ESXi is a handy piece of kit – A hypervisor with (currently) a free offering that allows you to virtualise a long list of system types. Whether it be for consolidation of resources, spinning up systems for testing, or running that bespoke application that isn’t supported on today’s hardware.
Like all operating environments, ESXi can benefit from updates that provide improved security posture, bug fixes, and improved features. Side note – Yes, updates also have the potential to introduce new bugs, vulnerabilities and performance issues. This is the case with all software releases; There is no such thing as bug-free software.
So, how do we update ESXi? While not an exhaustive list, we could:
- Use vCenter and its Update Manager plugin to manage the updates. This is helpful if you operate a significant environment, as the Update Manager helps automate the process. Not everyone has vCenter though.
- Download the updates manually from https://customerconnect.vmware.com/patch. This might be useful when you’re in a pinch, though it requires knowledge of which packages that you need.
- Download the latest ISO and reinstall ESXi. While effective, this is a little heavy-handed for a simple update task, though it has its place.
- Perform an update from ESXi using built-in capabilities.
We’ll take a look at the last option – Performing an update from the host itself. To proceed, we’ll assume that you’ve performed all of the required pre-update tasks:
- Taken required backups
- Switched to maintenance mode
- Moved and/or shutdown workloads
- Can log in to the ESXi host through SSH using a privileged account
Update prep
- Enable the ESXi host firewall to allow HTTP traffic:
- Log into the ESXi host using the console or SSH. Request the current software profile:
Online update
- List the available depot profiles that are available to you. This will take some time. You can filter the results by grepping for your major version. e.g.
grep -i ESXi-8.
- Kick-off the update process using the the desired package name from the list above as the target release. This activity will take a while, with output provided on completion of the command. Keep an eye out for a successful notification.
- Continue with post-update clean-up.
Offline update
- Download the offline update bundle from the Broadcom support site
- Log in to the Broadcom Support portal.
- Use the dropdown next to Username and select VMware Cloud Foundations.
- On the left hand side menu, click My Downloads.
- In the search bar in the upper right side of the page enter “VMware vSphere”
- Choose VMware vSphere
- Note: Do not select “vCenter Server”.
- Under the Solutions Tab, choose the user entitlement for VMware vSphere (e.g. click on VMware vSphere – Enterprise).
- Select the major version of vSphere required.
- Find and download the desired version of ESXi in the list.
- Copy the update bundle to a datastore on the ESXi host.
- Validate the update by listing the contents of the bundle:
- Perform a dry-run of the update:
- Enable maintenance mode:
- Perform the update:
- Disable maintenance mode:
- Continue with post-update clean-up.
Update clean-up
- Disable HTTP traffic firewall policy and reboot the system. When the system returns, query the current software profile to validate the status of the update:
- Now it’s just testing, verification and return to service.