You use the vSphere Update Manager service on each vCenter Server Appliance and deploy a vSphere Update Manager Download Service (UMDS) in Region A and Region B to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager as a service of the vCenter Server Appliance. The Update Manager server and client components are a part of the vCenter Server Appliance.

You can connect only one vCenter Server instance to a vSphere Update Manager instance.

Because this design uses multiple vCenter Server instances, you must configure a separate vSphere Update Manager for each vCenter Server. To save the overhead of downloading updates on multiple vSphere Update Manager instances and to restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a UMDS in each region. UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloads on a web server. The local Update Manager servers download the patches from UMDS.

Figure 1. vSphere Update Manager Logical and Networking Design


vSphere Update Manager is a part of the vCenter Server Appliance and uses its settings to remediate ESXi hosts. For security and resource reasons, you deploy an instance of vSphere Update Manager Download Service in each region. UMDS has access to the external network and stores patch data for host and VM updates.

Deployment Model

vSphere Update Manager is pre-installed in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager service starts automatically.

In addition to the vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi hosts and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

vSphere Update Manager has no connection to the Internet and cannot download patch metadata. You deploy UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager uses the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Update Manager Physical Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-VUM-001

Use the vSphere Update Manager service on each vCenter Server Appliance to provide a total of four vSphere Update Manager instances that you configure and use for patch management.

  • Reduces the number of management virtual machines that need to be deployed and maintained within the SDDC.

  • Enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances managed by each vCenter Server.

  • All physical design decisions for vCenter Server determine the setup for vSphere Update Manager.

  • A one-to-one mapping of vCenter Server to vSphere Update Manager is required. Each Management vCenter Server or Compute vCenter Server instance in each region needs its own vSphere Update Manager.

SDDC-OPS-VUM-002

Use the embedded PostgresSQL of the vCenter Server Appliance for vSphere Update Manager .

  • Reduces both overhead and licensing cost for external enterprise database systems.

  • Avoids problems with upgrades.

The vCenter Server Appliance has limited database management tools for database administrators.

SDDC-OPS-VUM-003

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

SDDC-OPS-VUM-004

Deploy and configure UMDS virtual machines for each region.

Limits direct access to the Internet from vSphere Update Manager on multiple vCenter Server instances, and reduces storage requirements on each instance.

You must maintain the host operating system (OS) as well as the database used by the UMDS.

SDDC-OPS-VUM-005

Connect the UMDS virtual machines to the region-specific application virtual network.

  • Provides local storage and access to vSphere Update Manager repository data.

  • Avoids cross-region bandwidth usage for repository access.

  • Provides a consistent deployment model for management applications.

You must use NSX to support this network configuration.