VMware vSphere® vSphere Lifecycle Manager enables centralized and simplified lifecycle management for VMware ESXi hosts through the use of images and baselines.

What Is Lifecycle Management?

Lifecycle management refers to the process of installing software, maintaining it through updates and upgrades, and decommissioning it.

In the context of maintaining a vSphere environment, your clusters and hosts in particular, lifecycle management refers to tasks such as installing ESXi and firmware on new hosts, and updating or upgrading the ESXi version and firmware when required.

vSphere Lifecycle Manager General Overview

vSphere Lifecycle Manager is a service that runs in vCenter Server and uses the embedded vCenter Server PostgreSQL database. No additional installation is required to start using that feature. Upon deploying the vCenter Server appliance, the vSphere Lifecycle Manager user interface becomes automatically enabled in the HTML5-based vSphere Client.

vSphere Lifecycle Manager encompasses the functionality that Update Manager provides in earlier vSphere releases and enhances it by adding new features and options for ESXi lifecycle management at a cluster level.

In vSphere releases earlier than 7.0, Update Manager provides you with the ability to use baselines and baseline groups for host patching and host upgrade operations. Starting with vSphere 7.0, vSphere Lifecycle Manager introduces the option of using vSphere Lifecycle Manager images as an alternative way to manage the lifecycle of the hosts and clusters in your environment. You can also use vSphere Lifecycle Manager to upgrade the virtual machine hardware and VMware Tools versions of the virtual machines in your environment.

vSphere Lifecycle Manager can work in an environment that has access to the Internet, directly or through a proxy server. It can also work in a secured network without access to the Internet. In such cases, you use the Update Manager Download Service (UMDS) to download updates to the vSphere Lifecycle Manager depot, or you import them manually.

vSphere Lifecycle Manager Operations

The basic vSphere Lifecycle Manager operations are related to maintaining an environment that is up-to-date and ensuring smooth and successful updates and upgrades of the ESXi hosts.
Operation Description
Compliance Check An operation of scanning ESXi hosts to determine their level of compliance with a baseline attached to the cluster or with the image that the cluster uses. The compliance check does not alter the object.
Remediation Pre-Check An operation that you perform before remediation to ensure that the health of a cluster is good and that no issues occur during the remediation process.
Remediation An operation of applying software updates to the ESXi hosts in a cluster. During remediation, you install software on the hosts. Remediation makes a non-compliant host compliant with the baselines attached to the cluster or with the image for cluster.
Staging An operation that is available only for clusters that you manage with baselines or baseline groups. When you stage patches or extensions to an ESXi host, you download patch and extension VIBs to the host without applying them immediately. Staging makes the patches and extensions available locally on the hosts.

The vSphere Lifecycle Manager Depot

Several components make up vSphere Lifecycle Manager and work together to deliver the vSphere Lifecycle Manager functionality and coordinate the major lifecycle management operations that it provides for. The vSphere Lifecycle Manager depot is an important component in the vSphere Lifecycle Manager architecture, because it contains all software updates that you use to create vSphere Lifecycle Manager baselines and images. You can use vSphere Lifecycle Manager only if the vSphere Lifecycle Manager depot is populated with components, add-ons, base imаges, and legacy bulletins and patches.

For more information about software updates, see Bulletins, Components, Add-Ons, and ESXi Base Images.

For more information about the vSphere Lifecycle Manager depot, see Working with the vSphere Lifecycle Manager Depot.

Secure Hashing and Signature Verification in vSphere Lifecycle Manager

vCenter Server performs an automatic hash check on all software that vSphere Lifecycle Manager downloads from online depots or from a UMDS-created depot. Similarly, vCenter Server performs an automatic checksum check on all software that you manually import into the vSphere Lifecycle Manager depot. The hash check verifies the sha-256 checksum of the downloaded software to ensure its integrity. During remediation, before vSphere Lifecycle Manager installs any software on a host, the ESXi host checks the signature of the installable units to verify that they are not corrupted or altered during the download.

When you import an ISO image into the vSphere Lifecycle Manager depot, vCenter Server performs an MD5 hash check on the ISO image to validate its MD5 checksum. During remediation, before the ISO image is installed, the ESXi host verifies the signature inside the image.

If an ESXi host is configured with UEFI Secure Boot, the ESXi host performs full signature verification of each package that is installed on the host every time the host boots. For more information, see the vSphere Security documentation.

vSphere Lifecycle Manager Scalability

For information about the scalability that vSphere Lifecycle Manager supports, visit the VMware Configuration Maximums Matrix at https://configmax.vmware.com/.