster configuration by editing
its settings. For more information, see Enable vSphere Configuration Profiles During Cluster
Creation.
When you transition an existing cluster that you manage with a vSphere Lifecycle Manager image
to vSphere Configuration Profiles, you set up a desired cluster configuration and as a result of the
transitioning operation, all hosts in the cluster are compliant with the desired configuration. For
more information, see Transition to Using vSphere Configuration Profiles.
Starting with vSphere 8.0 Update 2, you can create a draft configuration and edit the
configuration settings directly in the vSphere Client. For more information, see Create a Draft
Configuration in vSphere Client.
n Check Host Compliance Against the Desired Configuration for the Cluster
The overall workflow for enabling vSphere Configuration Profiles and setting up a desired
configuration is the following:
1 Create a cluster. For more information, see Chapter 4 Creating and Managing vSphere
Lifecycle Manager Clusters.
Note Starting with vSphere 8.0 Update 2, you can use vSphere Client to create a draft
configuration and edit the host configuration settings for a cluster in the user interface.
After creating the draft configuration, edit the configuration settings to achieve
the desired configuration for the cluster. For more information, see Create a Draft
Configuration in vSphere Client and Edit the Host Settings of a Draft Configuration in
vSphere Client.
n Option 2: Export the configuration schema for the newly created cluster and use it to
create your own JSON configuration document, which you can import into the cluster.
The exported configuration schema document follows the JSON Schema format. You use
it to create and edit your own JSON configuration document in an external JSON editor
tool.
n Option 3: Export the default or the draft configuration document of the cluster, edit the
JSON file manually, and import it back into the cluster. You can also export and use the
default or the draft configuration schema for the cluster to facilitate yourself in editing the
desired configuration document.
n Option 4: Extract the settings from a host in the vCenter Server inventory and import
them into the newly created cluster to use them as the common desired configuration.
The transition workflow starts with eligibility checks on the cluster and hosts. If the cluster is
not eligible, the transition workflow cannot proceed. If the cluster is eligible, user can import a
configuration from a host in the cluster or from a JSON file. The configuration is then validated.
You can edit the configuration at this stage by using the export and import options. vSphere
Configuration Profiles runs a pre-check to ensure that the configuration can be applied to all
hosts. After you confirm the enablement of vSphere Configuration Profiles, eligibility checks are
re-run and the cluster is remediated against the configuration that you set up.
Starting with vSphere 8.0 Update 1, you can enable vSphere Configuration Profiles on a cluster
that uses a vSphere Distributed Switch. vSphere Configuration Profiles can't manage the vSphere
Distributed Switch configuration of the hosts in a cluster managed with a single image. To
manage any drifts related to the vSphere Distributed Switch configuration, you must use the
vSphere Distributed Switch workflows described in the vSphere Networking documentation.
Prerequisites
n Verify that if the cluster uses vSphere Distributed Switch, vCenter Server and all ESXi hosts in
the cluster are of version 8.0 Update 1.
n Verify that the cluster is managed with a single image, and not baselines.
n Verify that all hosts in the cluster are compliant with the image for the cluster.
n Verify that you have the required privileges for the transitioning operation. See Required
Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
The Check Cluster Eligibility for Transition task starts to check if the transition to using
vSphere Configuration Profiles is possible.
n To import the configuration of a reference a host within the cluster, click Import from
reference host, select the reference host, and confirm the import.
n To import the configuration from a JSON file that you created or edited, click Import
from file, locate the JSON file with the configuration that you want to import and
confirm the import.
The Validate Configuration for Transition task starts to ensure that the imported
configuration is valid and can be used as the desired configuration for the cluster.
b (Optional) Under Validate configuration, view the validation messages and edit the
imported configuration.
3 Click Import configuration to import the edited configuration back into the cluster.
c Click Next.
The Precheck Configuration for Transition tasks starts to ensure that the configuration
can be applied to all hosts successfully.
d Under Pre-check and apply, view pre-check details and remediation impact and click
Finish and apply.
e In the Finish and apply dialog box, confirm that you want to apply the configuration to all
hosts in the cluster.
vSphere Configuration Profiles is enabled for the cluster and the cluster is remediated
against the configuration you set up during this operation.
You can cancel the transition at any stage of the workflow. Later, if you did not discard the
changes that you made during the transition workflow, you can resume the transition and use
the configuration imported before canceling the transition operation. If you want to start the
whole process anew, discard all your changes. When you discard your changes, the imported
configuration is also deleted.
Results
The cluster now uses vSphere Configuration Profiles to manage the configuration of its hosts.
All hosts in the cluster are compliant with the desired configuration you set up during the
transitioning operation.
What to do next
View the current desired cluster configuration. For more information, see View Host Settings in
the Desired Configuration. You can also create a draft configuration and edit the host settings in
the vSphere Client. For more information, see Create a Draft Configuration in vSphere Client.
Starting with vSphere 8.0 Update 2, you no longer need to download the configuration
document to edit it. Instead, you can directly edit the current cluster configuration in the
vSphere Client. You create a working copy of the cluster configuration, called a draft, edit the
configuration settings, and apply your changes to the cluster in a single operation. For more
information, see Edit the Host Settings of a Draft Configuration in vSphere Client.
A valid configuration document contains a profile section and, optionally, a host-specific and
host-override sections.
n The profile section contains common configuration that is applicable to all hosts in the
cluster.
n The host-specific section represents configuration that can only be specified per host.
n The host-override section represents configuration that is overridden for a specific host in
the cluster.
The configuration document is backed by a JSON schema, which is not editable. The
configuration schema is a JSON file that represents the complete ESXi configuration. The schema
follows the JSON Schema format and contains the default values for all host properties. The
configuration schema is generated from the desired software specification defined in the image
for the cluster. The configuration schema changes when you change the software specification
for the cluster.
Prerequisites
n Verify that you have the required privileges for the export operation. See Required Privileges
for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
n To download the current configuration for the cluster, from the Export drop-down menu,
click Cluster configuration.
n To download the configuration schema for the cluster, from the Export drop-down menu,
click Cluster configuration schema.
A dialog box appears that prompts you to download the JSON file that contains the current
cluster configuration or the configuration schema.
4 Click Download.
Results
The current configuration document or the configuration schema is saved locally on your
machine.
What to do next
Edit the configuration document or use the configuration schema to create a new JSON file
with the desired host configuration for the cluster. Then, import the newly created or edited
configuration document into the cluster.
Prerequisites
n Verify that you have a working copy of the configuration created for the cluster.
n Verify that you have the required privileges for the export operation. See Required Privileges
for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
n To download the current draft configuration document for the cluster, click the horizontal
ellipses icon and select Export.
n To download the draft configuration schema for the cluster, click the horizontal ellipses
icon and select Export configuration schema.
A dialog box appears that prompts you to download the JSON file that contains the current
draft cluster configuration or the draft configuration schema.
4 Click Download.
Results
The current draft configuration document or the draft configuration schema is saved locally on
your machine.
What to do next
Edit the draft configuration document or use the draft configuration schema to create a new
JSON file with the desired host configuration for the cluster. Then, import the newly created or
edited draft configuration document into the cluster.
Prerequisites
n Verify that you have the required privileges for the extract operation. See Required Privileges
for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 On the Settings tab, click the Export drop-down menu and select Reference host
configuration.
4 Follow the prompts to download the configuration of the selected reference host.
You can activate the Show hosts from existing cluster toggle to narrow down the list of hosts
available in your vCenter Server to only the hosts available in the selected cluster.
Results
The configuration of a selected reference host is exported and downloaded to your local
machine as a JSON file.
What to do next
Import the downloaded JSON configuration into another cluster to reuse the configuration.
Alternatively, you can also edit the downloaded file first and then import it into the same or
different cluster.
With vSphere 8.0 Update 2, the common settings, the host-specific settings, and the host
overrides can be configured manually in the configuration document or in the vSphere Client. In
the vSphere Client, you can view both, the settings of the currently applied desired configuration
and the editable settings of the draft configuration of a cluster.
Prerequisites
n Verify that you have the required privileges for viewing host settings in the desired
configuration. See Required Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 On the Settings tab, view information about each setting defined in the current desired
configuration document.
c To view the common configuration for the selected setting, click Common configuration.
d To view host overrides for the selected setting, select Host overrides and select the host
for which you want to see the overrides.
What to do next
Create a draft cluster configuration and edit the host settings by clicking on the Go to the draft
tab to edit these settings link. For more information, see Create a Draft Configuration in vSphere
Client.
You can create only one draft configuration at a time for a cluster. When you finish making
changes to the host settings, you must run a remediation pre-check before applying the
changes to all host in the cluster and making your draft configuration the new desired cluster
configuration.
Note More than one user with the required privileges can create a draft configuration for
a cluster at the same time. When one of the users remediates the cluster with their draft
configuration making it the desired configuration for the cluster, the other users editing their
draft configurations for the same cluster will see an error message.
Prerequisites
n Verify that you are using vSphere Configuration Profiles for the cluster.
n Verify that you have the required privileges for the operation. See Required Privileges for
Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 On the Draft tab, choose the method of creating a draft configuration for the cluster.
Option Steps
Create a copy of the current cluster To create a working copy from the current cluster configuration, click Create
configuration draft.
n If you enabled vSphere Configuration Profiles during cluster creation, the
draft configuration contains the default settings of the cluster retrieved
from the desired cluster image.
n If you transition a cluster to using vSphere Configuration Profiles, the
draft configuration is created from the desired cluster configuration.
Import a configuration document a On the Draft tab, select Import from file.
into a cluster and edit it as a draft
The Import Configuration from File dialog box appears.
configuration
b Click Browse to locate the file that you want to import and click Import.
c Click Close.
Import the configuration from one of a On the Draft tab, select Import from host.
the hosts in the cluster
The Select reference host dialog box appears.
b Select one of the hosts listed for the cluster and click Import.
Results
You created a draft configuration of the cluster which you can use to edit the host settings in the
vSphere Client.
What to do next
You can edit the host settings within the draft configuration and remediate the cluster against
the draft configuration in a single operation. For more information, see Edit the Host Settings of a
Draft Configuration in vSphere Client.
Prerequisites
n Verify that you have a draft configuration created for the cluster.
n Verify that you have the required privileges for performing remediation. See Required
Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 On the Draft tab, navigate to the host setting that you want to edit.
Option Steps
Configure a common setting that has a On the Common settings tab, click Configure settings.
no existing configuration
The Edit dialog box appears.
b Select the common setting from the left sidebar and configure its value.
The settings of the selected item appear on the right of the Edit dialog
box.
c (Optional) Activate the Show advanced settings toggle, to view and edit
the advanced settings.
Edit a common setting that is a On the Common settings tab, navigate to the current configuration for
Option Steps
already configured the selected setting and select it from the tree on the left.
b Click Edit.
Option Steps
Delete a common setting a On the Common settings tab, select the setting you want to delete from
configuration the list of configured settings and click Delete.
b Click Delete setting to confirm the deletion of the setting configuration.
Add a host override for a configured a On the Host overrides tab, click the Add override drop-down menu and
common setting select an option.
n To add a host override by filtering the available hosts in the cluster
using their host names, click Add override by host name.
You can use this option to add a host override for a host that is not
currently part of the cluster.
b From the Show overrides for drop-down menu, select the host override
that you created.
The configured common setting with its value appear under the drop-
down menu.
c Select from the options for editing.
n To edit the current configuration of the common setting, click Edit.
Option Steps
Results
What to do next
You can view the changes between the current draft configuration and the desired configuration
of the cluster by clicking Show changes on the Draft tab. You can run a draft pre-check to
validate the draft configuration and ensure that it can be applied on all hosts in the cluster.
For more information, see Run a Remediation or a Draft Pre-Check. You can also remediate the
cluster against the draft configuration and make it the new desired cluster configuration. For
more information, see Remediate a Cluster Against the Desired or Draft Configuration.
You can import the configuration document of another cluster and reuse the configuration
defined in that other cluster. You can also import a configuration document that you manually
edited or created from scratch. You can also import the settings of one of the hosts available in
the cluster and use them as common settings for all hosts in the cluster.
Prerequisites
n Verify that you have a draft configuration created for the cluster.
n Verify that you have the required privileges for the import operation. See Required Privileges
for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
Import a JSON file a To import a configuration document, click the horizontal ellipses and
select Import from file.
Import the configuration of a a To import the configuration settings from a reference host in the cluster,
reference host in the cluster click the ellipses and select Import from host.
4 Click Close.
Results
The imported configuration settings become the new draft configuration for the entire cluster.
When you replace the settings in the draft configuration with the settings of a single host from
the cluster, these settings become the common settings for all hosts in the cluster. If a host in
the cluster has settings that differ from the new common settings for the cluster, the original host
settings are saved in the new draft configuration as host overrides.
What to do next
You can view the changes applied to the edited draft configuration of the cluster by clicking on
Show changes. You can also starts a draft pre-check to ensure that the configuration is valid and
to compute the remediation impact on all hosts in the cluster. Then you can remediate the cluster
to make all non-compliant hosts compliant.
When you create and edit a draft configuration, your changes are stored on vCenter Server.
When you delete your draft configuration, the changes you made will be permanently lost. If
another user creates a draft configuration for the same cluster, that draft configuration remains
unaffected when you delete your draft configuration. You can preserve your current cluster
configuration and continue editing the draft configuration settings only if you export the draft
configuration document. For more information, see Export the Draft Cluster Configuration or
Draft Cluster Configuration Schema.
Prerequisites
n Verify that you have the required privileges for viewing host settings in the desired
configuration. See Required Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
3 On the Draft tab, click the horizontal ellipses icon and select Discard draft.
Results
The draft configuration is permanently removed and you can no longer edit its settings.
What to do next
Create a new draft configuration if you want to edit the cluster configuration in the vSphere
Client. For more information, see Create a Draft Configuration in vSphere Client.
The Check Cluster Configuration Compliance task runs automatically when you add a host to the
cluster. You can manually run a compliance check only on the current desired configuration of
the cluster.
Starting with vSphere 8.0 Update 1, you can enable vSphere Configuration Profiles on a cluster
that contains hosts connected to a vSphere Distributed Switch. If you add a host connected to
a vSphere Standard Switch to a cluster that contains hosts connected to a vSphere Distributed
Switch, vSphere Configuration Profiles shows the added host as non-compliant. You must use the
vSphere Distributed Switch workflows to remediate the host and make the host compliant with
the desired cluster configuration. For more information about how to add a host to a vSphere
Distributed Switch, see the vSphere Networking documentation.
Note In vSphere 8.0 Update 1, vSphere Configuration Profiles does not manage the vSphere
Distributed Switch configuration of the hosts in a cluster managed with a desired configuration.
Prerequisites
n Verify that you have the required privileges for checking compliance. See Required Privileges
for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
The Check Cluster Configuration Compliance task starts. After the task finishes, a list of all
non-compliant hosts shows on the Compliance tab.
4 View the compliance results for each non-compliant host in the cluster.
An information panel appears on the right. You see the host settings and the respective
desired and current values that cause the noncompliance.
What to do next
With vSphere 8.0 Update 2, you can create a draft of the cluster configuration in the vSphere
Client and edit the configuration settings directly in the user interface. Before applying the draft
configuration on a cluster, you can run a draft pre-check.
During a remediation or a draft pre-check, vSphere Configuration Profiles runs various checks
on each host and the entire cluster to estimate and validate the impact of the desired or the
draft configuration on the current state of the hosts in the cluster. The remediation and draft
pre-checks also compute the remediation impact on the hosts.
With vSphere 8.0 Update 1, you can enable vSphere Configuration Profiles on a cluster that
has hosts connected to a vSphere Distributed Switch. If you add a host that is connected to a
vSphere Standard Switch to such cluster, the remediation pre-check returns an error and you
cannot remediate the cluster before you manually add this host to the vSphere Distributed
Switch. For more information about how to add a host to a vSphere Distributed Switch, see the
vSphere Networking documentation.
Prerequisites
n Verify that vCenter Server is of version 8.0 Update 1 or later, if you want to run a remediation
pre-check of the desired configuration.
n Verify that vCenter Server is of version 8.0 Update 2 or later, if you want to run a draft
pre-check.
n Verify that you have a draft configuration created, if you want to run a draft pre-check.
n Verify that you have the required privileges for running a remediation or a draft pre-check
task. See Required Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
n To run a draft pre-check of the edited cluster configuration, on the Draft tab, click Run
pre-check.
4 (Optional) Click the Operation Details tab to view details about the remediation or draft
pre-check operations.
The Operation Details tab gives summarized information or detailed information about the
remediation operation, the remediation pre-check, or the draft pre-check operations. Any
issues during those operations are also listed on the Operation Details tab.
What to do next
Fix all issues that are reported during the remediation or the draft pre-check and remediate the
cluster.
Starting with vSphere 8.0 Update 2, you can create a draft of the cluster configuration in the
vSphere Client and edit the configuration settings directly in the user interface. To make all hosts
in the cluster compliant with the draft configuration, you must apply it to the cluster. The apply
operation first sets the draft configuration as the new desired configuration for the cluster and
then remediates all hosts in the cluster against the new desired configuration.
Starting with vSphere 8.0 Update 1, you can enable vSphere Configuration Profiles on a
cluster that contains hosts connected to a vSphere Distributed Switch. You can't use vSphere
Configuration Profiles to manage the vSphere Distributed Switch configuration of the hosts
in the cluster. You must manually fix any drifts in the vSphere Distributed Switch networking
configuration of each non-compliant host in the cluster before you start the remediation task.
Prerequisites
n Verify that vCenter Server is of version 8.0 Update 1 or later, if you want to remediate a
cluster against the desired configuration.
n Verify that vCenter Server is of version 8.0 Update 2 or later, if you want to remediate a
cluster against a draft configuration.
n Verify that at least one of the hosts in the cluster is out of compliance with the desired
configuration.
n Verify that you have the required privileges for performing remediation. See Required
Privileges for Using vSphere Configuration Profiles.
Procedure
1 In the vSphere Client, navigate to a cluster that you manage with a single image.
n To remediate the cluster against the current desired configuration, on the Compliance
tab, click Remediate.
n To remediate the cluster against the draft configuration, on the Draft tab, click Apply
changes.
The Remediate wizard opens. A remediation pre-check task starts automatically to ensure
that remediation can run without issues.
4 On the Pre-check page, wait for the remediation pre-check to finish, view the pre-check
results and click Next.
5 On the Review Impact page, review the summary of the remediation impact on the cluster
and on each host individually.
7 (Optional) Click the Operation Details tab to view details about the remediation, the
remediation pre-check, or the draft pre-check operations.
The Operation Details tab gives summarized information or detailed information about the
remediation operation or the remediation and draft pre-check operations. Any issues during
those operations are listed on the Operation Details tab.
Results
All hosts in the cluster are compliant with the desired configuration.
Note More than one user with the required privileges can create a draft configuration for a
cluster at the same time. If one of the users remediates the cluster with their draft configuration,
the draft configuration becomes the new desired configuration for the cluster. In case another
user attempts to remediate the cluster with their draft configuration at the same time, the
remediation operation fails with an error. That user can either discard his draft configuration
and start anew, or export their current draft and import it at a later time.
When you back up a vCenter Server instance, you create a backup copy of all clusters in that
vCenter Server instance.
If for some reason you must restore the vCenter Server instance from the backup copy
you created, the restored vCenter Server instance contains cluster A. Because cluster A was
managed through baselines at the time when you backed up the vCenter Server system, the
restored vCenter Server instance contains cluster A, but you must again use baselines to manage
it.
If for some reason you must restore the vCenter Server system from the backup copy that you
created at time T, the restored vCenter Server instance contains cluster A, but the compliance
check lists the hosts in the cluster as incompatible with the image that cluster A uses. The reason
for the incompatibility is that after the restore operation, cluster A reverts back to using image
X with components Y, while the hosts in the cluster still run image X+1 with components Y+1.
Because you cannot downgrade ESXi, to make the hosts compliant with the cluster image, you
must upgrade the cluster to image X+1 with components Y+1.