Deploying VMware Update Manager 6.0 Update 2

VUM Header

With the release of vSphere 6.0 Update 2 I needed to update my hosts! VMware Update Manager [VUM] makes updating and patching your environment very easy. It can also be used to upgrade VMTools and VMHardware versions on your virtual machines. In this post I will be installing VUM on Windows Server 2012 R2 VM using the SQL Express database and attaching it to my VCSA 6.0 U2 appliance. Once installed then I will use VUM to update my environment!

VUM Getting Started

Requirements:

  • Must have a vCenter.
  • Software: .NET Framework 3.5 needs to be installed on the VUM server. For two install methods click here and here.
  • Hardware: 2 GB of RAM if separated from vCenter. 8 GB of RAM if installed on a Windows vCenter.
  • Storage: VMware recommends at least 120 GB of free space for the patching repository. Sizing Estimator for vSphere Update Manager 6.0.
  • Database:
    • SQL Express: If you have a small environment (VMware says 5 hosts and 50 virtual machines or less) then the embedded SQL Express database is just fine.
    • External: If you have a larger environment then you will want to use a external database. Click here and here to read more about having a external database.
  • For a full of requirements check out the VMware Update Manager 6.0 Update 2 Release Notes.
  • Click here for all VMware Update Manager documentation.

Install VMware Updates Manager:

Here is the download link for VUM.

Extract or mount the vCenter ISO and launch the install. If the autorun didn’t run you can manually launch by going to theUpdateManager folder and running VMware-UpdateManager.exe

I will be installing this in my home lab and will be using SQL Express.

Click Install:

VUM Install 1 - Update Manager Server Install

SQL Installer will pop up but won’t require any interaction from you. It will perform a Express installation.

VUM Install 2 - Installing SQL Express

Once SQL finishes you will be prompted with the language selection. Click Ok:

VUM Install 3 - Select Language

Click Next:

VUM Install 4 - Welcome to Install Wizard

Accept the EULA to continue then click Next:

VUM Install 5 - Accept EULA

I always like to do the download manually. Uncheck it and click Next:

VUM Install 6 - Support Information

Enter the details of your vCenter server and a user account to use. Highly recommend using a Service Account. Click Next:

VUM Install 7 - vCenter Server Information

If you have a DNS server in your environment change the drop down menu to the FQDN of your VUM server. If not then IP address is okay. If you need to enter proxy settings to access the internet you can do so now or you can skip and perform later. Click Next:

VUM Install 8 - VUM Port Settings

You can change the install directory and patch repository here. Click Next:

VUM Install 9 - Destination Folder

If you do not have 120 GB of free space you will get the following message. Check out the sizing estimator in the Requirements section above to see how much space you should have. You can proceed without having the space requirement.

Click Ok:

VUM Install 9-1 - Not enough space

Click Install:

VUM Install 10 - Ready to Install

Yay VUM is now installed. Click Finish:

VUM Install 11 - Installation Complete

Install the VUM Plug-In:

Next the is to enable the VUM plug-in in the thick client. In the top menu  go to Plug-ins -> Manage Plug-ins:

VUM Configure 1 - Manage Plug-ins

You should now see the VUM Extension in the Available Plug-ins section. Click Download and Install:

VUM Configure 2 - Download and Install

A install wizard should launch. Just agree/accept/next your way through it. Nothing you can configure.

Once the wizard completed you should get the following SSL security warning since it is using a self sign certificate. Check the box and click Ignore:

VUM Configure 3 - Accept SSL Warning

Now the VUM Plug-in should show Enabled:

VUM Configure 4 - VUM Enabled

To open VUM go to Home -> Update Manager:

VUM Configure 5 - Update Manager Icon

Welcome to VUM!

VUM Configure 6 - Welcome to VUM

Download Critical/Non-Critical Baseline Updates:

Let’s start out with a simple task and update the default baselines for Critical and Non-Critical patches from VMware. This will update your currently installed version of ESXi with the latest updates/patches of that same version. For example, if you are running 5.5 then you will get the latest updates for 5.5, it will not upgrade you from 5.5 to 6.0. If you are running 6.0 then this method will update you to 6.0 Update 2! If you are on 5.x scroll down and use the ESXi Image update method.

Click on Configuration -> Download Settings. Here you can configure a proxy settings if applicable. Click Download Nowto download updates from the default VMware sources:

VUM Configure 7 - Download VMware Patches

A task will appear in the tasks pane. Once completed go to Baselines and Groups. There is now numbers below Content:

VUM Configure 8 - Baseline and Groups

Remediate Hosts to Apply Update Baselines:

Next lets remediate a host to apply these updates. Go to Home -> Hosts and Clusters -> then click on a Hosts orCluster. Now click on the Update Manager tab then Attach:

VUM Configure 9 - Attach Baseline

Select the Critical and Non-Critical baselines then click Attach:

VUM Configure 10 - Select Baseline and Attach

Both baselines should now appear under the Attached Baseline section. Click Scan:

VUM Configure 11 - Scan

Since we don’t have any Upgrade baselines just click Scan:

VUM Configure 12 - Confirm Scan

All of my hosts are Non-Compliant!! Let’s remediate one of them. Click Remediate in the lower part of the screen:

VUM Configure 13 - Remediate

Select which baselines you want to use then uncheck/check the hosts you want to apply. Click Next:

VUM Configure 14 - Remediation Selection

Here is a list of all the patches that will be applied. If for some reason you want to exclude a patch you can deselect it now. Click Next:

VUM Configure 15 - Patches and Extensions

Enter a task name and when you want the remediation to happen. Click Next:

VUM Configure 16 - Schedule

Change settings here if applicable. Click Next:

VUM Configure 17 - Host Remediation Options

Change settings here if needed. Click Next:

VUM Configure 18 - Cluster Remediation Options

Once you are satisfied click Finish:

VUM Configure 19 - Ready to Complete

If your host wasn’t already in maintenance mode you will notice VUM will put it in maintenance mode for you. You can monitor the progress of the remediation by watching the task.

VUM Configure 20 - Remediate Tasks Running

Once finished one of my hosts is showing Compliant! Time to rinse and repeat 🙂

VUM Configure 21 - 1 Host Complete

How to Update ESXi version using VUM:

You can also use VUM to upgrade your ESXi hosts. You have to use this method for major upgrades, such as 5.1 to 5.5 and 5.5 to 6.0. This method will also work going from 6.0.0 to 6.0 U2.

First you need to download a ESXi image. If you are using HP or Dell I would advise using their customized ESXi images. They contain the latest drivers and packages that are applicable to your hardware. Otherwise you can download the version from VMware.

Now you have the ESXi image let’s upload it to VUM. Back in the thick client go to Home -> Update Manager -> ESXi Images tab -> Import ESXi Image:

VUM ESXi Update 1 - Import ESXi Image

Browse for your download ESXi image then click Next:

VUM ESXi Update 2 - Browse for ESXi Image

Once the upload complete click Next:

VUM ESXi Update 3 - Upload Complete

The Import ESXi Image wizard will also create our Baseline. Enter a name then click Finish:

VUM ESXi Update 4 - Baseline Name

You will now see the ESXi image.

VUM ESXi Update 5 - ESXi Image Added

Let’s attach the new Upgrade Baseline to a cluster/host! Go to Home -> Hosts & Clusters -> Select a Cluster or Host ->Click the Update Manager tab -> then click Attach:

VUM ESXi Update 6 - Attach ESXi Upgrade Baseline

Select the Upgrade Baseline then click Attach:

VUM ESXi Update 7 - Attach Baseline

Now kick off a Scan:

VUM ESXi Update 8 - Scan

Ensure the Upgrades box is checked as we want to scan for that. Click Scan:

VUM ESXi Update 9 - Confirm Scan

One of my hosts needs to be updated! Click Remediate in the bottom right of the window:

VUM ESXi Update 10 - Remediate

The Remediate Wizard is mostly the same as when we performed Critical / Non-Critical updates. Select the host(s) you want to remediate then click Next:

VUM ESXi Update 11 - Remediation Selection

Accept the EULA to continue then click Next:

VUM ESXi Update 12 - EULA

If you are upgrading from ESXi 5.x then you will want to leave the box unchecked to alert about any issues. Click Next:

VUM ESXi Update 13 - ESXi 6 Upgrade

Continue through the wizard. Once you are satisfied with the summary click Finish:

VUM ESXi Update 14 - Ready to Complete

You can watch the Task in the Task pane for a status of the upgrade. Once complete you should show that host asCompliant!

VUM ESXi Update 15 - Compliant

 

Installing and configuring UMDS/ Update manager download services.

Installing and Configuring UMDS

Update manager download services.

UMDS downloads patch metadata, binaries, updates repository from internet where VMware update manager does not have access to  internet. As below picture I have 2 VMware update manager instances and they don’t have access to internet, and my UMDS server configured with IIS server is behind firewall connected to internet and Update managers download patches/updates over HTTP. (This demo is from home lab if you want try it in your environment at try it at your risk)

here I get benefit of less consumed internet bandwidth, repository downloaded once only, very helpful in slow internet speed. Easy to manage patches/updates, remove old patches from patch store.

Prerequisite for UMDS

  • Windows Server 2008 server.
  • vCenter server 5.0 Media

Internet connection

 

UMDS is available on vCenter media.

Execute VMware-UMDS.exe from cdrom:\umds folder.

Here I am using Microsoft SQL Server 2008 R2 Express edition instance (not suggested for production, configure proper compatible SQL server, Create database and in the last configure DSN on UMDS so you can provide it while installation of UMDS), Keep all the defaults and start installation.

Next setting is for internet, how will be the internet connectivity  to UMDS server, I have direct connectivity to internet on UMDS server, keeping as it is clicking next.

Next screen leads you, where you want to keep installed files and downloaded Patches. I will suggest here to select another HDD or drive which has free space 120 GB. (I am keeping it in C:\patches folder). This location can be changed later using UMDS commandline.

If the downloading patches location does not have 120 gb free it will give below warning message, but still you can proceed with installation.

Keep other options default and finish installation.

It’s time to configure your UMDS Server.

We are installing IIS Server here, and all other vmware update managers will use http link to download  patches from UMDS server. Open server manager on UMDS server, right click roles and click add roles
Select web server (IIS) and press next

keep all the defaults and select server roles services page and press next , then press install.

Once all done, open IIS Manager.
Right click Default Web Site and click Add Virtual Directory.

Use the Patches as alias and path will be C:\Patches which we gave while installing UMDS (Make sure C:\patches has sufficient permissions for users also you can change it through UMDS command line later)

Select Default Web Site and Open MIME Types

Add below MIME types one by one.

File name extension Mime type
.vib application/octet-stream
.sig application/octet-stream

It’s a time to test your UMDS web site from VMware update manager server. Just open and make sure “http://umds/patches/” is working in web browser (my UMDS server computer name is “umds”) as you can see below it is successful.

On UMDS server Add “C:\Program Files (x86)\VMware\Infrastructure\Update Manager” location to windows environment.

Go to control Panel> system or go to computer properties> advanced tab.

Click Environment variables.

Search for Path variable and click edit, Add below addition line at the end of variable value (no space)

;C:\Program Files (x86)\VMware\Infrastructure\Update Manager\

click ok trice.

Now it’s time to download patches and upgrades from internet on UMDS server, UMDS is configured through command line only no GUI is available for it. Open command prompt (Run as administrator)
And just type “vmware-umds.exe -D” press enter (options and parameters are case sensitive). It will start downloading all the available patche/updates for all kind of hosts versions (make sure your Internet is working) it will downloading all the patches.

You will need to run vmware-umds -D to download every time for latest patches from internet, you can scheduled the command in schedule task.

You can configure Patches download location, patch/update source urls, Patches/updates to download (whether for different versions let’s say I want to download for only esxi5 version patches/updates), for more help just type vmware-umds.exe, which gives detailed help about the command.

The last step here is to configure vmware updates manager. Log on to vcenter server (I will assume you have already installed update manager/ update manger plug-ins), go  to update manager> configuration> download settings> use a shared repository

Type the UMDS url and press validate. Once it gets successfully connected you will see connected with green mark appeared. (There is a another way if you don’t want to deploy and manage web server,(I will recommend Web Server only as it is very easy and hassle free) you need to copy C:\patches folder from UMDS server to VMware update manger server and then give the local path ie: you copied patches on update manager to “c:\patches” type the local drive path in validate URL. (Mapped drive or shared location does not work)  you can utilize DFSR for replication or any other synchronization software for the same.)

To reconfigure Database password, proxy authentication there is tool available in the “C:\Program Files (x86)\VMware\Infrastructure\Update Manager”, in case if there are any changes in infrastructure (DB password and proxy authentication)

Vmwareupdatemangerutility.exe

Now you are ready to download patches/updates centrally and keep your VMware infrastructure updated.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s