Automating patch downloads for VMware vCenter Update Manager servers that do not have an Internet connection
search cancel

Automating patch downloads for VMware vCenter Update Manager servers that do not have an Internet connection

book

Article ID: 342448

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides information on how to utilize the Update Manager Download Service to distribute patches to VMware Update Manager server(s) that do not have a valid Internet connection or are in isolated networks.

Symptoms:
  • You have VMware Update Manager server(s) that do not have an Internet connection, or are possibly in an isolated network.
  • You need to maintain your environment using VMware Update Manager.
  • You want a simple method of automating the download of patches without manual intervention.


automate-patch-download-update-manager

Environment

VMware vCenter Update Manager 4.0.x
VMware vCenter Update Manager 4.1.x
VMware vCenter Update Manager 5.0.x

Resolution

This article assumes that your servers can communicate with each other via UNC shares on your internal network. If this is not possible in your environment, you must use some form of external media to manually transport the patches from one location to another. For more information, see Setting up VMware Update Manager service for isolated networks (1004455).
 
Note: The procedures in this article are only for Windows 2008 and later operating systems.
 

Prerequisites

The amount of space required to store the updates on your repository vary based on the number of different operating systems and applications you will be patching and the number of years you will be gathering patches on this system. You may need at least 50 gigabytes (GB) for each year of ESX/ESXi patching and 11GB for each virtual machine operating system and locale combination. For example, to use the server for two years to patch Windows XP US English and Windows Server 2003 hosts, you require at least 100GB for the hosts and 22GB for the virtual machines for a total of 122GB. Therefore, to install in such an environment, install it to a server with at least 122GB of available space for patch storage.
 
The Update Manager Download Service installer requires a database. The installation program includes an option to create a SQL Server 2005 Express database or you can use an existing Microsoft SQL Server database or an existing Oracle database. In addition, the Update Manager Download Service requires that it be installed on a server that does not already have VMware Update Manager installed and has a valid Internet connection.
 
The VMware Update Manager servers that you configure do not require an Internet Connection and point to the shared repository that you create using the procedures in this article. For more information on configuring Update Manager and the Update Manager Download Service, see the VMware Documentation site .
 
This article also assumes that your environment already has the VMware Update Manager server(s) installed. This is not a comprehensive guide on installation procedures, but merely on how to setup patch repositories using the Update Manager Download Service. For information on installing vCenter Server and VMware Update Manager visit the VMware Documentation site.
 

Setting up the shared repository on the VMware Update Manager server

  1. Log in to each VMware Update Manager server that you will be installing that does not have an Internet connection as an Administrator.
  2. Create a patch repository folder that will have the exported patches from the Update Manager Download Service server at the desired drive location by going to My Computer > <Drive Letter>. For example, C:\.
  3. Right-click the My Computer window and click New > Folder and name it umdsexport.
  4. Right-click the newly create umdsexport folder and click Properties.
  5. Click the Sharing tab, and then click Advanced Sharing.
  6. Click Share this folder.
  7. Change the default share name to Repository.
  8. Click Permissions > Add > Locations and change location to the local computer.
  9. Under Enter the object names to select, type Administrators and then click Check Names.
  10. Click OK to save changes.
  11. Click Administrators.
  12. Click the Allow check box to give Administrators Full Control.
  13. Click OK to save changes.

Note: Perform these steps for every VMware Update Manager server you will be installing. These steps are not necessary for a VMware Update Manager server that has an Internet Connection.

Configuring the Update Manager Download Service (UMDS)

  1. Log in to the server in which you want to setup Update Manager Download Services as an Administrator.

    Note: This can be a physical or virtual machine and must have a valid Internet connection. VMware Update Manager cannot be installed on this server. The Update Manager Download Service must be on a separate platform as it contains it's own database.
     
  2. To install the Update Manager Download Service, run the VMware-UMDS.exe file located at the umds folder of the VMware vCenter Server installation CD. Use the wizard to complete the installation.
  3. Map to the network share(s) that were created by navigating to My Computer > Map Network Drive.
  4. Choose a drive letter. For example, X:\.
  5. Click Browse and navigate to the VMware Update Manager server.
  6. Choose the share Repository. Repeat this step for each VMware Update Manager server that does not have an Internet connection and assign it a unique drive letter.
  7. Click Reconnect at logon and then click Finish.
  8. Create a schedule task in Windows to run once every day at the desired time. This task must be run before the schedule task below in vCenter Server. Therefore, choose sometime during the day.

    To do this:
  1. Launch Task Scheduler for you version of Windows.

    Note:  For Windows Vista and later operating systems, see http://technet.microsoft.com/en-us/library/dd851678.aspx.

    The preceding links were valid as of May 18, 2011. If you find the links to be invalid or broken, leave feedback and a VMware employee will update it.
     
  2. In the General tab, name the task as UMDS Export.
  3. Select the Run whether user is logged on or not and Run with highest privileges options.
  4. Click the Triggers tab and then click New.
  5. In Begin the task, click On a schedule.
  6. Click Daily and then Recur every 1 days.
  7. For Start, retain the current date and set a desired time.
  8. Click OK.
  9. Click Actions > New.
  10. Under Action, click Start a program.
  11. In program/script type %PROGRAMFILES%\VMware\Infrastructure\Update Manager\vmware-umds.exe.
  12. Under Add arguments (optional), type the switches –-download.
  13. Under Start in, select X:\.
  14. Click New under Actions.
  15. Under Action, click Start a program.
  16. In program/script, type %PROGRAMFILES%\VMware\Infrastructure\Update Manager\vmware-umds.exe.
  17. Under Add arguments (optional), type the switches –E X:\.
  18. Under Start in, Select X:\.
  19. Click OK to save the tasks.
  20. Go to the Task Scheduler Library, right-click the task, and click Run.
Note: You can create additional mapped drives for each VMware Update Manager server that you have, which does not have an Internet connection. However, each drive letter must be unique, and you must create scheduled tasks for each VMware Update Manager server to export the patches. For example, if you are installing two VMware Update Manager servers with no Internet connection, you can create an X:\ and Y:\ drive, and then create tasks that calls vmware-umds to export those patches to the drive letters.
Configuring the VMware Update Manager server to point to the patch repository
 
  1. Go to each server that has VMware Update Manager installed without an Internet connection and log in as Administrator.
  2. Launch vCenter Server and log in with a user that has administrative rights.
  3. Navigate to Solutions and Applications and select Update Manager.
  4. Click the Configuration tab.
  5. Click Patch Download Settings.
  6. Select the Use a shared repository option and type C:\umdsexport.
  7. Click the Validate URL button and click Apply after it is validated.
  8. Click Patch Download Schedule.
  9. Click the Edit Patch Downloads link.
  10. Run through the wizard to configure the schedule at which VMware Update Manager should check the shared repository for new patches. For example, configure this to happen a few hours after the scheduled time of the Update Manager Download Service download/export. Also, ensure that the scheduled task in the Configuring the Update Manager Download Service (UMDS) section of this article is completed before executing the task. Otherwise, the task fails to import patches.


Powered by Wolken Software