Using Update Manager PowerCLI
This section explores the basics of the Update Manager PowerCLI cmdlets usage. It discusses the following topics:
Getting Started with Update Manager PowerCLI
To get started with Update Manager PowerCLI, open the vSphere PowerCLI console from the Windows Start menu or by clicking the vSphere PowerCLI shortcut icon.
You can get a list of all Update Manager PowerCLI cmdlets by running the Get-Command command with the -PSSnapin parameter:
Get-Command -PSSnapin VMware.VumAutomation
To find information on a specific cmdlet, run the Get-Help cmdlet with the cmdlet name. For example:
Get-Help Get-Patch
Connecting to a vCenter Server
Connect to a vCenter Server that has a Update Manager server installed on it.
To connect to a vCenter Server
Run Connect-VIServer and provide the server DNS or IP address:
Examples of Usage of Update Manager PowerCLI Cmdlets
The following examples demonstrate the basic usage of the Update Manager PowerCLI cmdlets. The examples contain vSphere PowerCLI cmdlets for retrieving and managing vSphere objects. To implement the examples’ code, you must have an existing vSphere infrastructure.
Creating Patch Baselines
Patch baselines can be applied to hosts. Depending on the patch criteria you select, patch baselines can be either dynamic or fixed (static). Patch data in dynamic baselines changes depending on the criteria you specify each time Update Manager downloads new patches. Fixed baselines contain only the patches you have selected, regardless of new patch downloads.
To create patch baselines
$patches = Get-Patch -After "1 Jan 2009" -Product “ESX*”
$staticBaseline = New-PatchBaseline -Static -Name "Static Baseline" -IncludePatch $patches
Create a critical dynamic baseline named Dynamic Baseline by using a fetch-all query:
$criticalPatchBaseline = New-PatchBaseline -Dynamic -Name "Dynamic Baseline" -SearchPatchSeverity Critical
$extensions = Get-Patch -BundleType Extension
New-PatchBaseline -Static -Name "Extension Baseline" -Extension -IncludePatch $extensions
Attaching and Detaching Baselines
Attach baselines to individual objects and to container objects, such as folders, hosts, clusters, and datacenters. Attaching a baseline to a container object transitively attaches the baseline to all objects in the container.
To attach and detach baselines
Attach-Baseline -Baseline $staticBaseline, $criticalPatchBaseline -Entity Host
Detach-Baseline -Baseline $dynamicBaseline, $staticBaseline -Entity Host
Scanning a Virtual Machine
Scan a virtual machine against the baselines attached to it or inherited by its parent object.
To create a task for scanning a virtual machine
Initialize scanning on a virtual machine named VM against baselines containing virtual machine hardware upgrades and VMware Tools upgrades:
$task = Scan-Inventory -Entity VM -UpdateType VmHardwareUpgrade, VmToolsUpgrade -RunAsync
The command initializes a task on the server, returns a snapshot object of the initial state of the task, and saves it in the $task variable.
Note The task object is not updated with the actual state of the task process running on the server. Even after the task is completed, the $task variable value is running. To view the actual status of the tasks running on the server, use the Get-Task cmdlet.
(Optional) Run the Wait-Task cmdlet to watch online the process progress and wait for the task to complete before running other commands:
Wait-Task -Task $task
To verify whether a virtual machine has at least one baseline with Unknown compliance status attached to it and start a scan
Retrieve the compliance statuses with the value Unknown for the baselines attached to the VM virtual machine and store them in a variable:
$statuses = Get-Compliance -Entity VM -ComplianceStatus Unknown
Verify whether the virtual machine has at least one baseline with Unknown compliance status attached to it and start a scan:
if ($statuses.Count -gt 0) {
Scan-Inventory -Entity VM -RunAsync"
Staging Patches
Staging allows you to download patches and extensions from the Update Manager server to the ESX/ESXi hosts, without applying the patches and extensions immediately.
To stage patches for a virtual machine host
$host = Get-VMHost -Name
Stage-Patch -Entity $host
Remediating Inventory Objects
You can remediate virtual machines, virtual appliances, clusters, and hosts.
To remediate a virtual machine
$baselines = Get-Baseline –Entity VM
Remediate-Inventory –Entity VM –Baseline $baselines
To upgrade virtual machine hardware and VMware Tools for all virtual machines in a datacenter
$vms = Get-VM -Location Datacenter
$ugradeBaselines = Get-Baseline -TargetType VM -BaselineType Upgrade
foreach ($vm in $vms) {
Remediate-Inventory -Entity $vm -Baseline $upgradeBaselines
To remediate a cluster
$baselines = Get-Baseline –Entity Cluster
Remediate-Inventory –Entity Cluster –Baseline $baselines -ClusterDisableDistributedPowerManagement –ClusterDisableHighAvailability -ClusterDiabelFaultTolerance
Note Before remediation, you must temporarily disable the Distributed Power Management (DPM), High Availability (HA) admission control, and Fault Tolerance (FT) features of the clusters you want to remediate. After remediation, Update Manager automatically re-enables the disabled features.
To remediate a host
$baselines = Get-Baseline –Entity Host
Remediate-Inventory –Entity Host –Baseline $baselines –HostFailureAction Retry –HostNumberOfRetries 2 -HostDisableMediaDevices $true
Note When remediating a host, you can configure the maintenance mode settings. You can temporarily disable any removable media devices that might prevent the host from entering maintenance mode as well.
Downloading Patches and Scanning Objects
You can download patches from previously defined location.
To start a scan for all entities in a datacenter if new patches are downloaded
Retrieve all entities in the Datacenter datacenter and save the result in a variable:
$entities = Get-Inventory -Location Datacenter
$result = Download-Patch
if ($result.Count > 0) {
Scan-Inventory -Entity $entities