You use the vSphere Update Manager service on each vCenter Server Appliance and deploy a vSphere Update Manager Download Service (UMDS) in Region A and Region B to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager as a service of the vCenter Server Appliance. The Update Manager server and client components are a part of the vCenter Server Appliance.

You can connect only one vCenter Server instance to a vSphere Update Manager instance.

To restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a vSphere Update Manager Download Service (UMDS) in the region containing the Consolidated vCenter Server Appliance.

UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloaded data on a Web server. The local Update Manager servers download the patches from UMDS.

Figure 1. vSphere Update Manager Logical and Networking Design


vSphere Update Manager is a part of the Consolidated vCenter Server Appliance and uses its settings to remediate ESXi hosts. For security and resource reasons, you deploy an instance of vSphere Update Manager Download Service in each region. UMDS has access to the external network and stores patch data for host and VM updates.

Deployment Model

vSphere Update Manager is pre-installed in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager service starts automatically.

In addition to the vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi hosts and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

For security reasons, vSphere Update Manager is placed on a safe internal network with no connection to the Internet. It cannot download patch metadata. You deploy UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager uses the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Update Manager Physical Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-OPS-VUM-001

Use the vSphere Update Manager service on the Consolidated vCenter Server Appliance for patch management.

  • Reduces the number of management virtual machines that need to be deployed and maintained within the SDDC.

  • Enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances managed by the consolidated vCenter Server.

  • All physical design decisions for vCenter Server determine the setup for vSphere Update Manager.

  • A one-to-one mapping of vCenter Server to vSphere Update Manager is required. Because of the shared nature of the consolidated cluster you can use only a single vSphere Update Manager instance .

CSDDC-OPS-VUM-002

Use the embedded PostgreSQL of the vCenter Server Appliance for vSphere Update Manager.

  • Reduces both overhead and licensing cost for external enterprise database systems.

  • Avoids problems with upgrades.

The vCenter Server Appliance has limited database management tools for database administrators.

CSDDC-OPS-VUM-003

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

CSDDC-OPS-VUM-004

Deploy and configure a UMDS virtual machine.

Limits direct access to the Internet from vSphere Update Manager on Consolidated vCenter Server, and reduces storage requirements on each instance.

You must maintain the host operating system (OS) and the database used by the UMDS.

CSDDC-OPS-VUM-005

Connect the UMDS virtual machine to the region-specific application virtual network.

  • Provides local storage and access to vSphere Update Manager repository data.

  • Provides a consistent deployment model for management applications.

You must use NSX to support this network configuration.