You use the vSphere Update Manager service on the vCenter Server Appliance. You deploy a vSphere Update Manager Download Service (UMDS) in the SDDC to download and stage upgrade and patch data.

Networking and Application Design

You can use the vSphere Update Manager as a service of the vCenter Server Appliance. The Update Manager server and client components are a part of the vCenter Server Appliance.

You can connect only one vCenter Server instance to a vSphere Update Manager instance.

To restrict the access to the external network from vSphere Update Manager and vCenter Server, deploy a vSphere Update Manager Download Service (UMDS) in the region containing the Consolidated vCenter Server Appliance.

UMDS downloads upgrades, patch binaries and patch metadata, and stages the downloaded data on a Web server. The local Update Manager servers download the patches from UMDS.

Figure 1. Logical and Networking Design of vSphere Update Manager




Deployment Model

vSphere Update Manager is pre-installed in the vCenter Server Appliance. After you deploy or upgrade the vCenter Server Appliance, the VMware vSphere Update Manager service starts automatically.

In addition to the vSphere Update Manager deployment, two models for downloading patches from VMware exist.

Internet-connected model

The vSphere Update Manager server is connected to the VMware patch repository to download patches for ESXi hosts and virtual appliances. No additional configuration is required, other than scan and remediate the hosts as needed.

Proxied access model

For security reasons, vSphere Update Manager is placed on a safe internal network with no connection to the Internet. It cannot download patch metadata. You deploy UMDS to download and store patch metadata and binaries to a shared repository. vSphere Update Manager uses the shared repository as a patch datastore before remediating the ESXi hosts.

Table 1. Design Decision on the Physical Design of vSphere Update Manager

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-VUM-001

Use the vSphere Update Manager service on the vCenter Server Appliance in each ROBO that you configure and use for patch management.

  • The mapping between vCenter Server and vSphere Update Manager is one-to-one.

  • Enables centralized, automated patch and version management for VMware vSphere, and offers support for VMware ESXi hosts, virtual machines, and virtual appliances that are managed by the ROBO vCenter Server.

  • The physical design decisions for vCenter Server determine the setup for vSphere Update Manager.

  • The mapping between vCenter Server and vSphere Update Manager is one-to-one. Because of the shared nature of the consolidated cluster, you can use only a single vSphere Update Manager instance.

ROBO-OPS-VUM-002

Use the embedded PostgreSQL server of the vCenter Server Appliance for vSphere Update Manager.

  • Reduces both overhead and licensing cost for external enterprise database systems.

  • Avoids problems with upgrades.

The vCenter Server Appliance has limited database management tools for database administrators.

ROBO-OPS-VUM-003

Use the network settings of the vCenter Server Appliance for vSphere Update Manager.

Simplifies network configuration because of the one-to-one mapping between vCenter Server and vSphere Update Manager. You configure the network settings once for both vCenter Server and vSphere Update Manager.

None.

ROBO-OPS-VUM-004

Deploy and configure vSphere Update Manager Download Service (UMDS) virtual machines in each ROBO.

Restricts the direct access to the Internet from vSphere Update Manager on the ROBO vCenter Server instances.

You must maintain more management virtual machines.

ROBO-OPS-VUM-005

Connect the UMDS virtual machines to the ROBO-specific application virtual network.

  • Provides local storage and access to the repository data of vSphere Update Manager

  • Provides a consistent deployment model for management applications.

You must use NSX to support this network configuration.