With the release of vSphere 6.0 Update 2 I needed to update my hosts! VMware Update Manager [VUM] makes updating and patching your environment very easy. It can also be used to upgrade VMTools and VMHardware versions on your virtual machines. In this post I will be installing VUM on Windows Server 2012 R2 VM using the SQL Express database and attaching it to my VCSA 6.0 U2 appliance. Once installed then I will use VUM to update my environment!
- Must have a vCenter.
- Software: .NET Framework 3.5 needs to be installed on the VUM server. For two install methods click here and here.
- Hardware: 2 GB of RAM if separated from vCenter. 8 GB of RAM if installed on a Windows vCenter.
- Storage: VMware recommends at least 120 GB of free space for the patching repository. Sizing Estimator for vSphere Update Manager 6.0.
- SQL Express: If you have a small environment (VMware says 5 hosts and 50 virtual machines or less) then the embedded SQL Express database is just fine.
- External: If you have a larger environment then you will want to use a external database. Click here and here to read more about having a external database.
- For a full of requirements check out the VMware Update Manager 6.0 Update 2 Release Notes.
- Click here for all VMware Update Manager documentation.
Install VMware Updates Manager:
Here is the download link for VUM.
Extract or mount the vCenter ISO and launch the install. If the autorun didn’t run you can manually launch by going to theUpdateManager folder and running VMware-UpdateManager.exe
I will be installing this in my home lab and will be using SQL Express.
SQL Installer will pop up but won’t require any interaction from you. It will perform a Express installation.
Once SQL finishes you will be prompted with the language selection. Click Ok:
Accept the EULA to continue then click Next:
I always like to do the download manually. Uncheck it and click Next:
Enter the details of your vCenter server and a user account to use. Highly recommend using a Service Account. Click Next:
If you have a DNS server in your environment change the drop down menu to the FQDN of your VUM server. If not then IP address is okay. If you need to enter proxy settings to access the internet you can do so now or you can skip and perform later. Click Next:
You can change the install directory and patch repository here. Click Next:
If you do not have 120 GB of free space you will get the following message. Check out the sizing estimator in the Requirements section above to see how much space you should have. You can proceed without having the space requirement.
Yay VUM is now installed. Click Finish:
Install the VUM Plug-In:
Next the is to enable the VUM plug-in in the thick client. In the top menu go to Plug-ins -> Manage Plug-ins:
You should now see the VUM Extension in the Available Plug-ins section. Click Download and Install:
A install wizard should launch. Just agree/accept/next your way through it. Nothing you can configure.
Once the wizard completed you should get the following SSL security warning since it is using a self sign certificate. Check the box and click Ignore:
Now the VUM Plug-in should show Enabled:
To open VUM go to Home -> Update Manager:
Welcome to VUM!
Download Critical/Non-Critical Baseline Updates:
Let’s start out with a simple task and update the default baselines for Critical and Non-Critical patches from VMware. This will update your currently installed version of ESXi with the latest updates/patches of that same version. For example, if you are running 5.5 then you will get the latest updates for 5.5, it will not upgrade you from 5.5 to 6.0. If you are running 6.0 then this method will update you to 6.0 Update 2! If you are on 5.x scroll down and use the ESXi Image update method.
Click on Configuration -> Download Settings. Here you can configure a proxy settings if applicable. Click Download Nowto download updates from the default VMware sources:
A task will appear in the tasks pane. Once completed go to Baselines and Groups. There is now numbers below Content:
Remediate Hosts to Apply Update Baselines:
Next lets remediate a host to apply these updates. Go to Home -> Hosts and Clusters -> then click on a Hosts orCluster. Now click on the Update Manager tab then Attach:
Select the Critical and Non-Critical baselines then click Attach:
Both baselines should now appear under the Attached Baseline section. Click Scan:
Since we don’t have any Upgrade baselines just click Scan:
All of my hosts are Non-Compliant!! Let’s remediate one of them. Click Remediate in the lower part of the screen:
Select which baselines you want to use then uncheck/check the hosts you want to apply. Click Next:
Here is a list of all the patches that will be applied. If for some reason you want to exclude a patch you can deselect it now. Click Next:
Enter a task name and when you want the remediation to happen. Click Next:
Change settings here if applicable. Click Next:
Change settings here if needed. Click Next:
Once you are satisfied click Finish:
If your host wasn’t already in maintenance mode you will notice VUM will put it in maintenance mode for you. You can monitor the progress of the remediation by watching the task.
Once finished one of my hosts is showing Compliant! Time to rinse and repeat
How to Update ESXi version using VUM:
You can also use VUM to upgrade your ESXi hosts. You have to use this method for major upgrades, such as 5.1 to 5.5 and 5.5 to 6.0. This method will also work going from 6.0.0 to 6.0 U2.
First you need to download a ESXi image. If you are using HP or Dell I would advise using their customized ESXi images. They contain the latest drivers and packages that are applicable to your hardware. Otherwise you can download the version from VMware.
- HP Hardware: http://www8.hp.com/us/en/products/servers/solutions.html?compURI=1499005#tab=TAB4
- Dell Hardware: http://support.dell.com
Now you have the ESXi image let’s upload it to VUM. Back in the thick client go to Home -> Update Manager -> ESXi Images tab -> Import ESXi Image:
Browse for your download ESXi image then click Next:
Once the upload complete click Next:
The Import ESXi Image wizard will also create our Baseline. Enter a name then click Finish:
You will now see the ESXi image.
Let’s attach the new Upgrade Baseline to a cluster/host! Go to Home -> Hosts & Clusters -> Select a Cluster or Host ->Click the Update Manager tab -> then click Attach:
Select the Upgrade Baseline then click Attach:
Now kick off a Scan:
Ensure the Upgrades box is checked as we want to scan for that. Click Scan:
One of my hosts needs to be updated! Click Remediate in the bottom right of the window:
The Remediate Wizard is mostly the same as when we performed Critical / Non-Critical updates. Select the host(s) you want to remediate then click Next:
Accept the EULA to continue then click Next:
If you are upgrading from ESXi 5.x then you will want to leave the box unchecked to alert about any issues. Click Next:
Continue through the wizard. Once you are satisfied with the summary click Finish:
You can watch the Task in the Task pane for a status of the upgrade. Once complete you should show that host asCompliant!
Installing and configuring UMDS/ Update manager download services.
Installing and Configuring UMDS
Update manager download services.
UMDS downloads patch metadata, binaries, updates repository from internet where VMware update manager does not have access to internet. As below picture I have 2 VMware update manager instances and they don’t have access to internet, and my UMDS server configured with IIS server is behind firewall connected to internet and Update managers download patches/updates over HTTP. (This demo is from home lab if you want try it in your environment at try it at your risk)
here I get benefit of less consumed internet bandwidth, repository downloaded once only, very helpful in slow internet speed. Easy to manage patches/updates, remove old patches from patch store.
Prerequisite for UMDS
- Windows Server 2008 server.
- vCenter server 5.0 Media
UMDS is available on vCenter media.
Execute VMware-UMDS.exe from cdrom:\umds folder.
Here I am using Microsoft SQL Server 2008 R2 Express edition instance (not suggested for production, configure proper compatible SQL server, Create database and in the last configure DSN on UMDS so you can provide it while installation of UMDS), Keep all the defaults and start installation.
Next setting is for internet, how will be the internet connectivity to UMDS server, I have direct connectivity to internet on UMDS server, keeping as it is clicking next.
Next screen leads you, where you want to keep installed files and downloaded Patches. I will suggest here to select another HDD or drive which has free space 120 GB. (I am keeping it in C:\patches folder). This location can be changed later using UMDS commandline.
If the downloading patches location does not have 120 gb free it will give below warning message, but still you can proceed with installation.
Keep other options default and finish installation.
It’s time to configure your UMDS Server.
We are installing IIS Server here, and all other vmware update managers will use http link to download patches from UMDS server. Open server manager on UMDS server, right click roles and click add roles
Select web server (IIS) and press next
keep all the defaults and select server roles services page and press next , then press install.
Once all done, open IIS Manager.
Right click Default Web Site and click Add Virtual Directory.
Use the Patches as alias and path will be C:\Patches which we gave while installing UMDS (Make sure C:\patches has sufficient permissions for users also you can change it through UMDS command line later)
Select Default Web Site and Open MIME Types
Add below MIME types one by one.
|File name extension||Mime type|
It’s a time to test your UMDS web site from VMware update manager server. Just open and make sure “http://umds/patches/” is working in web browser (my UMDS server computer name is “umds”) as you can see below it is successful.
On UMDS server Add “C:\Program Files (x86)\VMware\Infrastructure\Update Manager” location to windows environment.
Go to control Panel> system or go to computer properties> advanced tab.
Click Environment variables.
Search for Path variable and click edit, Add below addition line at the end of variable value (no space)
;C:\Program Files (x86)\VMware\Infrastructure\Update Manager\
click ok trice.
Now it’s time to download patches and upgrades from internet on UMDS server, UMDS is configured through command line only no GUI is available for it. Open command prompt (Run as administrator)
And just type “vmware-umds.exe -D” press enter (options and parameters are case sensitive). It will start downloading all the available patche/updates for all kind of hosts versions (make sure your Internet is working) it will downloading all the patches.
You will need to run vmware-umds -D to download every time for latest patches from internet, you can scheduled the command in schedule task.
You can configure Patches download location, patch/update source urls, Patches/updates to download (whether for different versions let’s say I want to download for only esxi5 version patches/updates), for more help just type vmware-umds.exe, which gives detailed help about the command.
The last step here is to configure vmware updates manager. Log on to vcenter server (I will assume you have already installed update manager/ update manger plug-ins), go to update manager> configuration> download settings> use a shared repository
Type the UMDS url and press validate. Once it gets successfully connected you will see connected with green mark appeared. (There is a another way if you don’t want to deploy and manage web server,(I will recommend Web Server only as it is very easy and hassle free) you need to copy C:\patches folder from UMDS server to VMware update manger server and then give the local path ie: you copied patches on update manager to “c:\patches” type the local drive path in validate URL. (Mapped drive or shared location does not work) you can utilize DFSR for replication or any other synchronization software for the same.)
To reconfigure Database password, proxy authentication there is tool available in the “C:\Program Files (x86)\VMware\Infrastructure\Update Manager”, in case if there are any changes in infrastructure (DB password and proxy authentication)
Now you are ready to download patches/updates centrally and keep your VMware infrastructure updated.