IBM Cloud Docs
VMware Update Manager introduction

VMware Update Manager introduction

As the system administrator of a VMware Cloud Foundation for Classic - Automated instance, review the instructions on how to configure VMware® Update Manager (VUM) to maintain the currency of your VCF for Classic - Automated instance.

After 21 June 2022, provisioning new VCF for Classic - Automated instances with NSX–V is no longer supported. However, you can add hosts and clusters to your existing NSX–V deployments. IBM strongly recommends that clients immediately assess their NSX–V networks and plan a much earlier migration to NSX–T.

After 21 June 2022, you can no longer order new VCF for Classic - Automated instance with vSphere 6.7. After 15 October 2022, the VCF for Classic - Automated instances with vSphere 6.7 are read–only in the VMware Solutions console. You can no longer add or remove hosts and clusters until you upgrade to vSphere 7.0.

If you have a VCF for Classic - Automated instance that is deployed with vSphere 7, then VMware® added new functions and rebranded it as vSphere Lifecycle Manager (vLCM). For more information, read this blog entry vSphere 7 – lifecycle management

VUM enables centralized, automated patch and version management for VMware vSphere®. With VUM, you can complete the following tasks in your VCF for Classic - Automated environment:

  • Upgrade and patch the vSphere ESXi hosts.
  • Install and update third-party software on the hosts.
  • Upgrade virtual machine hardware, VMware Tools, and virtual appliances.

This document also describes the processes to maintain the following components of your VCF for Classic - Automated instance:

  • VMware vCenter® Server Appliance (VCSA)
  • NSX®
  • vSAN™

This document describes the use of a proxy server implementation, based on CentOS and Squid, to enable VUM to access the VMware repositories. When VUM requests a resource from the update server at VMware, the request is sent to the proxy server first and the proxy server then sends the request to the update server through the External Services Gateway (ESG). After the resource is obtained by the proxy server, it sends the resource to VUM.

Overview diagram
Overview diagram

In vSphere 6.7, VUM is integrated within the VCSA, and as the VUM client component is a plug-in that runs on the vSphere Web Client it is automatically enabled after deployment of the VCSA. However, VUM has no access to the internet to access the VMware repositories.

This documented configuration uses the all-in-one, Internet-connected VUM deployment model that uses the IBM Cloud public network to provide internet access to download upgrades and patches.

Clients requiring the use of alternative internet connections must investigate the VMware vSphere Update Manager Download Service (UMDS), which is beyond the scope of this publication.

While VUM can be configured to import updates from a shared repository or import patches and extensions manually from a compressed file, these details aren't discussed in this document.

In vSphere 6.7 and later, it's no longer supported to register VUM to a VCSA during installation of the VUM server on a separate Windows system you can't deploy VUM in a VM within the VCF for Classic - Automated instance.

This information is organized into the following sections:

  • VMware Update Manager overview - Describes the VUM process and introduces key terms that are needed to understand the operations and UI of the tool.
  • Installation, Configuration, and Usage - Describes the steps that are required to get VUM working in a VCF for Classic - Automated instance:
    • Initial configuration - A one-time task to complete the following processes:
      • Configure NSX networking to allow the proxy server access to the internet.
      • Install and configure a proxy server to provide internet access for VUM.
      • The initial setup of VUM to use the proxy server.
    • Collecting the metadata - VUM downloads metadata about the upgrades, patches, or extensions through a predefined automatic process that you can modify. At regular configurable intervals, VUM contacts VMware, or third-party sources, to gather the most recent metadata about available upgrades, patches, or extensions.
    • Creating baselines - Use the predefined baselines and baseline groups or create custom ones. Baselines and baseline groups are then attached to inventory objects.
    • Scanning and review - Inventory objects are scanned, and the results are reviewed to determine how they comply with the baselines and baseline groups. Scan results can be filtered by text search, group selection, baseline selection, and compliance status selection.
    • Staging and remediation - Patches and extensions can be optionally staged before remediation to ensure that they are downloaded to the host. During remediation, VUM applies the patches, extensions, and upgrades to the inventory objects.

This document assumes that you have one primary VCF for Classic - Automated instance that is deployed, or a number of separate primary VCF for Classic - Automated instances. If you have primary and secondary VCF for Classic - Automated instances that are deployed and that use Single Sign On (SSO), see SSO-linked vCenters.

If you deployed a VCF for Classic - Automated instance with vSAN, see Updating vSAN clusters first.

If you want to update the IBM Cloud infrastructure management automation, use the IBM Cloud for VMware Solutions console.

On the IBM Cloud for VMware Solutions console, you can complete the following actions:

  • Upgrade licenses for example, upgrade NSX Base to another version.
  • Initiate updates to the VCF for Classic - Automated instance.
  • View the status of updates.
  • View the installed updates.

This facility enables the automated updating for the management components of the VCF for Classic - Automated instances only. VMware product updates must be applied by using the procedures that are detailed in this document.