How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1f (VCSA 6.5 U1f) for Meltdown/Spectre-1 mitigation
Important Update - On Mar 20 2018, VMware VMSA-2018-0004.3 announced that CVE-2017-5715 (Spectre-2) mitigation is now included in the latest patch that you should be using instead of the older patch featured in the original article below. You'll find the newer article here:
- How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) with Spectre mitigation
Article below as it originally appeared.
Meltdown and Spectre loom large this year, and this article outlines how simple Meltdown/Spectre-1 mitigation is. But first, you should do your homework.
1) Read VMSA-2018-0007.1
- VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution
Because CVE-2017-5753 (Meltdown) is considered by some to be the most severe/exploitable of the issues, we did not want to wait for CVE-2017-5715 (Spectre-2) mitigations while Spectre-1/Meltdown fixes were ready to ship. We also understand that some customers may want to delay updating until all mitigations are in place. While we strongly recommend taking updates as soon as they become available, we wanted to be transparent about the fact that more updates are on the way.
2) Read the Release Notes
You'll also want to carefully read the VMware vCenter Server 6.5 Update 1e Release Notes, since there currently seems to be no 1f release notes page. It contains all sorts of details you'll want to be aware of before upgrading, especially if you're running a production environment.
For those of you with VCSA 6.5.x already installed, the simple VAMI update method also means you won't need to bother logging in to the "My VMware" portal to download the
VMware-VCSA-all-6.5.0-7119157.iso from the Download Page for:
VMware-VCSA-all-6.5.0-7119157.iso | Release Date: 2017-11-14 | Build Number: 7119157
This upgrade is also known as version 126.96.36.19900 or 6.5U1f or Build 7801515, as seen in the vCenter Server Appliance Management Interface (VAMI), as pictured above this article. I have a screenshot and video of the process below.
- Create a snapshot of your VCSA appliance first, or at least do a backup using whatever VM backup software you prefer, or even the backup abilities of the VCSA appliance itself.
- Log in to your VCSA using VCSA VAMI (vCenter Server Appliance Management Interface) (aka Appliance Management User Interface) using the steps seen in the clear screenshot below.
- Click on Summary, then choose Reboot, click Yes.
- Test that vSphere Client is functioning properly, to know whether VCSA is working. It might be best to also verify that vSphere Web Client is also fully operational.
- In vSphere Client, select the VCSA appliance and right-click on it, then choose Snapshots, Manage Snapshots, DELETE ALL, then click on DONE.
- Meltdown and Spectre side-channel attack risk mitigation information from processor, server, and software vendors
Jan 10 2018
- vSphere 6.5 Core Storage white paper - one home virtualization lab enthusiast's perspective
Dec 07 2016
- My vSphere 6.5 Upgrade Checklist – painful
Jan 29 2017 by Michael White at Notes from MWhite