vSphere Update Manager provides centralized, automated patch and version management for VMware ESXi hosts and virtual machines on each vCenter Server instance.


vSphere Update Manager registers with a single vCenter Server instance where an administrator can automate the following operations for the lifecycle management of the vSphere environment:

  • Upgrade and patch ESXi hosts

  • Install and upgrade third-party software on ESXi hosts

  • Upgrade virtual machine hardware and VMware Tools

Use the vSphere Update Manager Download Service (UMDS) to deploy vSphere Update Manager on a secured, air-gapped network that is disconnected from other local networks and the Internet. UMDS provides a bridge for Internet access that is required to pull down upgrade and patch binaries.

Installation Models

The installation models of vSphere Update Manager are different according to the type of vCenter Server installation.

Table 1. Installation Models of vSphere Update Manager and Update Manager Download Service


Installation Model


vSphere Update Manager

Embedded in the vCenter Server Appliance

vSphere Update Manager is automatically registered with the container vCenter Server Appliance. You access vSphere Update Manager as a plug-in in the vSphere Client or vSphere Web Client.

Use virtual appliance deployment to deploy easily vCenter Server and vSphere Update Manager as an all-in-one package. Sizing and maintenance for vSphere Update Manager is determined by the vCenter Server deployment.

Windows installable package for installation against a Microsoft Windows vCenter Server

You must run the vSphere Update Manager installation on vCenter Server itself or an external Microsoft Windows Server. After installation and registration with vCenter Server, you access vSphere Update Manager as a plug-in in the vSphere Client and vSphere Web Client.

Use the Windows installable deployment if you are using a vCenter Server instance for Windows.


In vSphere 6.5 and later, you can pair a vSphere Update Manager instance for a Microsoft Windows only with a vCenter Server instance for Windows.

Update Manager Download Service

Installable package for Linux or Microsoft Windows Server

  • For a Linux deployment, install UMDS on Ubuntu 14.0.4 or Red Hat Enterprise Linux 7.0

  • For a Windows deployment, install UMDS on one of the supported Host Operating Systems in VMware Knowledge Base Article 2091273.

UMDS and vSphere Update Manager must be running on different systems.


The functional elements of vSphere Update Manager support monitoring, notifying and orchestrating the lifecycle management of your vSphere environment in the SDDC.

Figure 1. Architecture of vSphere Update Manager and Update Manager Download Service

In a consolidated SDDC, the Update Manager Download Service downloads host patch binaries from an external repository. The vSphere Update Manager on the Consolidated vCenter Server retrieves the binaries and remediates them on the managed hosts.

Types of Nodes

For functionality and scalability, vSphere Update Manager and Update Manager Download Service have the following roles:

vSphere Update Manager

Required node for integrated, automated lifecycle management of vSphere components. vSphere Update Manager and vCenter Server have a one-to-one relationship, regardless of the number of vCenter Server instances in the environment.

Update Manager Download Service

In a secure environment in which vCenter Server and vSphere Update Manager are isolated from the Internet, use UMDS as a bridge to provide patch and update binaries to vSphere Update Manager. In addition, to manage the lifecycle of multiple vSphere environments, you can use UMDS to aggregate downloaded binary data, such as patch metadata, patch binaries, and notifications, and share it across multiple instances of vSphere Update Manager.


You back up vSphere Update Manager, either as an embedded service on the vCenter Server Appliance or deployed separately on a Microsoft Windows Server virtual machine and UMDS by using traditional virtual machine backup solutions. Such solutions are based on software that is compatible with vSphere Storage APIs for Data Protection (VADP).

Consolidated Deployment of vSphere Update Manager and UMDS

Because of its scope, VMware Validated Design for Workload and Management Consolidation implements vSphere Update Manager and UMDS in a single-region design. This implementation provides a secure method for downloading patch binaries while maintaining the ability to scale up to the larger VMware Validated Design for Software-Defined Data Center.

Figure 2. Single-Region Interaction Between vSphere Update Manager and Update Manager Download Service

vSphere Update Manager is a part of the Consolidated vCenter Server. You deploy UMDS on a separate virtual machine that is connected to the external network, and then register UMDS as a shared repository of vSphere Update Manager.