VMware Aria Suite Lifecycle 8.18 Patch 5 & vIDM Patch Installation Guide

Recently VMware released VMware Aria Suite Lifecycle 8.18.0 Patch 5 to mitigate security vulnerabilities, support for VMware Aria Operations 8.18.5, VMware Aria Operations for Logs 8.18.5 and upgrade VMware Aria infrastructure to VCF 9.0 and VCF 9.0.1.

Recognizing the frequent questions from customers about patch installation sequences and challenges, I’ve prepared this document. It offers clear instructions and highlights crucial points to consider before and during the upgrade

Applying this patch:

• Enables installation of VCF Operations fleet management appliance 9.0 and 9.0.1.
  VCF Operations fleet management appliance provides lifecycle management and Day-N operations capabilities in VCF 9.0 for management components like VCF Automation, VCF Operations, VCF Operations for networks, VCF Operations for logs, and VCF Identity Broker.
• Enables upgrade for VMware Aria Operations 8.18 to VCF Operations 9.0 and 9.0.1, including VCF Operations fleet management 9.0 installation when VMware Cloud Foundation entitlement is selected.
• Decouples VCF aware mode-based deployments with SDDC Manager. This occurs only if VMware Aria Operations 8.x is upgraded to 9.0 or SDDC Manager is upgraded to 9.0.

Performance & Security Improvements in this Patch

This patch bundle brings targeted enhancements and security fixes for VMware Aria Suite Lifecycle (Aria Suite LCM) and VMware Identity Manager (vIDM). Presenting these helps stakeholders understand why this update is necessary beyond “just bug fixes.”

Key Improvements & Fixes – Aria Suite LCM

The patch includes fixes for security vulnerabilities in LCM itself.
Specifically:

• Security vulnerability remediations
  The patch addresses known security issues affecting the LCM appliance (details per the release notes).
• Improved stability and reliability
  Some fixes resolve operational edge-case bugs (for example, binary mapping discovery issues or repo integration) to reduce patch failures or inconsistency during life-cycle operations. (Implicit in release notes)
• Better integration handling
  The patch may enhance how LCM handles binary mappings, patch discovery, and dependency resolution with downstream components (such as vIDM), reducing manual intervention or errors.

Because Aria Suite LCM orchestrates the deployment, patching and lifecycle of connected components like vIDM, enhancements in reliability, error handling, and security in LCM directly support smoother, safer updates of those downstream systems.

Key Improvements & Fixes – vIDM

• Resolved stability / functional issues
  The patch corrects defects in vIDM that might cause service disruptions, inconsistencies, or unexpected behaviors under certain conditions (e.g. cluster operations, connector sync).
• Security hardening
  The patch mitigates vulnerabilities in vIDM’s authentication, authorization, or internal APIs—reducing risk exposure in identity services.
• Cluster and patch coordination improvements
  For clustered vIDM deployments, the patch ensures better rolling upgrade behavior, minimizing downtime or node mismatch conditions during patching sequences.

Before beginning to patch please verify you have taken a non-memory snapshot of both VMware Aria Suite LCM, VMware Identity Manager appliances. Retain the snapshot for at least a day after applying the patch.

Before patching VMware Aria Suite LCM, you must patch VMware Identity Manager. Patch order must be,

• Patch VMware Identity Manager first.
• Patch VMware Aria Suite LCM after successfully upgraded the vIDM.
• Patch vIDM and vRSLCM in the same maintenance windows.
• Ensure vIDM is at version 3.3.7 GA or any previously applied patch.

Important Note: vIDM services will not be operational until VMware Aria Suite LCM Patch 5 is applied.

Expected Duration & Impact Table

Component	Approx. Downtime	Notes
vIDM	~1 hour	Services unavailable during patch and Appliance reboot required.
Aria Suite LCM	~1 hour	Appliance reboot required.

Patch Instructions for VMware Identity Manager 3.3.7

For Cluster Deployments, patch nodes sequentially in order Primary Node –> Secondary Node 1 –> Secondary Node 2. Do not patch nodes in parallel.

For Single-Node Deployments, apply the patch on the vIDM node by following the steps below.

1. Download the patch file CSP-102092-Appliance-3.3.7-Patch.zip and upload it to the appliance /db/vidm-upgrade folder using SCP or WinSCP. If vidm-upgrade folder does not exist create one.
2. SSH into the vIDM as a root user or sshuser. If connected with the sshuser elevate to root with the sudo su command.
3. Unzip the patch with the command below.
   • unzip CSP-102092-Appliance-3.3.7-Patch.zip
4. Delete the zip file with the command below to reclaim the space.
   • rm -rf CSP-102092-Appliance-3.3.7-Patch.zip
5. Go to the patch directory
   • cd CSP-102092-Appliance-3.3.7-Patch
6. Run the patch automation script
   • ./CSP-102092-patch-automation.sh -f CSP-102092-Appliance-3.3.7.zip -r
     
     
7. The system will reboot automatically after patch installation.
8. To validate the vIDM operates normally Log in to the vIDM Console as an Administrator; confirm the System Diagnostics page shows a green status.
   

Patch Instructions for Aria Suite Life Cycle Manager

Before start to apply patch

1. Download the Prep-for-Upgrade-LCM script, copy it to the Aria Suite LCM appliance under /data directory and run the script using the below commands.
   • cd /data
chmod +x prep-for-upgrade-lcm.sh
./prep-for-upgrade-lcm.sh
2. SSH to the Aria Suite LCM appliance and check the disk spaces.
   
3. If there is a space issue on /tmp directory which requires more space, then the upgrade could fail. Please refer to KB Aria Suite Lifecycle Manager upgrade fails because /tmp directory fills up when downloading to temporarily increase the space on the /tmp directory.
   
4. Check /data directory if there are tmp_patch_storage and tmp-patch-8180 folders delete them before starting the patch process.
   
   
5. Download the patch
   • Log in to the Broadcom Support Portal.
   • Click My Downloads and choose VMware Aria Suite
   • Click the Solutions tab and select VMware Aria Suite – Enterprise. Choose the 2019 release.
   • On the list of Product Support Packs and Patches, filter to find the appropriate patch and click it to open the download page.
   • To search for a Patch, look for syntax in the format  vrslcm-8.18.0-PatchX.patch , where  X is the patch number.
6. Upload the patch onto /data directory of the appliance
7. From the Lifecycle Operations dashboard, navigate to Settings –> Binary Mapping and click Patch Binaries. If any binaries from a previous installation are listed, delete them. In Source Location, enter the path to the patch upload such as /data and click Discover Select the Patch discovered and click Add. Once the source mapping is complete, proceed with installation of the patch.
8. Go to Lifecycle Operations dashboard, navigate to Settings –> System Patches and then Install the Patch.
   
9. Wait till the reboot of VMware Aria Suite Lifecycle occurs and it completely comes back. You can use the command below to monitor Aria Suite LCM services during the patch process.
   • vrlcm-cli –health-status
     
     
10. The system will reboot automatically after patch installation.
    
11. To validate the patch completion in the Aria Suite Lifecycle UI
    • Login to VMware Aria Suite Lifecycle UI and click on About and check if the Patch version is set to Patch 5.