Vmware Update Manager (VUM) is the preferred update tool for keeping Vmware ESX servers up to date.
Sadly in version 5 Vmware dropped the ability to patch VMs, but it's an essential part of the Vmware Sysadmin's toolkit none the less.
Installation of VUM is pretty straight forward. You create an ODBC connection to either a local SQL Express installation or a remote dedicated SQL server (on a 64bit server this needs to be done with the 32bit odbc admin tool C:\Windows\SysWOW64\odbcad32.exe and remember to install the SQL client connectivity!). You then run the setup wizard off the vCenter media and select your ODBC connection.
The UMDS (Update Manager Download Service) is an additional component of VUM which can be manually installed, again off the vCenter media. It allows you to download the patches and metadata to an isolated VUM server which has no access to the internet (direct or via a proxy).
There are two stages - the download and getting the files into VUM:
- Internet -> UMDS download -> staging box
- Staging box -> IIS / USB drive / Local Drive -> VUM Shared Repository
Stage 1.
- Install UMDS on any box with internet access (direct or via proxy). This will require the SQL client connectivity and setting up a 32bit ODBC connection.
- Configure internet access with the config utility in C:\Program Files (x86)\VMware\Infrastructure\Update Manager\VMwareUpdateManagerUtility.exe (on 64bit windows)
- Once UMDS is running, you just run the command vmware-umds -D. This will download the patches and metadata to the data directory specified during setup.
Stage 2.
There are several methods for getting the data into VUM. All require the data to be "exported" from the download folder. (this is per the vmware documentation but I can't see any different between the download folder and the exported folder)
-
- vmware-umds -S --default-export-store C:\UMDS_Export - this sets the export location. The vmware docs say this needs to be only one folder deep to work
- vmware-umds -E this does the export.
If you're not planning to use IIS to serve up the files to VUM, you need to get this export folder onto your VUM server local disks (either with a USB drive or manually copying over CIFS to the VUM server disks) and use the "shared repository" feature to tell VUM where they are. Click the "download now" button to get the metadata into VUM.
Using IIS is a nice way to automate the process (connectivity permitting).
- First off, create a virtual directory in IIS pointing to the export folder.
- Grant permission to the export folder, subfolders and all files to at least the IIS_IUSRS user (the builtin users group includes this user)
- Then add the mime types from the VMware article here and enable directory browsing.
- Restart IIS
- Add the URL to the shared repository section of VUM's configuration page and validate the URL - remember to include http or https as appropriate for your IIS setup
- Click download now
Finally, you need to either wait for a scheduled patch download, or modify your schedule to "once" and select "run now" to make VUM process the metadata otherwise you won't see any patches.
Here's a quick summary of the different roles
UMDS server
- Needs internet access (direct or via proxy)
- Requires a UMDS SQL database, either local or remote, connected via 32bit ODBC
- Downloads patches to local disk
- Exports patches to either local disk or usb disk for transfer to VUM
- Optional: IIS can be installed to serve patches to VUM server
VUM Server
- Needs to be able to connect to vCenter
- Needs a VUM SQL database, either local or remote, connected via 32bit ODBC
- Downloads patches to local disk during remediation from either USB, another local folder or IIS.
- Optional: Needs to be able to access IIS port on the UMDS server
Additional reading:
http://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.update_manager.doc_50/GUID-013BCF81-7F46-4EFF-BA67-40FA08C91037.html
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004455
http://communities.vmware.com/message/2091767?tstart=0
http://virtuallymikebrown.com/2011/10/23/vcenter-update-manager-patching-guide/
Posted via email from Pio's work related musings