Information Technology Reference
In-Depth Information
Figure 4.24
VUM can show
partial compli-
ance when viewing
objects that contain
other objects.
VUM can report an object as Incompatible for a number of reasons. In this particular case,
VUM is reporting two objects as Incompatible when scanning for VMware Tools. Taking a
closer look at Figure 4.24, you can see that these two objects are a VM named TTYLinux and a
virtual appliance named vMA. The VM is reported as Incompatible because this is a fresh VM
with no guest OS installed yet, and the vMA is reporting Incompatible because it is a virtual
appliance running the OSP VMware Tools, which is not intended to be managed by the
vSphere Client.
Depending on the type of scan you are performing, scans can be fairly quick. Scanning a
large group of VMs for VMware Tools upgrades or VM hardware upgrades may also be fairly
quick. Scanning a large group of hosts for patches, on the other hand, might be more time con-
suming and more resource intensive. Combining several tasks at the same time can also slow
down scans while they run concurrently. You can consult VMware's latest copy of the vSphere
Coni guration Maximums document for version 5.5, which lists the maximum number of con-
current VUM operations possible.
After the scanning is complete and compliance is established, you are ready to i x the non-
compliant systems. Before we discuss remediation, let's i rst look at staging patches to ESX/ESXi
hosts.
Staging Patches
If the target of remediation—that is, the object within vCenter Server that you are trying to
remediate and make compliant with a baseline—is an ESX/ESXi host, an additional option
exists. VUM offers the option of staging patches to ESX/ESXi hosts. Staging a patch to an ESX/
ESXi host copies the i les across to the host to speed up the actual time of remediation. Staging is
not a required step; you can update hosts without staging the updates i rst, if you prefer. VUM
won't stage patches to a PXE-booted ESXi host such as a host provisioned via standard Auto
Deploy (although it will stage patches to hosts using
stateful
Auto Depoy).
Staging host patches is particularly useful for companies whose VUM-connected hosts are
spread across slow WAN links. This can substantially reduce the outage required on such sites,
especially if the WAN link is particularly slow or the patches themselves are very large. Hosts
do not need to be in maintenance mode while patches are being staged, but they do during
the remediation phase. Staging patches reduces the maintenance mode period associated with
remediation. Staging patches also allows the uploads to be scheduled for a time when heavy
