You use the vSphere Update Manager service on the vCenter Server Appliance. You deploy a vSphere Update Manager Download Service (UMDS) in the SDDC to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager as a service of the vCenter Server Appliance. The Update Manager server and client components are a part of the vCenter Server Appliance.

You can connect only one vCenter Server instance to a vSphere Update Manager instance.

To restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a vSphere Update Manager Download Service (UMDS) in the region containing the Consolidated vCenter Server Appliance.

UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloaded data on a Web server. The local Update Manager servers download the patches from UMDS.

Figure 1. Logical and Networking Design of vSphere Update Manager


vSphere Update Manager is a part of the Consolidated vCenter Server Appliance and uses its settings to remediate ESXi hosts. For security and resource reasons, you deploy an instance of vSphere Update Manager Download Service in each region. UMDS has access to the external network and stores patch data for host and VM updates.

Deployment Model

vSphere Update Manager is pre-installed in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager service starts automatically.

In addition to the vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi hosts and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

For security reasons, vSphere Update Manager is placed on a safe internal network with no connection to the Internet. It cannot download patch metadata. You deploy UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager uses the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Design Decision on the Physical Design of vSphere Update Manager

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-OPS-VUM-001

Use the vSphere Update Manager service on the Consolidated vCenter Server Appliance for patch management.

  • Reduces the number of management virtual machines that you deploy and maintain in the SDDC.

  • Enables centralized, automated patch and version management for VMware vSphere, and offers support for VMware ESXi hosts, virtual machines, and virtual appliances that are managed by the Consolidated vCenter Server.

  • The physical design decisions for vCenter Server determine the setup for vSphere Update Manager.

  • The mapping between vCenter Server and vSphere Update Manager is one-to-one. Because of the shared nature of the consolidated cluster, you can use only a single vSphere Update Manager instance.

CSDDC-OPS-VUM-002

Use the embedded PostgreSQL server of the vCenter Server Appliance for vSphere Update Manager.

  • Reduces both overhead and licensing cost for external enterprise database systems.

  • Avoids problems with upgrades.

The vCenter Server Appliance has limited database management tools for database administrators.

CSDDC-OPS-VUM-003

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

CSDDC-OPS-VUM-004

Deploy and configure a vSphere Update Manager Download Service (UMDS) virtual machine.

Restricts the direct access to the Internet from vSphere Update Manager on the Consolidated vCenter Server, and reduces the storage requirements to the vCenter Server Appliance.

You must maintain the host operating system and the database used by the UMDS.

CSDDC-OPS-VUM-005

Connect the UMDS virtual machine to the region-specific application virtual network.

  • Provides local storage and access to the repository data of vSphere Update Manager.

  • Provides a consistent deployment model for management applications.

You must use NSX to support this network configuration.