How to Apply an Async Patch to VMware Cloud Foundation in Online Mode

Async patching in VMware Cloud Foundation (VCF) allows administrators to apply critical updates to components like vCenter Server, NSX Manager, and ESXi outside of the standard VCF release cycle. This guide walks through the process of applying these patches using the Async Patch Tool in an online environment.

✅ Prerequisites

Before starting, ensure:

  • Your SDDC Manager appliance has internet access (direct or via proxy).
  • You’re using VMware Cloud Foundation 4.2.1 or later.
  • You have the latest version of the Async Patch Tool.
  • Any older versions of the tool are removed: Shellrm -r /home/vcf/asyncPatchTool
rm -r /home/vcf/asyncPatchTool

🔧 Step-by-Step Process

1. Download the Async Patch Tool

  • Log in to the Broadcom Support Portal.
  • Navigate to My Downloads > VMware Cloud Foundation > Drivers & Tools.
  • Download the latest vcf-async-patch-tool-<version>.tar.gz.

2. Prepare the SDDC Manager Appliance

  • SSH into the appliance using the vcf user.
  • Create the tool directory: 
mkdir /home/vcf/asyncPatchTool
  • Copy and extract the tool: 
tar -xvf vcf-async-patch-tool-<version>.tar.gz
  • Set permissions: 
chmod -R 755 asyncPatchTool
chown -R vcf:vcf asyncPatchTool

3. Configure Access to VMware Depot

  • Update tool properties for authenticated access (see KB 390122).
  • Use TCP keepalive in your SSH client to avoid timeouts.

4. List Available Async Patches

Navigate to the tool’s binary directory and run:

/home/vcf/asyncPatchTool/bin.
./vcf-async-patch-tool --listAsyncPatch --dubroadcom_support_email

Optional filters:

  • --sku (e.g., VCF or VCF_ON_VXRAIL)
  • --productType (e.g., ESX_HOST, NSX, VCENTER)
  • --proxyServer for proxy configurations

5. Enable the Async Patch

Download the input spec (see KB 344935), then run:

./vcf-async-patch-tool -i /path/to/inputspec --du <your_email> --sddcSSOUser <SSO_user> --sddcSSHUser vcf --it ONLINE

For VxRail:

./vcf-async-patch-tool -i /path/to/inputspec --du <your_email> --pdu <dell_emc_email> --sddcSSOUser <SSO_user> --sddcSSHUser vcf --it ONLINE

You’ll be prompted to:

  • Confirm tool version
  • Join CEIP (Customer Experience Improvement Program)
  • Enter passwords for vcf, root, and SSO accounts

6. Apply the Patch via SDDC Manager UI

  • Log into the UI.
  • Apply the patch to all workload domains.
  • For ESXi upgrades:
    • Use custom ISO (baseline clusters)
    • Use Lifecycle Manager images (image-based clusters)

7. Deactivate the Patch (Post-Deployment)

Run:

./vcf-async-patch-tool --disableAllPatches --sddcSSOUser <SSO_user> --sddcSSHUser vcf

8. Important Notes

  • Starting with VCF 5.2, new workload domains inherit patched versions of vCenter and NSX Manager.
  • For earlier versions, reapply patches manually to new domains.
  • New hosts added to patched domains must match the async patch version of ESXi.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Egestas Egestas Fringilla Phasellus Faucibus Scelerisque
Enim Facilisis Gravida Neque Convallis Cras Semper Auctor
Fermentum Dui Faucibus Bnornare Quam Viverra Orci
Diam Maecenas Ultricies Mieget Wauris Bibendum Neque