You can configure vSphere Lifecycle Manager to download software updates for ESXi hosts either from the Internet or from a shared repository of UMDS data.
vSphere Lifecycle Manager downloads only the metadata and not the actual binary payload of the updates. Downloading the metadata saves disk space and network bandwidth. The availability of regularly updated metadata in the vSphere Lifecycle Manager depot lets you perform compliance checks on hosts at any time.
Whatever the download source, vSphere Lifecycle Manager downloads the following types of information:
- Metadata about all ESXi 6.x updates regardless of whether you have hosts of such versions in your environment.
- Metadata about all ESXi 7.x updates regardless of whether you have hosts of such versions in your environment.
Patch recalls for ESXi 6.x hosts.
vSphere Lifecycle Manager supports the recall of patches for hosts that are running ESXi6.7 or later. A patch is recalled when it has problems or potential issues. After you scan the hosts in your environment, vSphere Lifecycle Manager alerts you if the recalled patch has been installed on any host. Recalled patches cannot be installed on hosts with vSphere Lifecycle Manager. vSphere Lifecycle Manager deletes all the recalled patches from the vSphere Lifecycle Manager depot. After a patch that fixes the problem is released, vSphere Lifecycle Manager downloads the new patch to its depot. If you have already installed the problematic patch, vSphere Lifecycle Manager notifies you that a fix is available and prompts you to apply the new patch.
Downloading host patches from the VMware website is a secure process.
- Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself and can also address any concerns about downloading the patch.
- vSphere Lifecycle Manager downloads the patch metadata and patch binaries over SSL connections. vSphere Lifecycle Manager verifies both the validity of the SSL certificates and the common name in the certificates. The common name in the certificates must match the names of the servers from which vSphere Lifecycle Manager downloads the patches. vSphere Lifecycle Manager downloads the patch metadata and binaries only after successful verification of the SSL certificates.
Download Sources
If your deployment system is connected to the Internet, you can use the default settings and links for downloading updates to the vSphere Lifecycle Manager depot. You can also add URL addresses to download third-party software, for example drivers.
If your deployment system is not connected to the Internet, you can use a shared repository after downloading the upgrades, patches, and extensions by using Update Manager Download Service (UMDS).
For more information about UMDS, see Installing, Setting Up, and Using the Update Manager Download Service.
The default configuration is for the vSphere Lifecycle Manager to download information directly from the Internet. However, you can change the download source at any time. Changing the download source from a shared repository to the Internet and the reverse is a change in the vSphere Lifecycle Manager configuration. The two options are mutually exclusive. You cannot download updates from the Internet and a shared repository at the same time.
By default, vSphere Lifecycle Manager is configured to use the official VMware online depot as a download source. When you deploy vCenter Server, synchronization to the official VMware depot is triggered automatically. When you change the default download source, synchronization to the new download source is not triggered automatically. The synchronization task runs as per its schedule. To download new data, you must run the VMware vSphere Lifecycle Manager Update Download task or trigger synchronization manually.
The VMware vSphere Lifecycle Manager Update Download task is a scheduled task that runs at regular intervals. You can change the schedule, and you can also trigger the VMware vSphere Lifecycle Manager Update Download task independently of its schedule.
If the VMware vSphere Lifecycle Manager Update Download task is running when you apply the new configuration settings, the task continues to use the old settings until it finishes. The next time the download task starts, vSphere Lifecycle Manager uses the new settings.
Using a Proxy Server
You cannot configure vSphere Lifecycle Manager to use a proxy server on its own. vSphere Lifecycle Manager uses the proxy settings of thevCenter Server instance where it runs.
Configure vSphere Lifecycle Manager to Use the Internet as a Download Source
If your deployment system is connected to the Internet, you can configure vSphere Lifecycle Manager to directly download ESXi images, vendor add-ons, and other components from the configured online depots to the local vSphere Lifecycle Manager depot.
Prerequisites
Required privileges:
Procedure
Configure vSphere Lifecycle Manager to Use a Shared Repository as a Download Source
You can configure vSphere Lifecycle Manager to use a shared repository as a source for downloading ESXi images, vendor add-ons, and additional components.
The downloading of updates takes place at configurable regular intervals. To initiate downloading of updates regardless of the download schedule, see Synchronize the vSphere Lifecycle Manager Depot.
Prerequisites
- Create a shared repository by using UMDS and host the repository on a Web server or a local disk. For detailed information about exporting the upgrades, update binaries, and update metadata in Export the Downloaded Data.
- Verify that UMDS is of version compatible with the version of vSphere Lifecycle Manager that you are using. For more information about compatibility, see Installing, Setting Up, and Using the Update Manager Download Service.
- Required privileges: .
Procedure
Results
The shared repository is used as the main source for downloading software updates. Downloading from the repository is enabled by default.
Example: Using a Folder or a Web Server as a Shared Repository
You can use a folder or a Web server as a shared repository.
- When you use a folder as a shared repository, repository_path is the path to the top-level directory that stores the patches and notifications exported from UMDS.
For example, use UMDS to export the patches and notifications to the F:\ drive, which is a drive mapped to a plugged-in USB device on the physical machine where UMDS is installed. Then, plug in the USB device to the physical machine where vSphere Lifecycle Manager runs. The device is mapped as E:\ and the folder to configure as a shared repository for vSphere Lifecycle Manager is E:\.
- When you use a Web server as a shared repository, repository_path is the path to the top-level directory on the Web server that stores the patches exported from UMDS.
For example, export the patches and notifications from UMDS to C:\docroot\exportdata. If the folder is configured on a Web server and is accessible from other physical machines at the URL https://umds_host_name/exportdata, the URL to configure as a shared repository in vSphere Lifecycle Manager is https://umds_host_name/exportdata.
Run the VMware vSphere vSphere Lifecycle Manager Update Download Task
If you change the download source, you must run the VMware vSphere vSphere Lifecycle Manager Update Download task to download any new updates.
Procedure
- In the vSphere Client, navigate to a vCenter Server instance.
- On the Configure tab, select Scheduled Tasks.
- In the Scheduled Tasks pane, select the VMware vSphere Lifecycle Manager Update Download task and click Run.
Results
You can see the running task listed in the Recent Tasks pane.