Hello my name is VMware UMDS. How can I help you.

umdsOne of the not so well-known features in vSphere is the VMware Update Manager Download Service or in short UMDS.
In this post I will cover what UMDS is, use-cases for UMDS, the installation and configuration of UMDS and the installation and configuration of the web server, in my case Microsoft IIS.
So let’s start.

What is UMDS?

As I said before UMDS or VMware Update Manager Download Service is an optional module of the Update Manager. It can download update for virtual appliances (VA), patch metadata, patch binaries and notifications. Starting with UMDS 6.0 it supports also patch recalls and notifications. You can think about the Update Manager Download Service as on local shared repository for your vSphere patches.

Use-cases for UMDS

From my perspective there are 2 main use-cases for UMDS

  1. VMware Update Manager is installed on a server which is in a security zone with no internet access.
  2. Multiple Update Manager Server exists in the environment.

For the second use-case it depends on the size of the environment and which versions are used. In my post I have configured it for 5.5 and 6.0 without VA patching and it downloaded approx. 11GB. For only one Update Manager in the environment it saves nothing on traffic but with 10+ Update Managers it could probably save traffic and time for downloading patches. As you might know, when you click “Download now” in the Download Settings of the Update Manager, it will only download the metadata of the patches. Only during remediation of the first host after installing VUM, all required patch data will be downloaded. That’s also the reason why the remediation of the first host with a newly installed VUM takes some time.

Installation of UMDS

Installation of the UMDS Service is not a big deal. UMDS must be of a version that is compatible with the Update Manager server. UMDS 6.0 is compatible and can work with Update Manager 5.x and their respective update releases, and with Update Manager 6.0.
I created a Windows 2012 R2 VM with 1vCPU and 2GB memory. I also put this VM into my DMZ network. Just like the Update Manager itself you need a database. You can check the box to install an SQL 2012 Express embedded database which is included with the installer or use any other supported database which you can find in the Interoperability Matrix (select Update Manager as product). I used a SQL Server 2012 SP3 Express instance which I installed by myself. You also need to create a database and an 32-bit ODBC connection to this database.
For the installation mount the vCenter ISO to the VM. When the autorun application starts you see Download Service below the vSphere Update Manager section. Click install to start the installation.
1. Click Next
2. Accept the license agreement
3. Select the 32-bit ODBC connected which was created previously
4. Just a summary about the DSN and used ODBC driver
5. If a proxy is required for internet access you can configure it here.
6. Choose the installation directory and the location where patches should be downloaded.
7. Just like the Update Manager you will get an warning that the free space is below 120GB. Ignore it!
8. Start the installation.

Configuration of UMDS

For the configuration we need to navigate to the installation directory (C:\Program Files (x86)\VMware\Infrastructure\Update Manager). There you can leverage the vmware-umds.exe command line tool.
You can get the default configuration by using this command:

vmware-umds -G (Get-Config)

As you can see per default all patches from 5.0 to 6.0 and all Virtual Appliance (VA) content will be downloaded. There is also no Export Store defined. To remove patches from the configuration use this command:

vmware-umds -S -d embeddedEsx-5.0.0
vmware-umds -S -d embeddedEsx-5.1.0
-S is for Set-Config
-d is for Disable host platform

In my case I removed 5.0 and 5.1 because they are not needed anymore. I could also remove 5.5 but I left it as it is. Next I also disabled the VA content.

vmware-umds -S –disable-va

After applying all commands my configuration looks like this:
After the UMDS configuration is finished you can start to download the content. In my case it was barely 11GB so this will take some time.

vmware-umds -D

For configuring the Export store location you can either set a default location and use the export command or use only the export command with the –export-store parameter.

Setting a default export store location
vmware-umds -S –default-export-store E:\UMDS-Store
vmware-umds -E
Using export-store parameter
vmware-umds -E –export-store E:\UMDS-Store

The export store location is the path where UMDS copies the downloaded files for using on a removeable media or as web server path.
Because it’s called service everybody would expect an Windows service running in the background. Unfortunately this is not the case. You need to create a schedule task which runs periodically doing the download of the patches and exporting it the the export store location.

Installation and configuration of the Web Server (Microsoft IIS)

You still can’t use the patches in Update Manager because you need an URL for the shared repository. That means you need a web server on the same server where UMDS is running or a web server on a dedicated machine. I installed IIS on the same machine as UMDS. To install IIS follow the next steps.
1. Select Add Roles and Features in the Server Manager and select the Web Server (IIS) checkbox.
2. Required features will automatically be selected.
3. Nothing more needs to be selected on the features dialog.
4. The next screenshots shows the default selected features of the Web Server which are sufficient for the shared repository configuration
umds_icm_15 umds_icm_16 umds_icm_17 umds_icm_18
5. Start the installation
After IIS installation is completed start Internet Information Services (IIS) Manager which is located in the Administrative Tools.
Right click Default Web Site and select Add Virtual Directory.
Choose an Alias for the Virtual Directory and select the export store location as physical path.
In the MIME Types you need to add .vib and .sig as application/octet-stream type. Finally you need to enable Directory Browsing on the Virtual Directory.
To use this shared repository with the Update Manager, login to the vSphere Web Client go to Update Manager, select the Update Manager Server. Go to Manage – Settings – Download settings and click Edit. Select Use a shared repository and enter the URL (http://FQDN_UMDS_SERVER/VIRTUAL_DIRECTORY).
After clicking OK it should validate the repository and download the metadata of the downloaded patches.

1 Response

  1. Alexander Pinilla says:

    Excellent information, very useful.
    I would like to ask. For By doing this configuration, how could I install the microsoft KB in my Windows virtual machines. This is possible?,  for not configure WSUS.
    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *