Part I – Update Manager (VUM) Installation and Configuration GuidePosted: October 23, 2011
So during my first data center virtualization project, I had to write up a series of documents for internal reference. These documents were to help us perform a standard installation at each site we migrate. I thought it would be helpful to post them for anyone else looking to perform these tasks, as well. This series of posts is about VMware Update Manager 4.1U1 and its associated Update Manager Download Service. It appears in three posts because the topic can be logically separated into three steps: installing and configuring VUM, installing and configuring UMDS, and a patching guide once your initial update infrastructure is in place. This post, as you can see, is part I. Let me know if it helps you out or if I missed something. All the best!
This is a standard installation of vCenter Update Manager 4.1U1. It will walk you through a basic installation but the configuration will be in regards to an air-gap network. There are companion guides which describe the installation of the Update Manager Download Service as well as a patching guide.
This guide assumes the use of Windows Server 2008 64-bit as well as SQL Server 2008 64-bit. All of our servers are VMs in a vSphere 4.1U1 environment. Although Update Manager can be installed on a 64-bit machine, the application is still 32-bit which requires a 32-bit DSN to the backend SQL database. The configuration steps at the end of this guide assume that WSUS or SCCM are being used to push patches to Windows VMs in your environment because we’ll eventually set UMDS to only download ESXi 4.x patches and updates.
There are three steps to installing Update Manager. You’ll first need to create a database for Update Manager and assign appropriate permissions. Then you’ll create on ODBC connection from the Update Manager server to your backend SQL box. You’ll install Update Manager and install the Update Manager plug-in. Lastly, you’ll configure some basic settings.
Create VUM database and assign permissions
From SQL Management Studio, create a database called VUM by right clicking Databases and selecting New Database… All you have to do here is give it the name, “VUM.”
Next, you need to create a local SQL account that will only have access to the VUM database (and the obligatory MSDB permissions). This account is very similar to the vpxuser account used for vCenter. Expand Security and right click Logins. Choose New Login… Give the account the name, “vumuser,” with a strong password. Be sure to record the password in a safe place. Uncheck the box “Enforce password policy.” At the bottom of the New Login window, change this account’s default database to VUM.
In the left pane, select User Mapping. Select the Map check boxes next to the msdb and VUM databases. In the Default Schema edit box for both the msdb and VUM databases, click the browse (…) button. Type in “dbo” in the edit box and choose Check Names. Click OK when done.
Click in the whitespace next to each database name while still in the User Mapping view. In the bottom pane under Database role membership for: <DatabaseName>, select the check box next to dbo_owner. These are the last steps to setting up your VUM database. When complete, vumuser User Mappings should look like this:
Create 32-bit ODBC connection
Before installing Update Manager, you need to download the Microsoft SQL Server 2008 Native Client. You’ll have to scroll down the page a bit until you come across the links to download the client. If you’re attaching VUM to a SQL Server 2005 database, the 2008 Native Client can be used to connect to it, as well.
Installing the SQL Server Native Client will allow you to create the proper DSN later. The SQL Server Native Client install is a Next-Next-Finish process. Simply accept all the defaults and let the installer do the rest. For your reference, the SQL Server Native Client file is shown below.
The ODBC connector program is installed by default in a Windows Server installation; however, in a 64-bit Windows installation, the default ODBC connection is 64-bit. For Update Manager, you cannot use the standard ODBC connector found in Administrative Tools.
You must use the odbcad32.exe program found in C:\Windows\SysWOW64\. Execute this program and create your 32-bit System DSN.
Choosing the System DSN tab and selecting Add… from the right, you’ll see a long list of all the DSNs you can create. Scroll all the way down and select SQL Server Native Client 10.0. Click Finish when you’ve selected it.
In the next windows, enter the name of your Update Manager database, VUM, and the hostname or IP address of your SQL Server. Click Next when finished.
When asked how SQL Server should verify the authenticity of the login ID, select the radio button next to “With SQL Server authentication using a login ID and password entered by the user.” Enter the local SQL account you created for accessing the VUM database, vumuser and the strong password you chose. Click Next when finished.
Check the box next to, “Change the default database to:” and leave the VUM database selected. Click Next.
Leave all the defaults on the next page and click Finish. The next window will give you the opportunity to test the connection to your backend SQL Server you just created. Click Test Data Source…and look for a success message.
Click OK when done. You’ve now set up your 32-bit ODBC connection and you’re ready to install Update Manager.
Install Update Manager
Okay, so before you actually install Update Manager, you’ll want to prepare your disks. In this walkthrough, we’re giving our VM a second virtual hard disk of 40 GB for the installation of Update Manager as well as storage of patches and updates. For now, ensure that the second drive is given the letter D:. This is just for standardization’s sake. Also, create a folder at the root of D: called VUMrepo for VMware Update Manager repository. This is where all the patches and updates will be unpacked to.
The vCenter installation media also has the installation files for Update Manager (as well as the Update Manager Download Service). Mount the ISO and run Setup. Select vCenter Update Manager from the VMware Product Installers. Click OK for the language option. If you haven’t already installed the Microsoft .NET Framework 3.0 SP1, you’ll be prompted to do so before continuing. Click Next on the first screen. View all the patents and accept the EULA. At the vCenter information screen, enter the IP address of your vCenter server and credentials that have the right to log into vCenter.
If your vCenter information is correct, you’ll move onto the next screen. If not, you’ll be asked to verify the information needed to log into vCenter is correct.
In your database options, select Use an existing supported database and select VUM (MS SQL) from the drop-down list. If you failed to create a correct 32-bit DSN, you will see a message in the drop-down list asking you to create one.
In the next window, enter in vumuser’s password and click Next. If your VUM database is set to a Full recovery model, you’ll be warned that improper database backups can cause problems. Continue on. When asked how your Update Manager server should be identified on the network, choose the IP address. This will prevent any hiccups with DNS from causing problems.
When asked to choose the location of your installation and repository, change them both to D: as shown below.
At the next screen, choose to Install. When it completes, you’re finished on the VUM server. You still need to install the Update Manager plug-in on any machine accessing vCenter with the vSphere Client.
Install Update Manager plug-in
Log into vCenter and from the menu choose Plug-ins > Manage Plug-ins…
Click on the link to download and install the Update Manager plug-in. This will download the installation files from the vCenter server to your machine. The installation will begin automatically.
The installation is a Next-Next-Finish process. You’ll need to be running the vSphere Client as a user with rights to install software on the local machine to install the Update Manager plug-in.
When the installation is finished, you’ll see its status as Enabled within the Plug-in Manager.
To actually view Update Manager in all its glory, from the vSphere Client, choose the Home button at the top of the window. At the bottom of the Home screen, under Solutions and Applications, you’ll see Update Manager.
From the Update Manager view, you’ll have all your options available as tabs.
Configure basic settings
On the Configuration tab, click Patch Download Settings from the Settings menu. By default, Update Manager wants to download patches from the Internet all by its lonesome, without the Update Manager Download Service (UMDS). In this set of walkthroughs, we’re setting up an air-gap deployment whereby UMDS will download patches from the Internet, an administrator will use 7-zip to create DVD-sized chunks of patches and updates, and the updates will be transferred via Sneaker-Net to the Update Manager box and unpacked into the VUMrepo directory.
Under Patch Download Settings, the Direct connection to Internet option is selected. Just so no accidents happen – and by accidents I mean someone can’t just re-select Direct connection to Internet and start downloading operating system and VI3 patches – go ahead and de-select all the enabled check boxes listed. Then select the radio button next to Use a shared repository, typing in D:\VUMrepo, the repository directory you created earlier. You may get a message about the repository being invalid or that it cannot be reached. If you press the Validate URL button, you’ll also see an error stating that you’ve chosen and invalid repository. When we eventually add the patches and updates to this repository, these errors and warnings will go away.
Because this Update Manager will not be downloading patches itself, when you select the next configuration setting from the Settings menu, Patch Download Schedule, de-select the check box and click Apply. In my vCenter Update Manager Patching guide, I call out the error I made here. Don’t’ de-select the Patch Download Schedule. Leave it enabled. You can set the schedule to be “Once” and “Now,” if you wish, but leave it enabled.
Do the same for the Notification Check Schedule – de-select the check box and click Apply. Also, leave the Notification Check Schedule enabled. You can change this schedule to “Once” and “Now,” if you wish, as well, but leave it enabled.
Because we’re not patching any VMs, only hosts, de-select the check box on the Virtual Machine Settings page, as well.
On the ESX Host/Cluster settings, change the failure response task to Fail Task. This is set in the hopes that an administrator, while updating ESXi hosts, will not start an update and walk away, never noticing the failure. The immediate failure will give the admin a chance to correct the problem immediately instead of waiting for the host to retry entering maintenance mode.
Also on this page, because we’re using both DPM and HA, go ahead and check the box next to High Availability Admission Control and click Apply.
That’s all for the installation and initial configuration. Once UMDS is installed and configured, we’ll use it in conjunction with VUM to update hosts.