You use the vSphere Update Manager service on the vCenter Server Appliance and deploy a vSphere Update Manager Download Service (UMDS) to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager 6.5 as a service of the vCenter Server Appliance 6.5. The Update Manager server and client components are a part of the vCenter Server Appliance

You can connect only one vCenter Server instance to a vSphere Update Manager instance. To restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a vSphere Update Manager Download Service (UMDS) in each ROBO. UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloads on a Web server. The local Update Manager servers download the patches from UMDS.

Figure 1. vSphere Update Manager Logical and Networking Design




Deployment Model

vSphere Update Manager is embedded in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager Extension service starts automatically.

In addition to vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi 5.x hosts, ESXi 6.x hosts, and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

vSphere Update Manager has no connection to the Internet and cannot download patch metadata. You install and configure UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager must be configured to use the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Update Manager Physical Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-VUM-001

Use the vSphere Update Manager service on the vCenter Server Appliance in each ROBO that you configure and use for patch management.

A one-to-one mapping of vCenter Server to vSphere Update Manager is required. Each ROBO vCenter Server needs their own vSphere Update Manager.

All physical design decisions for vCenter Server determine the setup for vSphere Update Manager.

ROBO-OPS-VUM-002

Use the embedded PostgresSQL of the vCenter Server Appliance for vSphere Update Manager.

Reduces both overhead and Microsoft or Oracle licensing costs.

Avoids problems with upgrades.

The vCenter Server Appliance has limited database management tools for database administrators.

ROBO-OPS-VUM-003

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

ROBO-OPS-VUM-004

Deploy and configure vSphere Update Manager Download Service virtual machines in every ROBO.

Limits direct access to the Internet from vSphere Update Manager vCenter Server instances.

None.

ROBO-OPS-VUM-005

Connect the UMDS virtual machines to the ROBO-specific application virtual network.

  • Ensures local storage and access to vSphere Update Manager repository data

  • Provides a consistent deployment model for management applications.

You must use NSX to support this network configuration.