Update Manager (VMware)
Installation
VMware Update Manager (VUM) can be installed either on a separate server, or on the same machine as vCentre. You need to have a SQL database available (as for vCentre, this can be an external database or MS SQL Express).
You also need enough storage to keep local copies of all updates that will available for install to clients (especially when your VUM server is a VM, it can be useful to keep the patches on separate disk, so that's its easier to alter its size without affecting other data).
- Start the installer
- Accept EULA, and then click Next
- Enter the local admin user/pass credentials for the server vCentre is running on, and then click Next
- Setup a database to use, and then click Next
- Use MS SQL 2005 Express option for small scale or non-production deployments only
- Select an existing DSN (to set-up a new DSN, see Create DSN)
- Enter the appropriate authentication information, and then click Next
- Accept the default TCP ports (its recommended that you don't share the server with other services which, for example) might necessitate changing the Update Manager ports). Tick the box if you need to configure a proxy, and then click Next
- Change the ..location for downloading patches if you want you downloaded updates to stored on a separate disk, and click Next
- Click Install
Once installed Update Manager will download patches and updates for hosts and VMs connected to the vCentre. To manage Update Manager...
- With a VI Client connected to vCentre, go to Plug-ins | Manage Plug-ins...
- For the ...Update Manager Extension, click on Download and Install...
- Click on Next
- Accept EULA, and then click Next
- Click Install
- Click Finish
Upgrade
Upgrade vCentre before Update Manager! The database should be backed up prior to starting work.
- Start the installer
- The installer will detect that its an upgrade and ask for confirmation to continue, click Yes
- Once the wizard starts, click Next
- Accept EULA, and then click Next
- Enter the local admin user/pass credentials for the server vCentre is running on, and then click Next
- Enter the appropriate database authentication information (if required), and then click Next
- Leave on the default Yes, I want to upgrade..., and tick to confirm you've taken a backup, then click Next
- Click Install
- Click Finish
Import Updates
Import Off-line Bundle
Useful for when you need to apply additional drivers etc to your ESX's
Often drivers are only available as an ISO, in which case you need to mount the image and extract the off-line bundle ZIP file (use something like WinImage
- Open Update Manager Administrator, and go to the Patch Repository tab
- Click on the Import Patches link
- Locate the ZIP file and click next, the bundle will be imported
In order to deploy the bundle you'll need to create a baseline with the bundle as a member. You've three choices here
- Create an individual baseline for that bundle, then when newer versions of the driver become available, just add it to the existing baseline
- Best for situations where you've different types of hardware being managed by the same vCentre and so you need to distinguish between different ESX's and different bundles
- Add the bundle to an existing baseline
- Best for when you've got uniform hardware, and you like to apply uniform waves (aka controlled releases) of deployments to your ESX's
- Create an individual baseline for that bundle, that gets added to when new versions become available, and add the baseline to a baseline group which applies to clusters etc (hybrid of both of the above)
Import Updates From Another vCenter
Useful when you've a isolated VC (without internet access), and another with a full compliment of updates.
- Copy the updates from to the VC, copy the entire Data directory
- Default location for updates
C:\Documents and Settings\All Users\Application Data\VMware\Vmware Update Manager\Data
- Default location for updates
- On the isolated VC, run a version of the following example command to update the Update Manager database
vmware-updateDownloadCli -p <path to patches>\Data -f esx -U <user ac>
Troubleshooting
Scan/Remediate fails
- Error: VMware Update Manager had a failure
- Detail: Patch metadata for <ESX> missing, please download patch metadata first, despite the fact that Update Manager is fully up to date.
/var/log/vmware/esxupdate.log
shows connection errors
- On the VC, stop the VMware Update Manager Service
- Edit vci-integrity.xml file
- Normally found in
C:\Program Files\VMware\Infrastructure\Update Manager\
- Normally found in
- Edit the following entry, adding the VC IP address
<PatchDepotUrl>http://VC-IP/vci/hostupdates/hostupdate</PatchDepotUrl>
- Restart the VMware Update Manager Service
- Error: VMware Update Manager had an unknown error
- Detail: vim.fault.noHost
- Check that you have no inaccessible/invalid/orphaned VM's on the host, if so resolve
- Disconnect the ESX from vCentre and reconnect
Best Practice
As advised by VMware, see http://www.vmware.com/files/pdf/techpaper/vsp_41_perf_UpdateManager_Best-Practices.pdf for further info
- Separate the Update Manager database from the vCenter database when there are 300+ virtual machines or 30+ hosts.
- Separate both the Update Manager server and the Update Manager database from the vCenter Server system and the vCenter Server database when there are 1000+ virtual machines or 100+ hosts.
- Make sure the Update Manager server host has at least 2GB of RAM to cache patch files in memory.
- Allocate separate physical disks for the Update Manager patch store and the Update Manager database.
- Deploy the Update Manager server close to the ESX hosts if possible. This reduces network latency and packet drops.
- On a high-latency network, powered-on virtual machine scans are preferred because they are not sensitive to network latency.
- Host operations in a slow network will take a long time. Refer to the white paper for the maximum time estimation. Don’t interrupt ongoing operations.