Introduction

This document guides ensuring successful patching and updates in a VMware vSphere environment, outlining key considerations before, during, and after the patching process.

Key Sections and Summaries

1. Preparation

Before initiating the patching process, several preparatory steps must be taken:

• Ensure Access to Accounts: Verify that VCSA root and SSO administrator accounts are accessible. The VCSA root account locks after 90 days of inactivity.
• Ensure Access to ESXi: Direct access to ESXi hosts is required for snapshots and troubleshooting.
• Check DNS & NTP: Validate correct DNS and NTP configurations to prevent issues.
• Resolve Alarms & Health Warnings: Address any vCenter Server or vSAN health check alarms that might interfere with patching.
• Check Firewall Rules: Validate firewall rules, particularly if using the Reduced Downtime Upgrade feature in vCenter Server 8.0.2+.
• Manage DRS Rules for Key Components: Group key VMs (like vCenter, KMS, DNS, and AD) on a designated ESXi host for easier recovery.
• Backup vCenter Server & Export Configurations: Perform file-based backups and export Distributed Switch configurations.
• Stage Update Payloads: Preload update files to avoid network-related failures.
• Deactivate vCenter HA: If enabled, disable vCenter HA before patching.
• Run Pre-Update Checks: Utilize the “Run Pre-Update Checks” option in the vSphere Appliance Management Interface (VAMI).

2. Execution:

During the patching process, the following best practices should be observed:

• Proactive Reboot: Restart vCenter Server and related services beforehand to confirm stability.
• Take Powered-Off Snapshots: Capture snapshots of vCenter Server and Platform Services Controllers.
• Set DRS to Partially Automated Mode: Reduce automatic migrations for more control.
• Deactivate vSphere HA: Temporarily disable HA to avoid unintended host restarts.
• Follow the Correct Order: Update vCenter Server first, followed by ESXi hosts.

3. Post-Upgrade Steps

After the upgrade, restore functionality and validate the system:

• Re-enable DRS & HA: Restore cluster configurations.
• Re-enable vCenter HA: If previously deactivated, restore HA settings.
• Delete Snapshots: Remove snapshots to avoid performance issues.
• Clear Browser Cache: Prevent UI inconsistencies in vSphere Client.
• Reset and Store New Passwords: Ensure all credentials are updated.
• Create Fresh Backups: Capture post-upgrade backups.

4. People & Process Considerations

• Communicate Patching Implications: Inform non-technical stakeholders about expected downtime.
• Establish Maintenance Windows: Schedule patches during predefined maintenance periods.
• Reduce vMotion Resistance: Encourage workload mobility for smoother operations.
• Use ITIL Change Management Principles: Categorize patches to align with organizational change management frameworks.

5. System Design Best Practices

• File-Based Backup & Restore: Use vCenter’s built-in file-based backup for quick recovery.
• Proper HA Isolation Address Configuration: Ensure HA settings are optimized.
• Minimize vCenter Server Plugins: Unnecessary plugins may impact performance and stability.
• Reduce Additional VIBs on ESXi Hosts: Minimize additional drivers and software for a leaner host setup.
• Limit Use of Enhanced Linked Mode: Reducing dependency on linked mode improves resilience.
• Ensure N+1 Cluster Resources: Guarantee sufficient capacity in the cluster to handle host failures.

Conclusion

The document provides a structured approach to patching VMware vSphere with a focus on preparation, execution, and post-upgrade best practices. Following these guidelines ensures minimal downtime, smooth upgrades, and system stability.