In a semi-air-gap environment, you can set up Internet Information Services (IIS) on the machine on which UMDS is installed and configure Update Manager to use the downloaded patch binaries and patch metadata from the IIS Web server.

Before you begin

Install and set up IIS on the machine on which UMDS is running. For information about setting up an IIS Web server, see the Internet Information Services documentation on the Microsoft Web site.

About this task

Use this approach when the Update Manager server is installed on a machine that is connected to the UMDS machine, but does not have direct Internet access.


The procedure uses IIS 6. Other versions of IIS can be configured similarly.


  1. Log in to the computer on which you have installed UMDS and download the patch binaries and patch metadata.
  2. Create a directory for the patch data under the document root of the Web server.

    For example, C:\inetpub\wwwroot\UMDS.

  3. Export the downloaded metadata and binaries to the UMDS directory under the Web server root.
    vmware-umds -E --export-store C:\inetpub\wwwroot\UMDS
  4. Add .vib, .sig, and .xml as allowed MIME types for the Web server.
    1. Click Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager.
    2. In the Internet Information Services (IIS) Manager window, select IIS Manager Information > Computer Name (local computer) > Web Sites > Default Web Site.

      Here Computer Name is the name of your machine.

    3. Right click the UMDS folder where you exported the patch data and select Properties.
    4. Click HTTP Headers > MIME Types.
    5. Click New and add the new MIME types.

      In the Extension text field, enter .vib, .sig, and .xml. Enter one file extension for each MIME type entry. In the MIME Type field, enter application/octet-stream for .vib and .sig. For .xml, enter text/xml in the MIME Type field.

  5. Set appropriate permissions for the UMDS folder in the Web server root.
    1. Right-click the UMDS folder under Default Web Site in the Internet Information Services (IIS) Manager window, and select Permissions.
    2. In the Advanced Security Settings dialog box, select the Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here and Replace permission entries on all child objects with entries shown here that apply to child objects check boxes.
    3. Click Apply.
  6. Restart the IIS Admin Service in the Services Control Manager.
  7. (Optional) : Verify that you can view the UMDS directory under the Web server root in a browser and download files.
  8. Connect the vSphere Client to a vCenter Server system with which Update Manager is registered and select Home > Solutions and Applications > Update Manager.

    If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain, specify the Update Manager instance to configure by selecting the name of the corresponding vCenter Server system in the navigation bar.

  9. Click the Configuration tab in the Update Manager Administration view.
  10. Select the Use a shared repository radio button.
  11. Enter the URL of the folder on the Web server where you exported the patch binaries and patch metadata.

    For example, http://ip_address_or_hostname/UMDS

  12. Click Validate URL to validate the path.

    Make sure that the validation is successful. If the validation fails, Update Manager reports the reason for the failure. You can use the path to the shared repository only if the validation succeeds.

  13. Click Apply to apply the changes.
  14. Click Download Now to download the patch metadata immediately.

    Update Manager downloads patch binaries during staging and remediation.


Update Manager is now configured to use the patch metadata and patch binaries downloaded through UMDS and hosted on the IIS Web server.