DefinIT

Installing VMware vSphere Update Manager Download Service and publishing via IIS

The vSphere UMDS provides a way to download patches for VMware servers that have an air-gap, or for some reason aren’t allowed to go out to the internet themselves – in my case a security policy prevented a DMZ vCenter Server from connecting to the internet directly. The solution is to use UMDS to download the updates to a 2nd server that was hosted in the DMZ and then update the vCenter Server from there. It also can save on bandwidth if you’re running multiple vCenter Servers, which again was the case (though bandwidth isn’t really a constraint).

Installing UMDS

Installing UMDS is a really simple affair – run the <installer location>\umds\VMware-UMDS.exe installer and click through the options. The simplest option is to run the in-build SQL 2008 R2 Express database for the metadata, though you can create a 32-bit DSN and use an existing DB server if required. I set the patch download location to a D:\ that was attached to this VM and finished the install:

image image

image image

image image

image

It takes a little while to install largely because of the SQL Express installation.

Configuring UMDS and downloading the patches

Once you’ve got it installed, it’s a bit of a tumbleweed moment…what next?! There’s no application or GUI installed – you need to read the documentation (or this blog :-)) to see what’s next!

If you’ve installed it in the default location, run a command prompt and navigate to: c:\Program Files (x86)\VMware\Infrastructure\Update Manager

If you run the “vmware-umds.exe –H” command, you’ll see the the full help output – I think the examples are the easiest way to work out what you want to do!

  Examples:

To add a new ESX 4.x/5.x patch depot URL
vmware-umds.exe -S –add-url https://hostname/index.xml –url-type HOST

To remove a URL
vmware-umds.exe -S –remove-url https://hostname/index.xml

To list all supported platforms for downloading ESX host updates
vmware-umds.exe –list-host-platforms

To enable downloading of ESX host and virtual appliance updates
vmware-umds.exe -S –enable-host –enable-va

To enable downloading of only ESX 4.0 and ESXi 4.0 host updates
vmware-umds.exe -S –disable-host
vmware-umds.exe -S -e esx-4.0.0 embeddedEsx-4.0.0

To disable downloading of only ESX 4.0 and ESXi 4.0 host updates
vmware-umds.exe -S –enable-host
vmware-umds.exe -S -e esx-4.0.0 embeddedEsx-4.0.0

To download updates based on the current configuration
vmware-umds.exe -D

To export all downloaded updates to F:\UMDS-store
vmware-umds.exe -S –default-export-store F:\UMDS-store
vmware-umds.exe -E
OR
vmware-umds.exe -E –export-store F:\UMDS-store

Since I don’t want to download any unnecessary patches, I want to exclude ESX from the mix. To view the available platforms you can download patches for, use the –list-host-platforms argument:

image

The easiest way to do this is to enable all host downloads and disable the ESX downloads:

vmware-umds –S –-enable-host

vmware-umds –S -d esx-4.1.0 esx-4.0.0

image

Now I can trigger the initial download to get the patches down – this is a pretty verbose output, if you want to log it you can pipe to a text file. This will also take a while to download!

vmware-umds -D

Since I am going to publish these updates using IIS for my vSphere Update Manager servers, I want to configure an export directory using the –E option – depending on your disk speed, this could take a while. It’s worth noting that this will double the size of your repository. I would prefer to be able to use the download location as the repository.

vmware-umds –E –export-store D:\UMDS\Export

You can verify your configuration using the –G option.

Configuring IIS to publish the UMDS Export

Assuming you already have IIS installed (or are capable of managing this feat) you can go ahead and configure your IIS to publish the export folder.

image

Configure a MIME type for .sig and .vib to use “application/octet-stream”, and check that .xml is “text/xml”.

image

Configure upstream VMware Update Manger Servers

Configuring the upstream servers is as simple as providing the URL of the site you’ve just published under the Update Manager Administration Console in the vSphere Client. Go to the Configuration tab, click Download Settings and then select “Use a shared repository”. Enter the URL and click “Validate URL”. Then click “Apply”. If you want to do the initial sync, click “Download Now”, if not wait for the scheduled download.

image

Optional extras

For extra credit…

  • Install an SSL certificate to secure your IIS server
  • Schedule the download of patches using Task Scheduler
  • Schedule the export of patches to your IIS site using Task Scheduler