vSphere Update Manager provides centralized, automated patch and version management for VMware ESXi hosts and virtual machines on each vCenter Server instance.

Overview

vSphere Update Manager registers with a single vCenter Server instance where an administrator can automate the following operations for the lifecycle management of the vSphere environment:

  • Upgrade and patch ESXi hosts

  • Install and upgrade third-party software on ESXi hosts

  • Upgrade virtual machine hardware and VMware Tools

Use the vSphere Update Manager Download Service (UMDS) to deploy vSphere Update Manager on a secured, air-gapped network that is disconnected from other local networks and the Internet. UMDS provides a bridge for Internet access that is required to pull down upgrade and patch binaries.

Installation Models

The installation models of vSphere Update Manager are different according to the type of vCenter Server installation.

Table 1. Installation Models of vSphere Update Manager and Update Manager Download Service

Component

Installation Model

Description

vSphere Update Manager

Embedded in the vCenter Server Appliance

vSphere Update Manager is automatically registered with the container vCenter Server Appliance. You access vSphere Update Manager as a plug-in in the vSphere Client or vSphere Web Client.

Use virtual appliance deployment to deploy easily vCenter Server and vSphere Update Manager as an all-in-one package. Sizing and maintenance for vSphere Update Manager is determined by the vCenter Server deployment.

Windows installable package for installation against a Microsoft Windows vCenter Server

You must run the vSphere Update Manager installation on vCenter Server itself or an external Microsoft Windows Server. After installation and registration with vCenter Server, you access vSphere Update Manager as a plug-in in the vSphere Client and vSphere Web Client.

Use the Windows installable deployment if you are using a vCenter Server instance for Windows.

Note:

In vSphere 6.5 and later, you can pair a vSphere Update Manager instance for a Microsoft Windows only with a vCenter Server instance for Windows.

Update Manager Download Service

Installable package for Linux or Microsoft Windows Server

  • For a Linux deployment, install UMDS on Ubuntu 14.0.4 or Red Hat Enterprise Linux 7.0

  • For a Windows deployment, install UMDS on one of the supported Host Operating Systems in VMware Knowledge Base Article 2091273.

UMDS and vSphere Update Manager must be running on different systems.

Architecture

The functional elements of vSphere Update Manager support monitoring, notifying and orchestrating the lifecycle management of your vSphere environment in the SDDC.

Figure 1. Architecture of vSphere Update Manager and Update Manager Download Service

In an SDDC, the Update Manager Download Service downloads host patch binaries from an external repository. The vSphere Update Manager instances on the Management vCenter Server and Compute vCenter Server retrieve the binaries and remediates them on the managed hosts.

Types of Nodes

For functionality and scalability, vSphere Update Manager and Update Manager Download Service have the following roles:

vSphere Update Manager

Required node for integrated, automated lifecycle management of vSphere components. vSphere Update Manager and vCenter Server have a one-to-one relationship, regardless of the number of vCenter Server instances in the environment.

Update Manager Download Service

In a secure environment in which vCenter Server and vSphere Update Manager are isolated from the Internet, use UMDS as a bridge to provide patch and update binaries to vSphere Update Manager. In addition, to manage the lifecycle of multiple vSphere environments, you can use UMDS to aggregate downloaded binary data, such as patch metadata, patch binaries, and notifications, and share it across multiple instances of vSphere Update Manager.

Backup

You back up vSphere Update Manager, either as an embedded service on the vCenter Server Appliance or deployed separately on a Microsoft Windows Server virtual machine and UMDS by using traditional virtual machine backup solutions. Such solutions are based on software that is compatible with vSphere Storage APIs for Data Protection (VADP).

Multi-Region Deployment of vSphere Update Manager and UMDS

Because of its multi-region scope, VMware Validated Design for Software-Defined Data Center uses vSphere Update Manager and UMDS in each region to provide automated lifecycle management of the vSphere components. While you have a vSphere Update Manager service instance with each vCenter Server deployed, you deploy one UMDS instance per region. In this way, you have a central repository of aggregated patch binaries that are securely downloaded.

Failing over UMDS by using vSphere Replication and Site Recovery Manager is not necessary because each region contains its own UMDS instance.

Figure 2. Dual-Region Interaction Between vSphere Update Manager and Update Manager Download Service

vSphere Update Manager is a part of the Management vCenter Server and Compute vCenter Server. In each region, you deploy UMDS on a separate virtual machine that is connected to the external network, and then register UMDS as a shared repository of vSphere Update Manager.