VMware vSphere® vSphere Lifecycle Manager enables centralized and simplified lifecycle management for VMware ESXi hosts through the use of images and baselines.
Lifecycle Management in vSphere
Lifecycle management refers to the process of installing software, maintaining it through updates and upgrades, and decommissioning it.
In the context of maintaining a vSphere environment, your clusters and hosts in particular, lifecycle management refers to tasks such as installing ESXi and firmware on new hosts, and updating or upgrading the ESXi version and firmware when required.
vSphere Lifecycle Manager Overview
vSphere Lifecycle Manager is a service that runs in vCenter Server and uses the embedded vCenter Server PostgreSQL database. No additional installation is required to start using that feature. Upon deploying the vCenter Server appliance, the vSphere Lifecycle Manager user interface becomes automatically enabled in the HTML5-based vSphere Client.
vSphere Lifecycle Manager encompasses the functionality that Update Manager provides in earlier vSphere releases and enhances it by adding new features and options for ESXi lifecycle management at a cluster level.
In vSphere releases earlier than 7.0, Update Manager provides you with the ability to use baselines and baseline groups for host patching and host upgrade operations. Starting with vSphere 7.0, vSphere Lifecycle Manager introduces the option of using vSphere Lifecycle Manager images as an alternative way to manage the lifecycle of the hosts and clusters in your environment. You can also use vSphere Lifecycle Manager to upgrade the virtual machine hardware and VMware Tools versions of the virtual machines in your environment.
vSphere Lifecycle Manager can work in an environment that has access to the Internet, directly or through a proxy server. It can also work in a secured network without access to the Internet. In such cases, you use the Update Manager Download Service (UMDS) to download updates to the vSphere Lifecycle Manager depot, or you import them manually.
vSphere Lifecycle Manager Operations
Operation | Description |
---|---|
Compliance Check | An operation of scanning ESXi hosts to determine their level of compliance with a baseline attached to the cluster or with the image that the cluster uses. The compliance check does not alter the object. |
Remediation Pre-Check | An operation that you perform before remediation to ensure that the health of a cluster is good and that no issues occur during the remediation process. |
Remediation | An operation of applying software updates to the ESXi hosts in a cluster. During remediation, you install software on the hosts. Remediation makes a non-compliant host compliant with the baselines attached to the cluster or with the image for cluster. |
Staging | An operation that reduces the time ESXi hosts spend in maintenance mode. When you stage an image or baseline to an ESXi host, vSphere Lifecycle Manager downloads the respective bulletins or components from the vSphere Lifecycle Manager depot to the host without applying them immediately. Staging makes the components, patches, and extensions available locally on the hosts. You can choose to remediate the hosts at a later time, not immediately after staging. |
The vSphere Lifecycle Manager Depot
Several components make up vSphere Lifecycle Manager and work together to deliver the vSphere Lifecycle Manager functionality and coordinate the major lifecycle management operations that it provides for. The vSphere Lifecycle Manager depot is an important component in the vSphere Lifecycle Manager architecture, because it contains all software updates that you use to create vSphere Lifecycle Manager baselines and images. You can use vSphere Lifecycle Manager only if the vSphere Lifecycle Manager depot is populated with components, add-ons, base images, and legacy bulletins and patches.
For more information about software updates and how they are distributed, see Software Packaging Units That vSphere Lifecycle Manager Can Consume.
For more information about the vSphere Lifecycle Manager depot, see The vSphere Lifecycle Manager Depot.
Secure Hashing and Signature Verification in vSphere Lifecycle Manager
vCenter Server performs an automatic hash check on all software that vSphere Lifecycle Manager downloads from online depots or from a UMDS-created depot. Similarly, vCenter Server performs an automatic checksum check on all software that you manually import into the vSphere Lifecycle Manager depot. The hash check verifies the sha-256 checksum of the downloaded software to ensure its integrity. During remediation, before vSphere Lifecycle Manager installs any software on a host, the ESXi host checks the signature of the installable units to verify that they are not corrupted or altered during the download.
When you import an ISO image into the vSphere Lifecycle Manager depot, vCenter Server performs an MD5 hash check on the ISO image to validate its MD5 checksum. During remediation, before the ISO image is installed, the ESXi host verifies the signature inside the image.
If an ESXi host is configured with UEFI Secure Boot, the ESXi host performs full signature verification of each package that is installed on the host every time the host boots. For more information, see the vSphere Security documentation.
vSphere Lifecycle Manager Scalability
For information about the scalability that vSphere Lifecycle Manager supports, visit the VMware Configuration Maximums Matrix at https://configmax.vmware.com/.