VMware announced on September 22th, 2017 that they are committed to monthly patches on the vSphere vCenter appliance, and we have to check the latest security updates and patches in VMware Security Advisories. Rally this is an excellent change from a security perspective as historically, VCSA patches when running on SuSE were not released that often, and VMware is committed to using Photon OS in just about all the appliances that are being deployed with various products now.VMware has documented in their security response policy that patch releases will be based on the vulnerability severity. Let’s take a look at how to install VMware VCSA vCenter appliance security patches.
Install VMware VCSA Security Patches GUI
The method that most will be familiar with in patching a VCSA appliance is from the GUI interface.
Browsing out to the web interface https://<vcenter IP>:5480, then follow the below steps.
Click on the update from the left ribbon.
Click on check updates to collect the latest updates then click on stage and install to install the selected update as below.
Accept EULA, then click Next.
Select Join VMware CEIP, and click Next.
You should take a backup before starting patch vCenter appliance.
Waiting sometimes to complete downloading and installation of a security patch.
After the update is finished, you will see the message that a reboot is required to complete the installation, but some updates do not need a reboot.
Install VMware VCSA Security Patches Command Line
The robust way to install patches to VMware VCSA appliance is a command line. We can pull the updates directly from the VMware online repository as well. We can find the URL for patching from the online repository by logging into the VCSA GUI interface https://<vcenter IP>:5480 and choosing Update >> Settings.
Under the Repository Settings, we will see the URL for the online repository (https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/22.214.171.12400.latest/) we can copy that and use it from the command line.
Login via SSH to the VCSA appliance. We will use the software-packages install –URL command to stage and install the patches. We use the URL we copied from the GUI interface Update settings in shell mode.
> software-packages install --url https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/126.96.36.19900.latest/
ِAfter click enters, just press enter multi times to accept all EULA points, then inster yes and click enter.
This step will take at least two hours, so after completing the update and install patch the appliance will show this message (Packages upgraded successfully, Reboot is required to complete the installation), and as we mentioned before some patches do not need a reboot.
Thanks for Reading!