Virtualization

Easily upgrade VMWare vSphere Hypervisor (ESXi)

Vincent Danen shows you how to upgrade the VMware vSphere Hypervisor using on the freely available tools.

I enjoy playing with a lot of different virtualization technologies. I've been using VMware since it was one of the only games in town, back with VMware Workstation, and thoroughly enjoy using various products from VMware's portfolio. I've used Workstation, Player, Server, and Fusion. I've also used various other virtualization technologies like Parallels, OpenVZ, VirtualBox, and KVM.

Recently, I had some spare hardware and wanted to give VMware vSphere Hypervisor (formerly known as VMware ESXi) a spin, based on a good friend's recommendation. vSphere Hypervisor (we'll call it ESXi for short from this point forward) is the free version of VMWare's vSphere product. Essentially, if you have hardware that you don't need to run a host OS on (like Linux or Windows), and only want that hardware to run virtual machines, ESXi may be something to look at.

ESXi is a Linux kernel and some management tools and services to run the virtual infrastructure, so when it boots up, there is nothing to log into aside from a management console used only for trouble-shooting and setting up the remote management console. The major difference between VMware Server, other virtualization solutions, and ESXi are that applications are run on top of a host operating system, whereas with ESXi, the host is the operating system.

Of course, ESXi is the teaser to get you to pay the big bucks for VMware vSphere, and it shows. Unless you really want to learn the ins and outs of what is an overly complex virtualization solution, you almost need to pay for the support and extra tools that the paid solutions offer. I found this out when trying to apply security patches to ESXi.

There are products to pay for that will assist in upgrading the "firmware" of the ESXi hypervisor. Trying to do this on your own is definitely doable, and actually quite easy to do, if you can find the instructions to do it.

How to upgrade the firmware without the paid products

The primary way to manage an ESXi system is via Windows. To this end, you will need the VMware vSphere CLI package (available from the VMware website) installed as well as the vSphere GUI client. Both are available for Windows; however, only the first is also available for Linux. The GUI client will not allow you to upgrade the firmware of ESXi, which is why you need the CLI tools (but you do need the GUI client to manage/shutdown/suspend the virtual machines in order to do the upgrade). So, because the client only runs on Windows, you will either need a Windows system available, or a virtualized Windows install on another machine that is separate from the ESXi host.

While VMware does offer for-pay products to assist in upgrading the "firmware" of the ESXi hypervisor, you don't really need them (unless you have a large amount of ESXi hosts to manage and want the time-saving convenience). Doing the firmware upgrade on your own is easy enough to do with the freely available GUI and CLI tools. Finding the instructions to make it work, on the other hand, is not nearly as easy as the process itself.

When you have the vSphere CLI installed, you can access the necessary Command Prompt application from Start | All Programs | VMware | VMware vSphere CLI | Command Prompt.

Before proceeding with the patch, you will need to put the ESXi host into Maintenance Mode via the GUI client. Before putting it into Maintenance Mode, you will need to either shut down or suspend the virtual machines running on the host (or migrate them to another host). Once the ESXi host is in Maintenance Mode, in the CLI Command Prompt, type:

> cd bin
> vihostupdate.pl -i -bundle [path_to_patch].zip -url https://[IP_of_ESXi_host]/sdk/webservice

The patch ZIP file is what you would have downloaded from VMware's site in response to a security patch being made available. This will also work when upgrading from one version to the next, such as 4.0 to 4.1.

When the above two commands are typed in, you will be asked for the administrative account's username and password. When these are successfully provided, you will see feedback regarding the uploading of the patch, and then it will instruct you to reboot the ESXi host. Your GUI connection to the host should still be active, so at this point you can use the GUI to reboot the system. Once it has rebooted, re-connect the GUI client to the server, and exit Maintenance Mode.

When it comes right down to it, upgrading ESXi is pretty straightforward, but you won't find that information buried in hundreds of pages of downloadable documentation, nor will you find an easy-to-understand KBase article on VMware's site providing these simple instructions.

It's up to you to determine whether or not running ESXi on bare metal with virtual machines is better than running a standard operating system, such as a lightweight Linux distribution with KVM. The management console for ESXi is really quite nice, but I also think it's overly complex. Having said that, this isn't a recommendation on what virtualization system to use, but rather an easy tip on how to upgrade ESXi if that is what you have chosen to use.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

16 comments
Mike Barron
Mike Barron

"Unless you really want to learn the ins and outs of what is an overly complex virtualization solution, you almost need to pay for the support and extra tools that the paid solutions offer." I would sure like to know why vSphere is an overly complex solution. I'm the sole administrator of smaller 98% virtualized environment using vSphere 4 and the management couldn't be more straightforward.

dold
dold

"ESXi is a Linux kernel and some management tools and services to run the virtual infrastructure," Not! It's not overly obvious, not mentioned in the FAQ, but buried somewhere is the clue that ESXi is really a micro-kernel, not particularly related to Linux, intended for VARS to embed into bootable firmware on dedicated VMWare ESXi platforms. If you think of the ESXi that you just loaded as a firmware emulator, and not a Linux kernel, you will be less dissapointed when trying to find alternate ways to use it. I danced through lots of hoops on the web about alternate installs on hardware that isn't listed before I used VMWare Go to install it. I installed Win2008 on my spare box, then used VMWare Go on a nearby machine to install to the target box. Runs fine, just doesn't recognize my CDROM.

halibut_z
halibut_z

I was surprised at the lack of understanding of the vmware stack. Firstly it is not a linux kernel, and secondly it does not compare to the size of the other Hypervisor systems that you point too. VMware's ESXi is an extremely small kernel with a busybox linux console for direct access. They are added in but not required. I was disappointed with the final paragraph touting that Red Hat KVM's being a better solution, but I guess if I worked for one of the vendors as well I guess I would be biased too.

gechurch
gechurch

I've inherited a few clients that run ESXi, and I must say I find the management through Vsphere to be complexin parts. The main problem I see is poor performance. I have had quite a few VM guest run hopelessly (almost unusably) slow. If I look at the guest OS the CPU usage is often aroun 3-4GB and CPU usage is at 100%. If I look in Vsphere CPU usage is about 400Mhz or less and RAM usage is about 400MB. This happens one hosts that only run one guest VM, the guest has the VM Tools installed and the hardware is compatible. Any idea why this may be? I suspect HDD access might be the problem. A lot of these hosts are for very small companies, and run on low-end hardware (as low as 2x SATA drives plugged into RAID ports on the motherboard). It also happens on machines with a dedicated RAID card and BBWC. I haven't found any way in Vsphere to see hard drive access.

simon.smith
simon.smith

I totally agree with halibut_z. What a strange article. It is not Linux, but a 32Mb VM OS with busybox. ~ # uname -a VMkernel *****.****.com 4.1.0 #1 SMP Release build-260247 May 18 2010 16:41:04 x86_64 unknown ... ~ # busybox BusyBox v1.9.1-VMware-visor-klnext-2965 (2010-04-19 12:53:48 PDT) multi-call binary Copyright (C) 1998-2007 Erik Andersen, Rob Landley, Denys Vlasenko and others. Licensed under GPLv2. See source distribution for full notice. Also, one command? Come on!! what about esxtop? Or the glories of /etc/services.sh !! Anyone that doesnt use VMWare given the choice needs their head looked at.

vdanen
vdanen

Interesting. Does not ESXi first boot a Linux kernel before the vmkernel? How is the statement "ESXi is a Linux kernel and some management tools and services to run the virtual infrastructure" incorrect? I'm not sure what you mean by "added in but not required" though. I don't recall getting a choice as to install busybox or not. I think you misinterpreted the last paragraph. I didn't say that KVM was better, I also didn't say it was worse. It's not for me to say which is better. What I said was that it was up to the reader to decide whether a lightweight distro running KVM was better than running ESXi; it wasn't an endorsement for KVM, but simply referring to it as a competing product (I could have used VirtualBox there instead, for instance). Indeed, you do have surprising insight. =)

halibut_z
halibut_z

looking in the performance graphs for the disk access? I usually watch read and write latency on those graphs.

halibut_z
halibut_z

I guess the comment did come across a little crass. I apologize for that. I have gone through many courses and worked with the VMware product for quite some time now and learned that their kernel is not a Linux Kernel. It has been wrongly assessed as a Linux kernel since early in the version 2 of the product. It is a VMware developed kernel and is scaled to be small enough to fit on a chip. No, ESXi does not load a linux kernel before the vmkernel and if you are able to look at the partitioning of an ESXi installation you can see the busybox installation runs as a VM. In earlier versions, it was hidden and kept there only as a tech support mode. With the ending of the ESX with full console line VMware allows it for those admins like me that prefer running in the console. You are correct you don't get an option to install it but it is there for management. I am not sure when that part may disappear in exchange for the vMA type of interface, but I can imagine it will.

powellwi
powellwi

The free version of ESXi includes a GUI update process called vSphere Host Update Utility, it can be download from the ESXi host along with the vSphere Client utility. It can be used to apply security updates, firmware updates, as well as ESXi version updates.

gechurch
gechurch

That's an incredibly kind offer to make to someone on the other side of the world that you don't know! Thank you. I probably won't take you up on it though. They're not a priority at the moment - they work well enough, even though I think they are slower than they should be. I did figure one out - it was an HP ML110 machine (HP's lowliest server) running ESXi with one guest(Server 2003, with 4GB RAM allocated to it). I later found out the server only had 2GB of physical RAM! No points for figuring out what the fix there was. Also, I don't like wasting other people's time if I haven't done enough homework, and I definitely haven't yet. I've got a couple of Vmware books on my bookshelf staring at me.

halibut_z
halibut_z

I have found the opposite for myself. Every time I try to administer a Hyper-V box I get frustrated with the lack of features and tools.

gechurch
gechurch

I think I did, but for some reason they weren't useful. I only used Vmware for the first time when I took over these servers so don't know them very well, and haven't got a baseline for what values a working host looks like. It was probably my shortcoming rather than the inability of Vsphere to show me what I need. That said, I have used HyperV and that seems to Just Work where ESXi installs on the same hardware struggle.

gechurch
gechurch

The whole time I was reading this article I was thinking "why not just use the built in Host Update Utility?", so thanks for explaining this is now outdated.

vdanen
vdanen

Wow, I thought for a second there that I had missed something rather big. Kind of annoying it was there in 4.0 (which I've never used), but missing in 4.1.

powellwi
powellwi

You are correct and I should have specified that I am using 4.0u2. It appears moving forward that VMware is eliminating functionality in the free version of ESXi. Currently we only use ESXi in our lab and I have told our CIO that we will need to purchase at the minimum Essentials if we want to support production systems.

m.i.k.e
m.i.k.e

The HUU was only available with vSphere 4.0 and only works for patching 4.0. But as of 4.1, it has been discontinued, and will not work to upgrade to or past ESXi 4.1. The 4.1 upgrade, on my hosts, required a command such as: cd bin vihostupdate.pl -i --server 10.5.10.10 --username --password -b "D:\upgrade-from-ESXi4.0-to-4.1.0-0.0.260247-release.zip" It then prompts for the username and then password, and performs the upgrade.

Editor's Picks