You can check for and install patches either from an ISO image or directly from a repository URL.

Important: The services running in the vCenter Server appliance become unavailable during the installation of the patches. You must perform this procedure during a maintenance period. As a precaution if there is a failure, you can back up the vCenter Server. For information on backing up and restoring vCenter Server, see vCenter Server Installation and Setup.

Prerequisites

  • Log in to the vCenter Server Management Interface as root.

  • Before you can install available patches, you check for new patches and stage the patches to the vCenter Server appliance. See Check for and Stage Patches to the vCenter Server Appliance.

  • If you are patching the appliance from an ISO image that you previously downloaded from https://my.vmware.com/group/vmware/patch, you must attach the ISO image to the CD/DVD drive of the vCenter Server appliance. You can configure the ISO image as a datastore ISO file for the CD/DVD drive of the appliance by using the vSphere Client. See vSphere Virtual Machine Administration.

  • If you are patching the appliance from a repository URL, verify that you have configured the repository settings and that the current repository URL is accessible. See Configure the Repository for URL-Based Patching.

  • Create an image-based backup and take a powered-off snapshot of the vCenter Server Appliance you are patching as a precaution in case there is a failure during the patching process.

Procedure

  1. In the vCenter Server Management Interface, click Update.
    In the Current version details pane, you can view the vCenter Server version and build number.

    In the Available updates pane, you can view the available updates with update priority and severity.

    The update priority indicates how soon you must install the update. The values include:
    • HIGH - Install as soon as possible.
    • MEDIUM - Install at the earliest convenience.
    • LOW - Install at your discretion.
    The Update severity defines the severity of the issues fixed in the update. The values include the following:
    • CRITICAL - Vulnerabilities that can be exploited by an unauthenticated attacker from the Internet or those that break the guest/host Operating System isolation. The exploitation results in the complete compromise of confidentiality, integrity, and availability of user data and/or processing resources without user interaction. Exploitation could be leveraged to propagate an Internet worm or execute arbitrary code between Virtual Machines and/or the Host Operating System.
    • IMPORTANT - Vulnerabilities that are not rated critical but whose exploitation results in the complete compromise of confidentiality and/or integrity of user data and/or processing resources through user assistance or by authenticated attackers. This rating also applies to those vulnerabilities which could lead to the complete compromise of availability when exploitation is by a remote unauthenticated attacker from the Internet or through a breach of virtual machine isolation.
    • MODERATE - Vulnerabilities where the ability to exploit is mitigated to a significant degree by configuration or difficulty of exploitation, but in certain deployment scenarios could still lead to the compromise of confidentiality, integrity, or availability of user data and/or processing resources.
    • LOW - All other issues that have a security impact. Vulnerabilities where exploitation is believed to be extremely difficult, or where successful exploitation would have minimal impact.
  2. Select the range of staged patches to apply and click Install.
    Important: Some updates might require a reboot of the system. You can see information about these updates in the Available Updates pane.
  3. Read and accept the End User License Agreement.
  4. A system pre-check verifies that the patches can be successfully installed with the provided information.
    If the pre-check discovers missing or incorrect information, or other problems preventing a successful installation, you are prompted to correct the problem and resume the installation.
  5. After the installation finishes, click OK.
  6. If the patch installation requires the appliance to reboot, click Summary, and click Reboot to reset the appliance.

Results

In the Available Updates pane, you can see the changed update status of the vCenter Server appliance.