Vmware VSphere Update Manager Installation And Administration Guide VMware. 6.5 V Sphere 651 Iag En

User Manual: vmware vSphere Update Manager - 6.5 - Installation and Administration Guide Free User Guide for VMware vSphere Software, Manual

Open the PDF directly: View PDF PDF.
Page Count: 166 [warning: Documents this large are best viewed by clicking the View PDF Link!]

vSphere Update Manager Installation
and Administration Guide
Update 1
Modified on 04 OCT 2017
VMware vSphere 6.5
vSphere Update Manager 6.5
vSphere Update Manager Installation and Administration Guide
2 VMware, Inc.
You can find the most up-to-date technical documentation on the VMware Web site at:
hps://docs.vmware.com/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Contents
About Installing and Administering VMware vSphere Update Manager 9
Updated Information 11
1Understanding Update Manager 13
Overview of the Update Manager Interface 14
About the Update Manager Process 15
Conguring the Update Manager Download Source 16
Downloading Updates and Related Metadata 16
Importing ESXi Images 18
Creating Baselines and Baseline Groups 18
Aaching Baselines and Baseline Groups to vSphere Objects 20
Scanning Selected vSphere Objects 20
Reviewing Scan Results 21
Staging Patches and Extensions to Hosts 21
Remediating Selected vSphere Objects 22
2Installing Update Manager on Windows 25
System Requirements 26
Update Manager Hardware Requirements 26
Supported Windows Operating Systems and Database Formats 26
Update Manager Compatibility with vCenter Server and vSphere Web Client 27
Required Database Privileges 27
Preparing the Update Manager Database 28
Create a 64-Bit DSN 29
About the Bundled Microsoft SQL Server 2012 Express Database Package 29
Maintaining Your Update Manager Database 29
Congure a Microsoft SQL Server Database Connection 29
Congure an Oracle Database 31
Prerequisites for Installing the Update Manager Server on Windows 33
Obtain the Update Manager Installer 34
Install the Update Manager Server 35
Enable the Update Manager Web Client Plug-In 37
3Uninstalling Update Manager that Runs on Windows 39
Uninstall the Update Manager Server 39
4Upgrading Update Manager that Runs on Windows 41
Upgrade the Update Manager Server 42
Upgrade the Update Manager Java Components 43
VMware, Inc. 3
5Using Update Manager with the vCenter Server Appliance 45
Start, Stop, or Restart Update Manager Service in the vCenter Server Appliance 45
6Migrating Update Manager from Windows to the vCenter Server Appliance 47
Download and Run VMware Migration Assistant on the Source Update Manager Machine 48
Roll Back a Migration of vCenter Server Appliance with Update Manager 48
7Best Practices and Recommendations for Update Manager Environment 51
Update Manager Deployment Models and Their Usage 52
8Installing, Seing Up, and Using Update Manager Download Service 53
Compatibility Between UMDS and the Update Manager Server 54
Installing UMDS on a Windows Operating System 54
Install UMDS on a Windows Operating System 54
Installing and Upgrading UMDS on a Linux-Based Operating System 56
Supported Linux-Based Operating Systems and Databases for Installing UMDS 56
Congure PostgreSQL Database for UMDS on Linux 56
Install UMDS on a Linux OS 58
Uninstall UMDS from a Linux OS 59
Seing Up and Using UMDS 59
Set Up the Data to Download with UMDS 59
Change the UMDS Patch Repository Location 60
Congure URL Addresses for Hosts 61
Download the Specied Data Using UMDS 61
Export the Downloaded Data 62
9Conguring Update Manager 65
Update Manager Network Connectivity Seings 66
Change the Update Manager Network Seings 67
Conguring the Update Manager Download Sources 68
Congure Update Manager to Use the Internet as a Download Source 69
Add a New Download Source 70
Use a Shared Repository as a Download Source 71
Import Patches Manually 72
Congure the Update Manager Proxy Seings 73
Congure Checking for Updates 73
Conguring and Viewing Notications 74
Congure Notications Checks 75
View Notications and Run the Notication Checks Task Manually 76
Types of Update Manager Notications 76
Conguring Host and Cluster Seings 77
Congure Host Maintenance Mode Seings 78
Congure Cluster Seings 79
Enable Remediation of PXE Booted ESXi Hosts 80
Take Snapshots Before Remediation 81
Congure Smart Rebooting 82
Congure the Update Manager Patch Repository Location 82
Restart the Update Manager Service 83
vSphere Update Manager Installation and Administration Guide
4 VMware, Inc.
Run the VMware vSphere Update Manager Update Download Task 83
Update Manager Privileges 84
10 Working with Baselines and Baseline Groups 85
Creating and Managing Baselines 87
Create and Edit Patch or Extension Baselines 87
Create and Edit Host Upgrade Baselines 92
Create and Edit a Virtual Appliance Upgrade Baseline 95
Delete Baselines 97
Creating and Managing Baseline Groups 97
Create a Host Baseline Group 98
Create a Virtual Machine and Virtual Appliance Baseline Group 98
Edit a Baseline Group 99
Add Baselines to a Baseline Group 100
Remove Baselines from a Baseline Group 100
Delete Baseline Groups 101
Aach Baselines and Baseline Groups to Objects 101
Detach Baselines and Baseline Groups from Objects 102
11 Scanning vSphere Objects and Viewing Scan Results 103
Manually Initiate a Scan of ESXi Hosts 103
Manually Initiate a Scan of Virtual Machines and Virtual Appliances 104
Manually Initiate a Scan of a Container Object 104
Schedule a Scan 105
Viewing Scan Results and Compliance States for vSphere Objects 105
View Compliance Information for vSphere Objects 106
Review Compliance with Individual vSphere Objects 107
Compliance View 107
Compliance States for Updates 110
Baseline and Baseline Group Compliance States 111
Viewing Patch Details 112
Viewing Extension Details 113
Viewing Upgrade Details 113
Host Upgrade Scan Messages in Update Manager 115
Host Upgrade Scan Messages When Cisco Nexus 1000V Is Present 117
VMware Tools Status 118
12 Remediating vSphere Objects 119
Orchestrated Upgrades of Hosts and Virtual Machines 119
Remediating Hosts 120
Remediation Specics of ESXi Hosts 122
Remediating Hosts That Contain Third-Party Software 122
Remediating ESXi 5.5 or ESXi 6.0 Hosts Against ESXi 6.5 Image 123
Remediation Specics of Hosts That Are Part of a vSAN Cluster 124
Remediating vSAN Clusters Against System Managed Baselines 124
Stage Patches and Extensions to ESXi Hosts 125
Remediate Hosts Against Patch or Extension Baselines 126
Remediate Hosts Against an Upgrade Baseline 129
Contents
VMware, Inc. 5
Remediate Hosts Against Baseline Groups 132
Cluster Remediation Options Report 134
Remediating Virtual Machines and Virtual Appliances 135
Rolling Back to a Previous Version 136
Remediate Virtual Machines and Virtual Appliances 136
Upgrade VMware Tools on Power Cycle 137
Scheduling Remediation for Hosts, Virtual Machines, and Virtual Appliances 138
13 View Update Manager Events 139
14 Patch Repository and Virtual Appliance Upgrades 141
Add or Remove Patches From a Baseline 141
15 Troubleshooting 143
Update Manager Web Client Remains Visible in the vSphere Web Client After Uninstalling
Update Manager Server 143
Connection Loss with Update Manager Server or vCenter Server in a Single vCenter Server System 144
Gather Update Manager Log Bundles 144
Gather Update Manager and vCenter Server Log Bundles 145
Log Bundle Is Not Generated 145
Host Extension Remediation or Staging Fails Due to Missing Prerequisites 146
No Baseline Updates Available 146
All Updates in Compliance Reports Are Displayed as Not Applicable 147
All Updates in Compliance Reports Are Unknown 147
VMware Tools Upgrade Fails if VMware Tools Is Not Installed 147
ESXi Host Scanning Fails 148
ESXi Host Upgrade Fails 148
The Update Manager Repository Cannot Be Deleted 148
Incompatible Compliance State 149
Updates Are in Conict or Conicting New Module State 150
Updates Are in Missing Package State 150
Updates Are in Not Installable State 151
Updates Are in Unsupported Upgrade State 151
16 Database Views 153
VUMV_VERSION 154
VUMV_UPDATES 154
VUMV_HOST_UPGRADES 154
VUMV_VA_UPGRADES 155
VUMV_PATCHES 155
VUMV_BASELINES 155
VUMV_BASELINE_GROUPS 156
VUMV_BASELINE_GROUP_MEMBERS 156
VUMV_PRODUCTS 156
VUMV_BASELINE_ENTITY 157
VUMV_UPDATE_PATCHES 157
VUMV_UPDATE_PRODUCT 157
VUMV_ENTITY_SCAN_HISTORY 157
vSphere Update Manager Installation and Administration Guide
6 VMware, Inc.
VUMV_ENTITY_REMEDIATION_HIST 158
VUMV_UPDATE_PRODUCT_DETAILS 158
VUMV_BASELINE_UPDATE_DETAILS 158
VUMV_ENTITY_SCAN_RESULTS 159
VUMV_VMTOOLS_SCAN_RESULTS 159
VUMV_VMHW_SCAN_RESULTS 159
VUMV_VA_APPLIANCE 160
VUMV_VA_PRODUCTS 160
Index 161
Contents
VMware, Inc. 7
vSphere Update Manager Installation and Administration Guide
8 VMware, Inc.
About Installing and Administering VMware
vSphere Update Manager
Installing and Administering VMware vSphere Update Manager provides information about installing,
conguring, and using VMware® vSphere Update Manager to scan and remediate the objects in your
vSphere environment. It also describes the tasks that you can perform to update your vSphere inventory
objects and make them compliant against aached baselines and baseline groups.
For scanning and remediation, Update Manager works with the following ESXi versions:
nFor VMware Tools and virtual machine hardware upgrade operations, Update Manager works with 5.5,
ESXi 6.0, and ESXi 6.5.
nFor ESXi host patching operations, Update Manager works with ESXi 5.5, ESXi 6.0, and ESXi 6.5.
nFor ESXi host upgrade operations, Update Manager works withESXi 5.5, ESXi 6.0, and their respective
Update releases.
Intended Audience
This information is intended for anyone who wants to install, upgrade, migrate, or use Update Manager.
The information is wrien for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and data center operations.
VMware, Inc. 9
vSphere Update Manager Installation and Administration Guide
10 VMware, Inc.
Updated Information
This Installing and Administering VMware vSphere Update Manager documentation is updated with each
release of the product or when necessary.
This table provides the update history of the Installing and Administering VMware vSphere Update Manager.
Revision Description
04 OCT 2017 nAdded prerequisite information about Administrator access requirement for using UMDS on
Windows to download patches. The updated topics are following: Chapter 8, “Installing, Seing Up,
and Using Update Manager Download Service,” on page 53, “Seing Up and Using UMDS,” on
page 59, “Download the Specied Data Using UMDS,” on page 61, “Export the Downloaded
Data,” on page 62.
EN-002609-00 Initial release.
VMware, Inc. 11
vSphere Update Manager Installation and Administration Guide
12 VMware, Inc.
Understanding Update Manager 1
Update Manager enables centralized, automated patch and version management for VMware vSphere and
oers support for VMware ESXi hosts, virtual machines, and virtual appliances.
With Update Manager, you can perform the following tasks:
nUpgrade and patch ESXi hosts.
nInstall and update third-party software on hosts.
nUpgrade virtual machine hardware, VMware Tools, and virtual appliances.
Update Manager requires network connectivity with VMware vCenter Server. Each installation of
Update Manager must be associated (registered) with a single vCenter Server instance.
The Update Manager module consists of a server component and of a client component.
You can use Update Manager with either vCenter Server that runs on Windows or with the
vCenter Server Appliance.
If you want to use Update Manager with vCenter Server, you have to perform Update Manager installation
on a Windows machine. You can install the Update Manager server component either on the same Windows
server where the vCenter Server is installed or on a separate machine. To install Update Manager, you must
have Windows administrator credentials for the computer on which you install Update Manager.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you want to use Update Manager for each vCenter Server system, you must install
and register Update Manager instances with each vCenter Server system. You can use an Update Manager
instance only with the vCenter Server system with which it is registered.
The vCenter Server Appliance delivers Update Manager as an optional service. Update Manager is bundled
in the vCenter Server Appliance.
In vSphere 6.5, it is no longer supported to register Update Manager to a vCenter Server Appliance during
installation of the Update Manager server on a Windows machine.
The Update Manager client component is a plug-in that runs on the vSphere Web Client. The
Update Manager client component is automatically enabled after installation of the Update Manager server
component on Windows, and after deployment of the vCenter Server Appliance.
You can deploy Update Manager in a secured network without Internet access. In such a case, you can use
the VMware vSphere Update Manager Download Service (UMDS) to download update metadata and
update binaries.
This chapter includes the following topics:
n“Overview of the Update Manager Interface,” on page 14
nAbout the Update Manager Process,” on page 15
VMware, Inc. 13
Overview of the Update Manager Interface
The Update Manager server has a client interface for the vSphere Web Client.
The Update Manager Web Client is automatically enabled in the vSphere Web Client after you install the
Update Manager server component on Windows, or deploy the vCenter Server Appliance.
The Update Manager Web Client appears as an Update Manager tab in vSphere Web Client. The Update
Manager tab is on the same level as the Monitor tab, the  tab, the Datacenters tab, the Host &
Clusters tab, and so on.
To be able to see the Update Manager Web Client in vSphere Web Client you must have the View
Compliance Status privilege.
The Update Manager client Interface have two main views, Administration view and Compliance view.
To access the Administration view for the Update Manager Web Client, navigate to Home > Update
Manager and select the IP Address of the Update Manager instance you want to use.
In the Update Manager Administration view, you can do the following tasks:
nCongure the Update Manager seings
nCreate and manage baselines and baseline groups
nView Update Manager events
nReview the patch repository and available virtual appliance upgrades
nReview and check notications
nImport ESXi images
To view Compliance view information for a selected inventory object with the Update Manager Web Client,
select Hosts and Clusters or VMs and Templates inventory view of the vSphere Web Client, and click the
Update Manager tab.
In the Update Manager Compliance view, you can do the following tasks:
nView compliance and scan results for each selected inventory object
nAach and detach baselines and baseline groups from a selected inventory object
nScan a selected inventory object
nStage patches or extensions to hosts
nRemediate a selected inventory object
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have installed and registered more than one Update Manager instance, you can
congure the seings for each Update Manager instance. Conguration properties that you modify are
applied only to the Update Manager instance that you specify and are not propagated to the other instances
in the group. You can specify an Update Manager instance by selecting the name of the vCenter Server
system with which the Update Manager instance is registered from the navigation bar.
For a vCenter Server system that is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, you can also manage baselines and baseline groups as well as scan and remediate only the
inventory objects managed by the vCenter Server system with which Update Manager is registered.
vSphere Update Manager Installation and Administration Guide
14 VMware, Inc.
About the Update Manager Process
Upgrading vSphere objects and applying patches or extensions with Update Manager is a multistage
process in which procedures must be performed in a particular order. Following the suggested process helps
ensure a smooth update with a minimum of system downtime.
The Update Manager process begins by downloading information (metadata) about a set of patches,
extensions, and virtual appliance upgrades. One or more of these patches or extensions are aggregated to
form a baseline. You can add multiple baselines to a baseline group. A baseline group is a composite object
that consists of a set of nonconicting baselines. You can use baseline groups to combine dierent types of
baselines, and scan and remediate an inventory object against all of them as a whole. If a baseline group
contains both upgrade and patch or extension baselines, the upgrade runs rst.
A collection of virtual machines, virtual appliances, and ESXi hosts or individual inventory objects can be
scanned for compliance with a baseline or a baseline group and later remediated. You can initiate these
processes manually or through scheduled tasks.
nConguring the Update Manager Download Source on page 16
You can congure the Update Manager server to download patches, extensions, and virtual appliance
upgrades either from the Internet or from a shared repository. You can also import patches and
extensions manually from a ZIP le.
nDownloading Updates and Related Metadata on page 16
Downloading virtual appliance upgrades, host patches, extensions, and related metadata is a
predened automatic process that you can modify. By default, at regular congurable intervals,
Update Manager contacts VMware or third-party sources to gather the latest information (metadata)
about available upgrades, patches, or extensions.
nImporting ESXi Images on page 18
You can upgrade the hosts in your environment to ESXi 6.5 by using host upgrade baselines. To create
a host upgrade baseline, you must rst upload at least one ESXi 6.5 .iso image to the Update Manager
repository.
nCreating Baselines and Baseline Groups on page 18
Baselines contain a collection of one or more patches, extensions, service packs, bug xes, or upgrades,
and can be classied as patch, extension, or upgrade baselines. Baseline groups are assembled from
existing baselines.
nAaching Baselines and Baseline Groups to vSphere Objects on page 20
To use baselines and baseline groups, you must aach them to selected inventory objects such as
container objects, virtual machines, virtual appliances, or hosts.
nScanning Selected vSphere Objects on page 20
Scanning is the process in which aributes of a set of hosts, virtual machines, or virtual appliances are
evaluated against all patches, extensions, and upgrades from an aached baseline or baseline group,
depending on the type of scan you select.
nReviewing Scan Results on page 21
Update Manager scans vSphere objects to determine how they comply with baselines and baseline
groups that you aach. You can lter scan results by text search, group selection, baseline selection,
and compliance status selection.
nStaging Patches and Extensions to Hosts on page 21
You can stage patches and extensions before remediation to ensure that the patches and extensions are
downloaded to the host. Staging patches and extensions is an optional step that can reduce the time
during which hosts are in maintenance mode.
Chapter 1 Understanding Update Manager
VMware, Inc. 15
nRemediating Selected vSphere Objects on page 22
Remediation is the process in which Update Manager applies patches, extensions, and upgrades to
ESXi hosts, virtual machines, or virtual appliances after a scan is complete.
Configuring the Update Manager Download Source
You can congure the Update Manager server to download patches, extensions, and virtual appliance
upgrades either from the Internet or from a shared repository. You can also import patches and extensions
manually from a ZIP le.
Conguring the Update Manager download source is an optional step.
If your deployment system is connected to the Internet, you can use the default seings and links for
downloading upgrades, patches, and extensions to the Update Manager repository. You can also add URL
addresses to download virtual appliance upgrades or third-party patches and extensions. Third-party
patches and extensions are applicable only to hosts that are running ESXi 5.0 and later.
If your deployment system is not connected to the Internet, you can use a shared repository after
downloading the upgrades, patches, and extensions by using Update Manager Download Service (UMDS).
For more information about UMDS, see Chapter 8, “Installing, Seing Up, and Using Update Manager
Download Service,” on page 53.
With Update Manager, you can import both VMware and third-party patches or extensions manually from a
ZIP le, also called an oine bundle. Import of oine bundles is supported only for hosts that are running
ESXi 5.0 and later. You download the oine bundle ZIP les from the Internet or copy them from a media
drive, and save them on a local or a shared network drive. You can import the patches or extensions to the
Update Manager patch repository later. You can download oine bundles from the VMware Web site or
from the Web sites of third-party vendors.
N You can use oine bundles for host patching operations only. You cannot use third-party oine
bundles or oine bundles that you generated from custom VIB sets for host upgrade from ESXi 5.5.x and
ESXi 6.0.x to ESXi 6.5.
For detailed descriptions of the procedures, see “Conguring the Update Manager Download Sources,” on
page 68.
Downloading Updates and Related Metadata
Downloading virtual appliance upgrades, host patches, extensions, and related metadata is a predened
automatic process that you can modify. By default, at regular congurable intervals, Update Manager
contacts VMware or third-party sources to gather the latest information (metadata) about available
upgrades, patches, or extensions.
VMware provides information about patches for ESXi hosts and virtual appliance upgrades.
Update Manager downloads the following types of information:
nMetadata about all ESXi 5.5 and ESXi 6.x patches regardless of whether you have hosts of such versions
in your environment.
nMetadata about ESXi 5.5 and ESXi 6.x patches as well as about extensions from third-party vendor URL
addresses.
nNotications, alerts, and patch recalls for ESXi 5.5 and ESXi 6.x hosts.
nMetadata about upgrades for virtual appliances.
Downloading information about all updates is a relatively low-cost operation in terms of disk space and
network bandwidth. The availability of regularly updated metadata lets you add scanning tasks for hosts or
appliances at any time.
vSphere Update Manager Installation and Administration Guide
16 VMware, Inc.
Update Manager supports the recall of patches for hosts that are running ESXi 5.0 or later. A patch is
recalled if the released patch has problems or potential issues. After you scan the hosts in your environment,
Update Manager alerts you if the recalled patch has been installed on a certain host. Recalled patches cannot
be installed on hosts with Update Manager. Update Manager also deletes all the recalled patches from the
Update Manager patch repository. After a patch xing the problem is released, Update Manager downloads
the new patch to its patch repository. If you have already installed the problematic patch, Update Manager
noties you that a x was released and prompts you to apply the new patch.
If Update Manager cannot download upgrades, patches, or extensions—for example, if it is deployed on an
internal network segment that does not have Internet access—you must use UMDS to download and store
the data on the machine on which UMDS is installed. The Update Manager server can use the upgrades,
patches, and extensions that UMDS downloaded after you export them.
For more information about UMDS, see Chapter 8, “Installing, Seing Up, and Using Update Manager
Download Service,” on page 53.
You can congure Update Manager to use an Internet proxy to download upgrades, patches, extensions,
and related metadata.
You can change the time intervals at which Update Manager downloads updates or checks for notications.
For detailed descriptions of the procedures, see “Congure Checking for Updates,” on page 73 and
“Congure Notications Checks,” on page 75.
Types of Software Updates and Related Terms
Update Manager downloads software updates and metadata from Internet depots or UMDS-created shared
repositories. You can import oine bundles and host upgrade images from a local storage device into the
local Update Manager repository.
Bulletin A grouping of one or more VIBs. Bulletins are dened within metadata.
Depot A logical grouping of VIBs and associated metadata that is published online.
Host upgrade image An ESXi image that you can import in the Update Manager repository and
use for upgrading ESXi 5.5 or ESXi 6.0 hosts to ESXi 6.5.
Extension A bulletin that denes a group of VIBs for adding an optional component to
an ESXi host. An extension is usually provided by a third party that is also
responsible for patches or updates to the extension.
Metadata Extra data that denes dependency information, textual descriptions, system
requirements, and bulletins.
Offline bundle ZIP An archive that encapsulates VIBs and corresponding metadata in a self-
contained package that is useful for oine patching. You cannot use third-
party oine bundles or oine bundles that you generated from custom VIB
sets for host upgrade from ESXi 5.5 or ESXi 6.0 to ESXi 6.5.
Patch A bulletin that groups one or more VIBs together to address a particular
issue or enhancement.
Roll-up A collection of patches that is grouped for ease of download and
deployment.
VA upgrade Updates for a virtual appliance, which the vendor considers an upgrade.
VIB A VIB is a single software package.
Chapter 1 Understanding Update Manager
VMware, Inc. 17
Importing ESXi Images
You can upgrade the hosts in your environment to ESXi 6.5 by using host upgrade baselines. To create a host
upgrade baseline, you must rst upload at least one ESXi 6.5 .iso image to the Update Manager repository.
With Update Manager 6.5 you can upgrade hosts that are running ESXi 5.5 or ESXi 6.0 to ESXi 6.5. Host
upgrades to ESXi 5.0, ESXi 5.1, ESXi 5.5, or ESXi 6.0 are not supported.
Before uploading ESXi images, obtain the image les from the VMware Web site or another source. You can
create custom ESXi images that contain third-party VIBs by using vSphere ESXi Image Builder. For more
information, see Customizing Installations with vSphere ESXi Image Builder.
You can upload and manage ESXi images from the ESXi Images tab of the Update Manager Administration
view.
ESXi images that you import are kept in the Update Manager repository. You can include ESXi images in
host upgrade baselines. To delete an ESXi image from the Update Manager repository, rst you must delete
the upgrade baseline that contains it. After you delete the baseline, you can delete the image from the ESXi
Images tab.
For more information about importing ESXi images and creating host upgrade baselines, see “Create a Host
Upgrade Baseline,” on page 93.
Creating Baselines and Baseline Groups
Baselines contain a collection of one or more patches, extensions, service packs, bug xes, or upgrades, and
can be classied as patch, extension, or upgrade baselines. Baseline groups are assembled from existing
baselines.
Host baseline groups can contain a single upgrade baseline, and various patch and extension baselines.
Virtual machine and virtual appliance baseline groups can contain up to three upgrade baselines: one
VMware Tools upgrade baseline, one virtual machine hardware upgrade baseline, and one virtual appliance
upgrade baseline.
When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and
baseline groups to determine their level of compliance.
Update Manager includes two predened patch baselines and three predened upgrade baselines. You
cannot edit or delete the predened virtual machine and virtual appliance upgrade baselines. You can use
the predened baselines, or create patch, extension, and upgrade baselines that meet your criteria. Baselines
you create, and predened baselines, can be combined in baseline groups. For more information about
creating and managing baselines and baseline groups, see Chapter 10, “Working with Baselines and Baseline
Groups,” on page 85.
Baseline Types
Update Manager supports dierent types of baselines that you can use when scanning and remediating
objects in your inventory.
Update Manager provides upgrade, patch, and extension baselines.
vSphere Update Manager Installation and Administration Guide
18 VMware, Inc.
Upgrade Baselines
Baseline Description
Host Upgrade
Baseline
Denes to which version to upgrade the hosts in your environment. With Update Manager 6.5,
you can upgrade ESXi hosts from version 5.5 and 6.0 to ESXi 6.5.
Virtual Appliance
Upgrade Baseline
Denes to which version to upgrade a selected virtual appliance. For example, you can upgrade
to the latest released virtual appliance version by using the predened VA Upgrade to Latest
(Predened) baseline.
Virtual Machine
Upgrade Baseline
Denes to which version to upgrade virtual hardware or VMware Tools. With
Update Manager 6.5 you can upgrade to hardware version vmx-13 and to the latest VMware
Tools version on hosts that are running ESXi 6.5.
Patch Baselines
Patch baselines dene a number of patches that must be applied to a given host. Patch baselines can be
either dynamic or xed.
Baseline Description
Dynamic Patch
Baseline
The contents of a dynamic baseline are based on available patches that meet the specied criteria.
As the set of available patches changes, dynamic baselines are updated as well. You can explicitly
include or exclude any patches.
Fixed Patch Baseline You manually specify which patches to include in the xed patch baseline from the total set of
patches available in the Update Manager repository.
Extension Baselines
Baseline Description
Extension
Baseline
Contains extensions (additional software such as third-party device drivers) that must be applied to a
given host. Extensions are installed on hosts that do not have such software installed on them, and
patched on hosts that already have the software installed. All third-party software for ESXi hosts is
classied as a host extension, although host extensions are not restricted to just third-party software.
Update Manager Default Baselines
Update Manager includes default baselines that you can use to scan any virtual machine, virtual appliance,
or host to determine whether the hosts in your environment are updated with the latest patches, or whether
the virtual appliances and virtual machines are upgraded to the latest version.
Critical Host Patches
(Predefined)
Checks ESXi hosts for compliance with all critical patches.
Non-Critical Host
Patches (Predefined)
Checks ESXi hosts for compliance with all optional patches.
VMware Tools Upgrade
to Match Host
(Predefined)
Checks virtual machines for compliance with the latest VMware Tools
version on the host. Update Manager supports upgrading of VMware Tools
for virtual machines on hosts that are running ESXi 5.5.x and later.
VM Hardware Upgrade
to Match Host
(Predefined)
Checks the virtual hardware of a virtual machine for compliance with the
latest version supported by the host. Update Manager supports upgrading to
virtual hardware version vmx-13 on hosts that are running ESXi 6.5 .
VA Upgrade to Latest
(Predefined)
Checks virtual appliance compliance with the latest released virtual
appliance version.
Chapter 1 Understanding Update Manager
VMware, Inc. 19
Baseline Groups
Baseline groups can contain patch, extension, and upgrade baselines. The baselines that you add to a
baseline group must be non-conicting.
A baseline group is limited to a combination of patches, extensions, and upgrades. The following are valid
combinations of baselines that can make up a baseline group:
nMultiple host patch and extension baselines.
nOne upgrade baseline, multiple patch and extension baselines.
For example, one ESXi upgrade baseline and multiple ESXi patch or extension baselines.
nMultiple upgrade baselines, but only one upgrade baseline per upgrade type (like VMware Tools,
virtual machine hardware, virtual appliance, or host).
For example, VMware Tools Upgrade to Match Host baseline, VM Hardware Upgrade to Match Host
baseline and one VA Upgrade to Latest baseline. You cannot create a baseline group containing two
virtual appliance upgrade baselines.
Attaching Baselines and Baseline Groups to vSphere Objects
To use baselines and baseline groups, you must aach them to selected inventory objects such as container
objects, virtual machines, virtual appliances, or hosts.
Although you can aach baselines and baseline groups to individual objects, a more ecient method is to
aach them to container objects, such as folders, vApps, clusters, and data centers. Individual vSphere
objects inherit baselines aached to the parent container object. Removing an object from a container
removes the inherited baselines from the object.
For a detailed description of the procedure, see Aach Baselines and Baseline Groups to Objects,” on
page 101.
Scanning Selected vSphere Objects
Scanning is the process in which aributes of a set of hosts, virtual machines, or virtual appliances are
evaluated against all patches, extensions, and upgrades from an aached baseline or baseline group,
depending on the type of scan you select.
You can scan a host installation to determine whether the latest patches or extensions are applied, or you can
scan a virtual machine to determine whether it is up to date with the latest virtual hardware or
VMware Tools version.
Update Manager supports the following types of scan:
Host patch scan You can perform patch scans on ESXi 5.5 and later.
Host extensions scan You can scan ESXi 5.5 and later for extensions (additional software modules).
Host upgrade scan You can scan ESXi 5.5 and ESXi 6.0 for upgrading to ESXi 6.5.
VMware Tools scan You can scan virtual machines running Windows or Linux for the latest
VMware Tools version. You can perform VMware Tools scans on online or
oine virtual machines and templates. You must power on the virtual
machine at least once before performing a VMware Tools scan.
vSphere Update Manager Installation and Administration Guide
20 VMware, Inc.
Virtual machine
hardware upgrade scan
You can scan virtual machines running Windows or Linux for the latest
virtual hardware supported on the host. You can perform hardware-upgrade
scans on online or oine virtual machines and templates.
Virtual appliance
upgrade scan
You can scan powered-on virtual appliances that are created with VMware
Studio 2.0 and later.
You can use VMware Studio 2.0 and later to automate the creation of ready-to-deploy vApps with pre-
populated application software and operating systems. VMware Studio adds a network agent to the guest so
that vApps bootstrap with minimal eort. Conguration parameters specied for vApps appear as OVF
properties in the vCenter Server deployment wizard. For more information about VMware Studio, see the
VMware SDK and API documentation for VMware Studio. For more information about vApp, you can also
check the VMware blog site. You can download VMware Studio from the VMware website.
You can initiate scans on container objects, such as data centers, clusters, vApps, or folders, to scan all the
ESXi hosts or virtual machines and appliances in that container object.
You can congure Update Manager to scan virtual machines, virtual appliances, and ESXi hosts against
baselines and baseline groups by manually initiating or scheduling scans to generate compliance
information. Schedule scan tasks at a data center or vCenter Server system level to make sure that scans are
up to date.
For manual and scheduled scanning procedures, see Chapter 11, “Scanning vSphere Objects and Viewing
Scan Results,” on page 103.
Reviewing Scan Results
Update Manager scans vSphere objects to determine how they comply with baselines and baseline groups
that you aach. You can lter scan results by text search, group selection, baseline selection, and compliance
status selection.
When you select a container object, you view the overall compliance status of the container against the
aached baselines as a group. You also see the individual compliance statuses of the objects in the selected
container against all baselines. If you select an individual baseline aached to the container object, you see
the compliance status of the container against the selected baseline.
If you select an individual virtual machine, appliance, or host, you see the overall compliance status of the
selected object against all aached baselines and the number of updates. If you select an individual baseline
aached to this object, you see the number of updates grouped by the compliance status for that baseline.
The compliance information is displayed on the Update Manager tab. For more information about viewing
compliance information, see “Viewing Scan Results and Compliance States for vSphere Objects,” on
page 105.
Staging Patches and Extensions to Hosts
You can stage patches and extensions before remediation to ensure that the patches and extensions are
downloaded to the host. Staging patches and extensions is an optional step that can reduce the time during
which hosts are in maintenance mode.
Staging patches and extensions to hosts that are running ESXi 5.0 or later lets you download the patches and
extensions from the Update Manager server to the ESXi hosts without applying the patches or extensions
immediately. Staging patches and extensions speeds up the remediation process because the patches and
extensions are already available locally on the hosts.
I Update Manager can stage patches to PXE booted ESXi hosts.
For more information about staging patches, see “Stage Patches and Extensions to ESXi Hosts,” on page 125.
Chapter 1 Understanding Update Manager
VMware, Inc. 21
Remediating Selected vSphere Objects
Remediation is the process in which Update Manager applies patches, extensions, and upgrades to ESXi
hosts, virtual machines, or virtual appliances after a scan is complete.
Remediation makes the selected vSphere objects compliant with patch, extension, and upgrade baselines.
As with scanning, you can remediate single hosts, virtual machines, or virtual appliances. You can also
initiate remediation on a folder, a cluster, or a data center level.
Update Manager supports remediation for the following inventory objects:
nPowered on, suspended, or powered o virtual machines and templates for VMware Tools and virtual
machine hardware upgrade.
nPowered on virtual appliances that are created with VMware Studio 2.0 and later, for virtual appliance
upgrade.
nESXi hosts for patch, extension, and upgrade remediation.
You can remediate the objects in your vSphere inventory by using either manual remediation or scheduled
remediation. For more information about manual and scheduled remediation, see Chapter 12, “Remediating
vSphere Objects,” on page 119.
Remediating Hosts
Update Manager 6.5 supports upgrade from ESXi 5.5.x and ESXi 6.0.x to ESXi 6.5.
I If you enable the seing from the ESX Host/Cluster  page of the  tab, or
from the Remediate wizard, you can patch PXE booted ESXi hosts.
After you upload ESXi images, upgrades for ESXi hosts are managed through baselines and baseline groups.
Typically, if the update requires it, hosts are put into maintenance mode before remediation. Virtual
machines cannot run when a host is in maintenance mode. To ensure a consistent user experience,
vCenter Server migrates the virtual machines to other hosts within a cluster before the host is put in
maintenance mode. vCenter Server can migrate the virtual machines if the cluster is congured for vMotion
and if VMware Distributed Resource Scheduler (DRS) and VMware Enhanced vMotion Compatibility (EVC)
are enabled. EVC is not a prerequisite for vMotion. EVC guarantees that the CPUs of the hosts are
compatible. For other containers or individual hosts that are not in a cluster, migration with vMotion cannot
be performed.
I After you have upgraded your host to ESXi 6.5, you cannot roll back to your version ESXi 5.5.x
or ESXi 6.0.x software. Back up your host conguration before performing an upgrade. If the upgrade fails,
you can reinstall the ESXi 5.5.x or ESXi 6.0.x software that you upgraded from, and restore your host
conguration. For more information about backing up and restoring your ESXi conguration, see vSphere
Upgrade.
Remediation of ESXi 5.5 and 6.0 hosts to their respective ESXi update releases is a patching process, while
the remediation of ESXi hosts from version 5.5 or 6.0 to 6.5 is an upgrade process.
Remediating Virtual Machines and Virtual Appliances
You can upgrade virtual appliances, VMware Tools, and the virtual hardware of virtual machines to a later
version. Upgrades for virtual machines are managed through the Update Manager default virtual machine
upgrade baselines. Upgrades for virtual appliances can be managed through both the Update Manager
default virtual appliance baselines and custom virtual appliance upgrade baselines that you create.
N Update Manager 6.5 does not support virtual machines patch baselines.
vSphere Update Manager Installation and Administration Guide
22 VMware, Inc.
Orchestrated Upgrades
With Update Manager, you can perform orchestrated upgrades of hosts and virtual machines. With
orchestrated upgrades, you can upgrade hosts and virtual machines in your vSphere inventory by using
baseline groups.
You can perform an orchestrated upgrade of hosts by using a baseline group that contains a single host
upgrade baseline and multiple patch or extension baselines. Update Manager rst upgrades the hosts and
then applies the patch or extension baselines.
You can perform an orchestrated upgrade of virtual machines by using a virtual machine baseline group
that contains the following baselines:
nVM Hardware Upgrade to Match Host
nVMware Tools Upgrade to Match Host
You can use orchestrated upgrades to upgrade the virtual hardware and VMware Tools of virtual machines
in the inventory at the same time. The VMware Tools upgrade baseline runs rst, followed by the virtual
machine hardware upgrade baseline.
Orchestrated upgrades can be performed at a cluster, folder, or a data center level.
Chapter 1 Understanding Update Manager
VMware, Inc. 23
vSphere Update Manager Installation and Administration Guide
24 VMware, Inc.
Installing Update Manager on
Windows 2
The Update Manager server is a 64-bit application. You can install the Update Manager server for Windows
only on 64-bit Windows machines.
You can install the Update Manager server component either on the same machine where the vCenter Server
is installed or on a separate machine. For optimal performance, especially in large-scale environments,
install the Update Manager server component on a dierent Windows machine.
The Update Manager 6.5 installer for Windows generates a 2048-bit key and self-signed certicate. To
replace the self-signed SSL certicate after installation, you can use the Update Manager Utility.
You can install vCenter Server and the Update Manager server in a heterogeneous network environment,
where one of the machines is congured to use IPv6 and the other is congured to use IPv4.
To run and use Update Manager, you must use a local system account for the machine on which
Update Manager is installed.
During installation, you cannot connect an Update Manager server that is installed on a Windows server to
a vCenter Server Appliance. The vCenter Server Appliance facilitates Update Manager server as a service.
After you install the Update Manager server component, the Update Manager Web Client plug-in is
automatically enabled on the vSphere Web Client, and appears as an Update Manager tab. The Update
Manager tab is on the same level as the Monitor tab, the  tab, the Datacenters tab, the Host &
Clusters tab, and so on.
VMware uses designated ports for communication. The Update Manager server connects to vCenter Server,
ESXi hosts, and the Update Manager Web Client plug-in on designated ports. If a rewall exists between
any of these elements and Windows rewall service is in use, the installer opens the ports during the
installation. For custom rewalls, you must manually open the required ports.
You can run Update Manager in deployments that you protect using SRM. Use caution before connecting
the Update Manager server to a vCenter Server instance to which the SRM server is connected. Connecting
the Update Manager server to the same vCenter Server instance as SRM might cause problems when you
upgrade SRM or vSphere, and when you perform daily tasks. Check the compatibility and interoperability
of Update Manager with SRM before you install the Update Manager server.
This chapter includes the following topics:
n“System Requirements,” on page 26
n“Preparing the Update Manager Database,” on page 28
n“Prerequisites for Installing the Update Manager Server on Windows,” on page 33
n“Obtain the Update Manager Installer,” on page 34
n“Install the Update Manager Server,” on page 35
n“Enable the Update Manager Web Client Plug-In,” on page 37
VMware, Inc. 25
System Requirements
To run and use the Update Manager server, you must ensure that your environment satises certain
conditions. You also must ensure that the vCenter Server, vSphere Web Client, and Update Manager are of
compatible versions.
Before you install Update Manager on Windows, you must set up an Oracle or Microsoft SQL Server
database. If your deployment is relatively small and contains up to 5 hosts and 50 virtual machines, you can
use the bundled Microsoft SQL Server 2012 Express database, which you can select to install from the
Update Manager installation wizard.
You can install Update Manager on a physical server or on a virtual machine. You can install the
Update Manager server component on the same Windows machine as vCenter Server or on a dierent
machine. After you install the Update Manager server component, to use Update Manager, the
Update Manager client is automatically enabled on the vSphere Web Client.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, you can install and register Update Manager instances with each vCenter Server system.
Update Manager Hardware Requirements
You can run Update Manager on any system that meets the minimum hardware requirements.
Minimum hardware requirements for Update Manager vary depending on how Update Manager is
deployed. If the database is installed on the same machine as Update Manager, requirements for memory
size and processor speed are higher. To ensure acceptable performance, verify that your system meets the
minimum hardware requirements.
Table 21. Minimum Hardware Requirements
Hardware Requirements
Processor Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
Network 10/100 Mbps
For best performance, use a Gigabit connection between Update Manager and the ESXi
hosts
Memory 2GB RAM if Update Manager and vCenter Server are on dierent machines
8GB RAM if Update Manager and vCenter Server are on the same machine
Update Manager uses a SQL Server or Oracle database. You should use a dedicated database for
Update Manager, not a database shared with vCenter Server, and should back up the database periodically.
Best practice is to have the database on the same computer as Update Manager or on a computer in the local
network.
Depending on the size of your deployment, Update Manager requires a minimum amount of free space per
month for database usage. For more information about space requirements, see the VMware vSphere Update
Manager Sizing Estimator.
Supported Windows Operating Systems and Database Formats
Update Manager works with specic databases and operating systems.
The Update Manager server requires a 64-bit Windows system.
vSphere Update Manager Installation and Administration Guide
26 VMware, Inc.
To see a list of the supported Windows operating systems on which you can install the Update Manager
server and the UMDS, see Supported host operating systems for VMware vCenter Server installation. The
supported Windows operating systems for vCenter Server installation listed in the article also apply for
installation of the respective versions of the Update Manager server and the UMDS.
N Make sure the Windows system on which you are installing the Update Manager server is not an
Active Directory domain controller.
The Update Manager server that you install on Windows requires a SQL Server or an Oracle database.
Update Manager can handle small-scale environments using the bundled in the installer SQL Server 2012
Express database. For environments with more than 5 hosts and 50 virtual machines, create either an Oracle
or a SQL Server database for Update Manager. For large-scale environments, set up the Update Manager
database on a dierent computer than the Update Manager server and the vCenter Server database.
To see a list of database formats that are compatible with the Update Manager server and the UMDS, select
the Solution/Database Interoperability option from the VMware Product Interoperability Matrixes at
hp://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Update Manager Compatibility with vCenter Server and vSphere Web Client
Update Manager is compatible with vCenter Server and vSphere Web Client of the same version.
Update Manager 6.5 is compatible only with vCenter Server 6.5.
During installation you connect the Update Manager 6.5 server to a vCenter Server 6.5 system that runs on
Windows OS. After the Update Manager server installation, the Update Manager Web Client 6.5 is
automatically enabled on the vSphere Web Client 6.5 that you use to connect to this vCenter Server system.
During installation you cannot connect the Update Manager 6.5 server to a vCenter Server Appliance 6.5.
The vCenter Server Appliance runs its own instance of Update Manager as a service.
To see more information about the Update Manager compatibility with vCenter Server and
vSphere Web Client, select the Solution Interoperability option from the VMware Product Interoperability
Matrixes at hp://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Required Database Privileges
The set of database privileges needed for the Update Manager installation and upgrade diers from the set
of privileges needed for the Update Manager administration.
Before installing or upgrading Update Manager, you must grant adequate privileges to the database user.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 27
Table 22. Database Privileges Needed for Installation or Upgrade of Update Manager
Database Privileges
Oracle Either assign the DBA role, or grant the following set of privileges to the Update Manager Oracle
database user.
nconnect
nexecute on dbms_lock
ncreate view
ncreate procedure
ncreate table
ncreate sequence
ncreate any sequence
ncreate any table
ncreate type
nunlimited tablespace
Microsoft SQL
Server
Make sure that the database user has either a sysadmin server role or the db_owner xed database
role on the Update Manager database and the MSDB database. Although the db_owner role is
required for the upgrade, SQL jobs are not created as part of the Update Manager installation or
upgrade.
To run Update Manager, you must grant a set of minimum privileges to the database user.
Table 23. Database Privileges Needed for Using Update Manager
Database Privileges
Oracle The minimum required privileges of the Oracle database user are the following:
ncreate session
ncreate any table
ndrop any table
Microsoft SQL
Server
The database user must have either a sysadmin server role or the db_owner xed database role on
the Update Manager database and the MSDB database.
Preparing the Update Manager Database
The Update Manager server and Update Manager Download Service (UMDS) that you install on Windows
require a database to store and organize server data. Update Manager supports Oracle, Microsoft SQL
Server databases.
Before installing the Update Manager server on a Windows machine, you must create a database instance
and congure it to ensure that all Update Manager database tables can be created in it. You can install and
congure the Microsoft SQL Server 2012 Express database that is embedded with Update Manager.
Microsoft SQL Server 2012 Express is recommended for small deployments of up to 5 hosts and 50 virtual
machines.
Update Manager 6.5 server is a 64-bit application, and you can install it only on 64-bit machines.
Update Manager requires a 64-bit DSN.
To use Microsoft SQL Server and Oracle databases, you must congure a 64-bit system DSN and test it with
ODBC.
The Update Manager database you use can be the same as the vCenter Server database. You can also use a
separate type of database, or you can use existing database clusters. For optimal results in a large-scale
environment, use a dedicated Update Manager database that runs on a dierent machine than the
vCenter Server system database.
vSphere Update Manager Installation and Administration Guide
28 VMware, Inc.
The Update Manager server requires administrative credentials to connect to the database. If the database
user name and password change after you install the Update Manager server or UMDS on Windows, you
can recongure Update Manager and UMDS without the need to reinstall them. See the Reconguring
VMware vSphere Update Manager documentation.
Before you begin the database setup, review the supported databases. If you create an ODBC connection to a
database server that is not supported, a DSN for the unsupported database might be displayed in the drop-
down menu of the Update Manager installation wizard. For more information about the supported database
patches, see the Solution/Database Interoperability option from the VMware Product Interoperability Matrixes
at hp://www.vmware.com/resources/compatibility/sim/interop_matrix.php. If you do not prepare your
database correctly, the Update Manager installer might display error or warning messages.
Create a 64-Bit DSN
The Update Manager 6.5 system must have a 64-bit DSN. This requirement applies to all supported
databases.
Procedure
1 From the Windows Start menu, select Control Panel > Administrative Tools > Data Sources (ODBC).
2 Create a system DSN.
If you have a Microsoft SQL database, create the system DSN by using SQL Native Client version 10 or
11.
3 Test the connectivity.
The system now has a DSN that is compatible with Update Manager. When the Update Manager installer
prompts you for a DSN, select the 64-bit DSN.
About the Bundled Microsoft SQL Server 2012 Express Database Package
The Microsoft SQL Server 2012 Express database package is installed and congured when you select
Microsoft SQL Server 2012 Express as your database during the Update Manager installation or upgrade.
No additional conguration is required.
Maintaining Your Update Manager Database
After your Update Manager database instance and Update Manager server are installed and operational,
perform standard database maintenance processes.
Maintaining your Update Manager database involves several tasks:
nMonitoring the growth of the log le and compacting the database log le, as needed. See the
documentation for the database type that you are using.
nScheduling regular backups of the database.
nBacking up the database before any Update Manager upgrade.
See your database documentation for information about backing up your database.
Configure a Microsoft SQL Server Database Connection
When you install Update Manager, you can establish an ODBC connection with a SQL Server database.
If you use SQL Server for Update Manager, do not use the master database.
See your Microsoft SQL ODBC documentation for specic instructions on conguring the SQL Server ODBC
connection.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 29
Procedure
1 Create a SQL Server database by using SQL Server Management Studio on SQL Server.
The Update Manager installer creates all tables, procedures, and user-dened functions (UDF) within
the default schema of the database user that you use for Update Manager. This default schema does not
necessarily have to be dbo schema.
2 Create a SQL Server database user with database operator (DBO) rights.
Make sure that the database user has either a sysadmin server role or the db_owner xed database role
on the Update Manager database and the MSDB database.
The db_owner role on the MSDB database is required for installation and upgrade only.
Create a New Data Source (ODBC)
To prepare a Microsoft SQL Server database to work with Update Manager, you have to create a data source
(ODBC).
Procedure
1 On your Update Manager server system, select Control Panel > Administrative Tools > Data Sources
(ODBC).
2 Click the System DSN tab.
3 Create or modify an ODBC system data source.
Option Action
Create an ODBC system data
source
a Click Add.
b For Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2 Express,
Microsoft SQL Server 2012, or Microsoft SQL Server 2014 select SQL
Native Client, and click Finish.
Modify an existing ODBC system
data source
Double-click the ODBC system data source that you want to modify.
To see a detailed list of all Microsoft SQL Server database versions that are compatible with the
Update Manager server and the UMDS, select the Solution/Database Interoperability option from the
VMware Product Interoperability Matrixes at
hp://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
4 In the Microsoft SQL Server DSN Conguration window, enter the necessary information and click
Next.
a Type an ODBC DSN in the Name text eld.
For example, type VUM.
b (Optional) Type an ODBC DSN description in the Description text eld.
c Select the SQL Server name from the Server drop-down menu.
Type the SQL Server machine name in the text eld if you cannot nd it in the drop-down menu.
vSphere Update Manager Installation and Administration Guide
30 VMware, Inc.
5Congure the SQL Server authentication, and click Next.
nIf you are using a local SQL Server, you can select Integrated Windows NT authentication.
nIf you are using a remote SQL Server, you must use the SQL Server authentication method.
If you use the SQL Server authentication method, in the Update Manager installation wizard supply the
same user name, password, and ODBC DSN that you used to congure the ODBC.
I Update Manager does not support Windows authentication of the database when the
database is located on a dierent machine because of local system account issues. Make sure that if the
Update Manager database is on a remote machine, the database, and the system DSN use SQL Server
authentication.
6 Select a database from the Change the default database to drop-down menu, specify the ANSI seings,
and click Next.
7 Specify the language and translation seings, where to save the log les, and click Finish.
What to do next
To test the data source, in the ODBC Microsoft SQL Server Setup window, click Test Data Source, and click
OK. Ensure that SQL Agent is running on your database server by double-clicking the SQL Server icon in
the system tray.
Identify the SQL Server Authentication Type
You can identify whether your SQL Server is using Windows NT or SQL Server authentication.
Procedure
1 Open SQL Server Enterprise Manager.
2 Click the Properties tab.
3 Check the connection type.
Configure an Oracle Database
To use an Oracle database for Update Manager, you must rst set up the database.
Procedure
1 Download Oracle 11g or Oracle 12c from the Oracle Web site, install it, and create a database (for
example, VUM).
Make sure that the TNS Listener is up and running, and test the database service to be sure it is
working.
2 Download Oracle ODBC from the Oracle Web site.
3 Install the corresponding Oracle ODBC driver through the Oracle Universal Installer.
4 Increase the number of open cursors for the database.
Add the entry open_cursors = 300 to the ORACLE_BASE\ADMIN\VUM\pfile\init.ora le.
In this example, ORACLE_BASE is the root of the Oracle directory tree.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 31
Configure an Oracle Connection to Work Locally
You can congure an Oracle connection to work locally with Update Manager.
Prerequisites
Verify that the ODBC data source that you use is a 64-bit system DSN. See “Create a 64-Bit DSN,” on
page 29.
Procedure
1 Create a tablespace specically for Update Manager by using the following SQL statement:
CREATE TABLESPACE "VUM" DATAFILE 'ORACLE_BASE\ORADATA\VUM\VUM.dat' SIZE 1000M AUTOEXTEND ON
NEXT 500K;
In this example, ORACLE_BASE is the root of the Oracle directory tree.
2 Create a user, such as vumAdmin, for accessing this tablespace through ODBC.
CREATE USER vumAdmin IDENTIFIED BY vumadmin DEFAULT TABLESPACE “vum”;
3 Either grant the dba permission to the user, or grant the following specic permissions to the user.
grant connect to vumAdmin
grant resource to vumAdmin
grant create any job to vumAdmin
grant create view to vumAdmin
grant create any sequence to vumAdmin
grant create any table to vumAdmin
grant lock any table to vumAdmin
grant create procedure to vumAdmin
grant create type to vumAdmin
grant execute on dbms_lock to vumAdmin
grant unlimited tablespace to vumAdmin
# To ensure space limitation is not an issue
4 Create an ODBC connection to the database.
See the following example seings:
Data Source Name: VUM
TNS Service Name: VUM
User ID: vumAdmin
Configure an Oracle Database to Work Remotely
You can congure your Oracle database to work with Update Manager remotely.
Prerequisites
nVerify that the ODBC data source that you use is a 64-bit system DSN. See “Create a 64-Bit DSN,” on
page 29.
nSet up a database as described in “Congure an Oracle Database,” on page 31.
Procedure
1 Install the Oracle client on the Update Manager server machine.
vSphere Update Manager Installation and Administration Guide
32 VMware, Inc.
2 Use the Net Conguration Assistant tool to add the entry to connect to the managed host.
VUM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS=(PROTOCOL=TCP)(HOST=host_address)(PORT=1521))
)
(CONNECT_DATA =(SERVICE_NAME = VUM)
)
)
In this example, host_address is the managed host to which the client needs to connect.
3 (Optional) Edit the tnsnames.ora le located in ORACLE_HOME\network\admin\, as appropriate.
Here, ORACLE_HOME is located under C:\ORACLE_BASE, and it contains subdirectories for Oracle
software executable and network les.
4 Create an ODBC connection to the database.
These are example seings.
Data Source Name: VUM
TNS Service Name: VUM
User Id: vumAdmin
Prerequisites for Installing the Update Manager Server on Windows
Before you install the Update Manager server, review the installation prerequisites.
Update Manager Database Requirements
Update Manager requires an Oracle or SQL Server database. Update Manager can handle small-scale
environments using the bundled Microsoft SQL Server 2012 Express. For environments with more than 5
hosts and 50 virtual machines, you must create either an Oracle or SQL Server database.
To see a list of database formats that are compatible with the Update Manager server and the UMDS, select
the Solution/Database Interoperability option from the VMware Product Interoperability Matrixes at
hp://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
For large-scale environments, set up the database on a machine dierent than the machines on which the
Update Manager server is installed and the vCenter Server database is located. For more information about
seing up the Update Manager database, see “Preparing the Update Manager Database,” on page 28.
nCreate a database and 64-bit DSN, unless you are using the bundled Microsoft SQL Server 2012 Express.
nMake sure that if the Update Manager database is located on a remote machine, the database and the
system DSN use SQL Server authentication.
Update Manager does not support Windows authentication of the database when the database is
located on a dierent machine because of local system account problems.
nIf you plan to use the bundled Microsoft SQL Server 2012 Express database, make sure that you install
Microsoft Windows Installer version 4.5 (MSI 4.5) on your system.
nMake sure that the database privileges meet the requirements listed in “Required Database Privileges,”
on page 27.
nCreate the 64-bit ODBC connection to a supported database server version by using a supported
database client version.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 33
If you create an ODBC connection to a database server that is of an unsupported version, and your
database client is of a supported version, a DSN for the unsupported database might be displayed in the
drop-down menu of the Update Manager installation wizard.
vCenter Server Installation
nInstall vCenter Server.
If prompted, you must restart the machine on which vCenter Server is installed. Otherwise, you might
not be able to register Update Manager with vCenter Server, and the Update Manager installation
might fail.
For more information about installing vCenter Server, see vSphere Installation and Setup.
nGather the following networking information for the vCenter Server system.
nUser name and password for the vCenter Server system.
During the Update Manager installation process, you must register the Update Manager server
with the vCenter Server system. To register Update Manager with vCenter Server, you must
provide the credentials of the vCenter Server user that has the Register extension privilege. For
more information about managing users, groups, roles, and permissions, see vSphere Security.
nPort numbers. In most cases, the default Web service port 80 is used.
nIP address.
If the IP address of the vCenter Server system or Update Manager changes, you can re-register the
Update Manager server with the vCenter Server system. For more information about conguring
the Update Manager server after installation, see Reconguring VMware vSphere Update Manager.
Update Manager System Requirements
nMake sure that your system meets the requirements specied in “System Requirements,” on page 26.
I You can install the Update Manager 6.5 server component only on a 64-bit machine. Make
sure the Windows system on which you are installing the Update Manager server is not an Active
Directory domain controller.
nLog in as a local Administrator or a domain user that is member of the Administrators group.
Obtain the Update Manager Installer
You install the Update Manager server for Windows from the vCenter Server installer for Windows.
Update Manager for Windows runs only on a 64-bit Windows operating system.
Prerequisites
Create a My VMware account at hps://my.vmware.com/web/vmware/.
Procedure
1 Download the vCenter Server installer from the VMware website at
hps://my.vmware.com/web/vmware/downloads.
vCenter Server is part of VMware vCloud Suite and of VMware vSphere, listed under Datacenter &
Cloud Infrastructure.
a Under Datacenter & Cloud Infrastructure, select VMware vCloud Suite or VMware vSphere, and
click Download Product.
b From the Select Version drop-down menu, select the version you want.
vSphere Update Manager Installation and Administration Guide
34 VMware, Inc.
c Locate VMware vCenter Server on the page, and select Go to Downloads.
d Download the ISO le of the VMware vCenter Server <product version> and Modules for Windows.
2Conrm that the md5sum is correct.
See the VMware website topic Using MD5 Checksums at
hp://www.vmware.com/download/md5.html.
3 Mount the ISO image to the Windows virtual machine or physical server on which you want to install
the Update Manager server or the UMDS.
Install the Update Manager Server
The Update Manager installation requires a connection with a single vCenter Server instance. You can install
Update Manager on the same computer on which vCenter Server is installed or on a dierent computer.
Prerequisites
nSee installation prerequisites in “Prerequisites for Installing the Update Manager Server on Windows,”
on page 33.
nCheck the compatibility and interoperability of the vCenter Server server with VMware Site Recovery
Manager®. Use caution when connecting the Update Manager server to a vCenter Server instance to
which the Site Recovery Manager server is also connected. Connecting the Update Manager server to
the same vCenter Server instance as Site Recovery Manager might cause problems when you upgrade
the Site Recovery Manager or the vCenter Server, or when you perform daily operations.
Procedure
1 In the software installer directory, double-click the autorun.exe le and select vSphere Update
Manager > Server.
If you cannot run autorun.exe, browse to the UpdateManager folder and run VMware-UpdateManager.exe.
2 (Optional) Select the option to Use Microsoft SQL Server 2012 Express as the embedded database, and
click Install.
N Skip this step only if you plan to use another supported Oracle or SQL Server database.
If the Microsoft SQL Server 2012 Express is not present on your system from previous Update Manager
installations, the installation wizard for the Microsoft SQL Server 2012 Express opens.
3 Click Install.
4 Select a language for the installer and click OK.
5 Review the Welcome page and click Next.
6 Read and accept the license agreement, and click Next.
7 Accept the terms in the license agreement and click Next.
8 Review the support information, select whether to download updates from the default download
sources immediately after installation, and click Next.
If you deselect Download updates from default sources immediately after installation, Update
Manager downloads updates once daily according to the default download schedule or immediately
after you click the Download Now buon on the Download Seings page. You can modify the default
download schedule after the installation is complete.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 35
9 Type the vCenter Server IP address or name, HTTP port, and the administrative account that the
Update Manager server will use to connect to the vCenter Server system, and click Next.
You can provide an IP address to a vCenter Server instance running on Windows, or a
vCenter Server Appliance.
In vSphere 6.5, the default administrative user account is administrator@vsphere.local.
10 (Optional) Select the database, and click Next.
If you selected to use the embedded Microsoft SQL Server 2012 Express database, the installation
wizard skips this page.
a Use an existing supported database, by selecting your database from the list of DSNs. If the DSN
does not use Windows NT authentication, enter the user name and password for the DSN and click
Next.
I The DSN must be a 64-bit DSN.
11 (Optional) Select the database options.
nIf the system DSN you specify points to an existing Update Manager database with the current
schema, you can either retain your existing database or replace it with an empty one.
nIf the system DSN you specify points to an existing Update Manager database with a dierent
schema, on the Database Upgrade page, select Yes, I want to upgrade my Update Manager
database and I have taken a backup of the existing Update Manager database, and click Next.
12 From the drop-down menu, select the IP address or the host name of your Update Manager instance.
If the computer on which you install Update Manager has one NIC, the Update Manager installer
automatically detects the IP address. If the computer has multiple NICs, you must select the correct IP
address or use a DNS name. The DNS name must be resolved from all hosts that this Update Manager
instance will manage.
13 Specify the Update Manager port seings, select whether you want to congure the proxy seings, and
click Next.
N Use caution when you specify the Update Manager port seings, as you cannot modify them
after installation.
For the SOAP port, you have no limitations to the range of ports used, as long as there are no conicts.
For the Server port, you can use the following range: 80, 9000-9100. Update Manager automatically
opens ESXi rewall ports in this range to allow outbound HTTP trac to the patch store.
14 (Optional) Provide information about the proxy server, the port, and whether the proxy should be
authenticated, and click Next.
15 Select the Update Manager installation and patch download directories, and click Next.
If you do not want to use the default locations, you can click Change to browse to a dierent directory.
16 (Optional) In the warning message about the disk free space, click OK.
This message appears when you try to install Update Manager on a computer that has less than 120 GB
free space.
17 Click Install to begin the installation.
18 Click Finish.
The Update Manager server component is installed, and the Update Manager Web Client plug-in is
automatically enabled in the vSphere Web Client.
vSphere Update Manager Installation and Administration Guide
36 VMware, Inc.
Enable the Update Manager Web Client Plug-In
You can use the Update Manager Web Client plug-in for the vSphere Web Client to perform upgrade
operations on the hosts and update operations the virtual machines in your environment. With the
Update Manager Web Client, you can perform the full set of operations that Update Manager oers.
For more information, see “Overview of the Update Manager Interface,” on page 14.
Prerequisites
Verify that you have the View Compliance Status privilege, otherwise you cannot see and use the
Update Manager Web Client in vSphere Web Client.
The Update Manager Web Client plug-in is automatically enabled in the vSphere Web Client after you
install the Update Manager server.
The Update Manager Web Client appears as an Update Manager tab in vSphere Web Client. The Update
Manager tab is on the same level as the Monitor tab, the  tab, the Datacenters tab, the Host &
Clusters tab, and so on.
Chapter 2 Installing Update Manager on Windows
VMware, Inc. 37
vSphere Update Manager Installation and Administration Guide
38 VMware, Inc.
Uninstalling Update Manager that
Runs on Windows 3
Update Manager has a relatively small impact on computing resources such as disk space. Unless you are
certain that you want to remove Update Manager, leave an existing installation in place.
If you uninstall the Update Manager server, the Update Manager Web Client is automatically removed from
the vSphere Web Client.
Uninstall the Update Manager Server
You can uninstall the Update Manager server component.
Procedure
1 From the Windows Start menu, select  > Control Panel > Add or Remove Programs.
2 Select VMware vSphere Update Manager and click Remove.
The Update Manager server component is uninstalled from your system. All downloaded metadata and
binaries, as well as log data remain on the machine where Update Manager was installed.
The Update Manager Web Client is automatically removed from the vSphere Web Client.
VMware, Inc. 39
vSphere Update Manager Installation and Administration Guide
40 VMware, Inc.
Upgrading Update Manager that Runs
on Windows 4
You can upgrade to Update Manager 6.5 only from Update Manager versions 5.5 or 6.0 that are installed on
a 64-bit Windows operating system.
If you are switching from using a vCenter Server system of version 5.5 or version 6.0 that runs on Windows
to a vCenter Server Appliance 6.5, this is a migration process. For detailed information on Update Manager
migration process, read Chapter 6, “Migrating Update Manager from Windows to the vCenter Server
Appliance,” on page 47, or see the Migration chapter in vSphere Upgrade documentation.
If you are running Update Manager of a version earlier than 5.5, or Update Manager that runs on a 32-bit
platform, you cannot perform a direct upgrade to Update Manager 6.5. You must use the data migration tool
that is provided with Update Manager 5.0 installation media to upgrade your Update Manager system to
Update Manager 5.0 running on a 64-bit operating system, and then perform an upgrade from version 5.0 or
version 5.1 to version 5.5 before upgrading to version 6.5. For detailed information how to use the data
migration tool, see the Installing and Administering VMware vSphere Update Manager documentation for
Update Manager 5.0.
When you upgrade Update Manager, you cannot change the installation path and patch download location.
To change these parameters, you must install a new version of Update Manager rather than upgrade.
Previous versions of Update Manager use a 512-bit key and self-signed certicate and these are not replaced
during upgrade. If you require a more secure 2048-bit key, you can either perform a new installation of
Update Manager 6.5, or use the Update Manager Utility to replace the existing certicate. For more
information about how to use the Update Manager Utility, see the Reconguring VMware vSphere Update
Manager documentation.
Scheduled tasks for virtual machine patch scan and remediation are retained during the upgrade. After the
upgrade, you can edit and remove scheduled scan tasks that exist from previous releases. You can remove
existing scheduled remediation tasks but you cannot edit them.
You must upgrade the Update Manager database during the Update Manager upgrade. You can select
whether to keep your existing data in the database or to replace it during the upgrade.
The Java Components (JRE) required by Update Manager are installed or upgraded silently on the system
when you install or upgrade Update Manager. You can upgrade the Java Components separately from an
Update Manager upgrade procedure to a version of the Java Components that is released asynchronously
from the Update Manager releases.
This chapter includes the following topics:
n“Upgrade the Update Manager Server,” on page 42
n“Upgrade the Update Manager Java Components,” on page 43
VMware, Inc. 41
Upgrade the Update Manager Server
To upgrade an instance of Update Manager that is installed on a 64-bit machine, you must rst upgrade
vCenter Server to a compatible version.
The Update Manager 6.5 release allows upgrades from Update Manager 5.5 or later.
Prerequisites
nGrant the database user the required set of privileges. For more information, see “Preparing the Update
Manager Database,” on page 28.
nStop the Update Manager service and back up the Update Manager database. The installer upgrades
the database schema, making the database irreversibly incompatible with previous Update Manager
versions.
nIf you are upgrading Update Manager instance that uses Oracle database, “Create a 64-Bit DSN,” on
page 29. If you are upgrading Update Manager instance that uses Microsoft SQL database, the creation
of 64-bit DSN is managed by the installer.
Procedure
1 Upgrade vCenter Server to a compatible version.
N The vCenter Server installation wizard warns you that Update Manager is not compatible when
vCenter Server is upgraded.
If prompted, you must restart the machine that is running vCenter Server. Otherwise, you might not be
able to upgrade Update Manager.
2 In the software installer directory, double-click the autorun.exe le and select vSphere Update
Manager > Server.
If you cannot run autorun.exe, browse to the UpdateManager folder and run VMware-UpdateManager.exe.
3 Select a language for the installer and click OK.
4 In the upgrade warning message, click OK.
5 Review the Welcome page and click Next.
6 Read and accept the license agreement, and click Next.
7 Review the support information, select whether to download updates from the default download
sources immediately after installation, and click Next.
If you deselect Download updates from default sources immediately after installation,
Update Manager downloads updates once daily according to the default download schedule or
immediately after you click Download Now on the Download Seings page. You can modify the
default download schedule after the installation is complete.
8 Type the vCenter Server system credentials and click Next.
To keep the Update Manager registration with the original vCenter Server system valid, keep the
vCenter Server system IP address and enter the credentials from the original installation.
9 Type the database password for the Update Manager database and click Next.
The database password is required only if the DSN does not use Windows NT authentication.
10 On the Database Upgrade page, select Yes, I want to upgrade my Update Manager database and I
have taken a backup of the existing Update Manager database, and click Next.
vSphere Update Manager Installation and Administration Guide
42 VMware, Inc.
11 (Optional) On the Database re-initialization warning page, select to keep your existing remote database
if it is already upgraded to the latest schema.
If you replace your existing database with an empty one, you lose all of your existing data.
12 Specify the Update Manager port seings, select whether you want to congure the proxy seings, and
click Next.
Congure the proxy seings if the computer on which Update Manager is installed has access to the
Internet.
13 (Optional) Provide information about the proxy server and port, specify whether the proxy should be
authenticated, and click Next.
14 Click Install to begin the upgrade.
15 Click Finish.
You upgraded the Update Manager server.
Upgrade the Update Manager Java Components
The required Update Manager Java Components (JRE) are installed or upgraded silently when you install or
upgrade Update Manager. By using a vCenter Server Java components patch, you can also upgrade
Update Manager Java Components separately from Update Manager installer.
By using the separate installer, you can upgrade JRE to a version that is released asynchronously from
Update Manager releases. If an earlier version of JRE is present on the system, this procedure upgrades it.
When Update Manager runs on the same system as the vCenter Server, if an earlier version of
vCenter Server tc Server is present on that system, this procedure also upgrades the vCenter Server tc Server
component.
During the patch process, the Update Manager undergoes a downtime as the vCenter Server Java
Components patch restarts the Update Manager service.
Prerequisites
nDownload the vCenter Server Java Components patch from VMware downloads page at
hps://my.vmware.com/web/vmware/downloads. The name format is VMware-VIMPatch-6.5.0-
build_number-YYYYMMDD.iso.
nStop any running Update Manager operations, such as scanning, staging, or remediation.
Procedure
1 On the system where Update Manager is installed, mount the ISO of the vCenter Server Java
Components patch.
2 In Windows Explorer, double-click the le ISO_mount_directory/autorun.exe.
A vCenter Server Java Components Update opens.
3 Click Patch All.
If the Java components on the Update Manager system are up to date, a status message that conrms
that is displayed.
If the Java components on the Update Manager system are not up to date, they are silently upgraded.
When clicking the Patch All buon, if vCenter Server, vCenter Single Sign-On, vCenter Inventory
Service, or vSphere Web Client are also installed on the system where Update Manager is installed, the
Java components for all thesevCenter Server components are also silently upgraded.
The Java components are upgraded on the Update Manager system.
Chapter 4 Upgrading Update Manager that Runs on Windows
VMware, Inc. 43
vSphere Update Manager Installation and Administration Guide
44 VMware, Inc.
Using Update Manager with the
vCenter Server Appliance 5
You can use the Update Manager 6.5 as a service of the vCenter Server Appliance 6.5. The Update Manager
server and client components are part of the vCenter Server Appliance.
When you deploy the vCenter Server Appliance, the VMware vSphere Update Manager Extension service
starts automatically.
Starting with the vSphere 6.5 release, you cannot connect an Update Manager 6.5 instance that runs on
Windows to a vCenter Server Appliance 6.5. Aempts to connect Update Manager during installation on a
Windows operating system to a vCenter Server Appliance fail with an error.
The Update Manager extension for the vCenter Server Appliance uses a PostgreSQL database that is
bundled with the Appliance. Although the Update Manager and the vCenter Server Appliance share the
same PostgreSQL database server, they have separate database instances. If you must reset the
Update Manager database, the vCenter Server Appliance database remains intact.
Unlike the Update Manager instance that runs on Windows, with the Update Manager instance that runs in
the vCenter Server Appliance you can make certain congurations changes directly from the
vSphere Web Client. You can change the values for Download patches on service start, Log Level, SOAP
Port, Web Server Port, and Web SSL Port. You can access these seings from System  >
Services, under vSphere Web Client Administration. After you change these seings, restart the VMware
vSphere Update Manager service for the changes to take eect.
For Update Manager that runs in the vCenter Server Appliance the only conguration you cannot change
from the vSphere Web Client is the certicate that Update Manager uses to authenticate to vCenter Server.
You can change the certicate by using the Update Manager Utility.
The Update Manager Utility is also bundled with the vCenter Server Appliance. You can access the
Update Manager Utility from the Bash Shell of the vCenter Server Appliance.
Start, Stop, or Restart Update Manager Service in the
vCenter Server Appliance
If you make conguration changes to Update Manager seings, you might need restart the Update Manager
service in the vCenter Server Appliance.
N Starting with vSphere 6.5, all vCenter Server services and some Platform Services Controller services
run as child processes of the VMware Service Lifecycle Manager service.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
VMware, Inc. 45
Procedure
1 Log in to the vCenter Server by using the vSphere Web Client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration, click Services.
4 From the Services list, select the VMware vSphere Update Manager service.
5 From the Actions menu, select an operation name.
nRestart
nStart
nStop
vSphere Update Manager Installation and Administration Guide
46 VMware, Inc.
Migrating Update Manager from
Windows to the
vCenter Server Appliance 6
For vSphere 6.0 and earlier releases, 64-bit Windows operating systems are the only supported host
operating systems for Update Manager. In vSphere 6.5, Update Manager is provided as an optional service
in the vCenter Server Appliance 6.5. VMware provides supported paths for migrating Update Manager
from a Windows operating system to a vCenter Server Appliance 6.5.
You can migrate Update Manager in the following vCenter Server deployments:
Table 61. Supported Migration Paths for Update Manager That Runs on Windows to a
vCenter Server Appliance
Source Configuration Target Configuration
vCenter Server and Update Manager run on the same
Windows machine
vCenter Server Appliance 6.5 with embedded
Update Manager
vCenter Server and Update Manager run on dierent
Windows machines
vCenter Server Appliance 6.5 with embedded
Update Manager
Update Manager run on a Windows machine and is
connected to a vCenter Server Appliance
vCenter Server Appliance 6.5 with embedded
Update Manager
You can use a GUI method or a CLI method to upgrade or migrate your vCenter Server deployment that
uses external Update Manager instance. If you use the GUI method, you need to perform manual steps on
the Update Manager Windows system. If you use the CLI method, you need to add conguration
parameters about Update Manager in your JSON template.
For detailed information about the GUI method or the CLI upgrade or migration conguration parameters,
see the vSphere Upgrade documentation.
I Verify that the Update Manager source machine does not run additional extensions that are
connected to other vCenter Server systems, which are not part of your migration.
Before the migration, Update Manager might use any of the supported Microsoft SQL Server, or Oracle, or
the Embedded database solution. After the migration to the vCenter Server Appliance, Update Manager
starts to use the PostgreSQL Database.
After the migration, you can shut down the Update Manager machine. You might need to keep the
Update Manager machine for roll back purposes to the earlier version before the migration.
This chapter includes the following topics:
n“Download and Run VMware Migration Assistant on the Source Update Manager Machine,” on
page 48
n“Roll Back a Migration of vCenter Server Appliance with Update Manager,” on page 48
VMware, Inc. 47
Download and Run VMware Migration Assistant on the Source
Update Manager Machine
Before running a migration from vCenter Server that runs on Windows, or upgrading
vCenter Server Appliance that use an external Update Manager, you must download and run the
VMware Migration Assistant on the source Windows physical server or the Windows virtual machine
where Update Manager runs. The VMware Migration Assistant facilitates the migration of the
Update Manager server and database to the vCenter Server Appliance 6.5.
Alternatively, if you plan to perform the CLI method for upgrading your vCenter Server Appliance or
migrating your vCenter Server that runs on Windows, you can skip this procedure, and add the source.vum
section section and run.migration.assistant subsection to your JSON template. For information about
the CLI upgrade or migration conguration parameters, see the vSphere Upgrade documentation.
C It is important to run the VMware Migration Assistant on the source Update Manager machine
before migrating other of the vCenter Server components.
Prerequisites
nDownload the vCenter Server Appliance Installer. For more information, see the vSphere Installation and
Setup documentation.
nLog in to the source Update Manager machine as an administrator.
Procedure
1 From the vCenter Server Appliance installer package, copy the migration-assistant folder to the
source Update Manager machine.
2 From the migration-assistant directory, double-click VMware-Migration-Assistant.exe, and provide
the vCenter Single Sign-On administrator password.
N Leave the Migration Assistant window open during the migration process. Closing the
Migration Assistant causes the migration process to stop.
The VMware Migration Assistant runs pre-upgrade checks and prompts you to resolve any errors it
nds before starting the upgrade.
When the pre-checks are nished and any errors are addressed, your source Update Manager system is
ready for the migration to the vCenter Server Appliance.
What to do next
Use VMware Migration Assistant to migrate vCenter Server and all its components to
vCenter Server Appliance 6.5.
Roll Back a Migration of vCenter Server Appliance with
Update Manager
You can roll back a vCenter Server Appliance with Update Manager after a migration.
Rolling back to the vCenter Server version before the upgrade or migration requires to shut down the new
appliance and revert to the source appliance or vCenter Server on Windows.
Prerequisites
nYou must have access to the source vCenter Server Appliance.
vSphere Update Manager Installation and Administration Guide
48 VMware, Inc.
nYou must have access to the Update Manager source machine on Windows.
Procedure
1 Power o the newly upgraded or migrated vCenter Server Appliance.
2 Power on the vCenter Server Appliance that Update Manager was connected to before the migration.
3 Start the Windows source machine where Update Manager ran before the migration, and rejoin it to the
Active Directory domain.
nIf the source machine was aached to an Active Directory domain and migration failed before
network migration, you do not need to perform any additional steps.
nIf the source machine was aached to an Active Directory domain and the migration failed after
network migration, log in with the local administrator after the machine powers up and rejoin the
machine to the Active Directory domain.
Chapter 6 Migrating Update Manager from Windows to the vCenter Server Appliance
VMware, Inc. 49
vSphere Update Manager Installation and Administration Guide
50 VMware, Inc.
Best Practices and
Recommendations for
Update Manager Environment 7
You can install Update Manager on the server on which vCenter Server runs or on a dierent server.
The Update Manager server and client plug-ins must be the same version. Update Manager and
vCenter Server, and the vSphere Web Client must be of a compatible version. For more information about
compatibility, see “Update Manager Compatibility with vCenter Server and vSphere Web Client,” on
page 27.
Update Managerr has two deployment models:
Internet-connected
model
The Update Manager server is connected to the VMware patch repository,
and third-party patch repositories (for ESXi 5.x and ESXi 6.0 hosts, as well as
for virtual appliances). Update Manager works with vCenter Server to scan
and remediate the virtual machines, appliances, hosts, and templates.
Air-gap model Update Manager has no connection to the Internet and cannot download
patch metadata. In this model, you can use UMDS to download and store
patch metadata and patch binaries in a shared repository. To scan and
remediate inventory objects, you must congure the Update Manager server
to use a shared repository of UMDS data as a patch datastore. For more
information about using UMDS, see Chapter 8, “Installing, Seing Up, and
Using Update Manager Download Service,” on page 53.
Outside of DRS clusters, you might not be able to remediate the host running the Update Manager or
vCenter Server virtual machines by using the same vCenter Server instance, because the virtual machines
cannot be suspended or shut down during remediation. You can remediate such a host by using separate
vCenter Server and Update Manager instances on another host. Inside DRS clusters, if you start a
remediation task on the host running the vCenter Server or Update Manager virtual machines, DRS
aempts to migrate the virtual machines to another host, so that the remediation succeeds. If DRS cannot
migrate the virtual machine running Update Manager or vCenter Server, the remediation fails. Remediation
also fails if you have selected the option to power o or suspend the virtual machines before remediation.
VMware, Inc. 51
Update Manager Deployment Models and Their Usage
You can use the dierent Update Manager deployment models in dierent cases, depending on the size of
your system.
You can use one of several common host-deployment models for Update Manager server:
All-in-one model vCenter Server and Update Manager server are installed on one host and
their database instances are on the same host. This model is most reliable
when your system is relatively small.
Medium deployment
model
vCenter Server and Update Manager server are installed on one host and
their database instances are on two separate hosts. This model is
recommended for medium deployments, with more than 300 virtual
machines or 30 hosts.
Large deployment
model
vCenter Server and Update Manager server run on dierent hosts, each with
its dedicated database server. This model is recommended for large
deployments when the datacenters contain more than 1,000 virtual machines
or 100 hosts.
vSphere Update Manager Installation and Administration Guide
52 VMware, Inc.
Installing, Setting Up, and Using
Update Manager Download Service 8
VMware vSphere Update Manager Download Service (UMDS) is an optional module of Update Manager.
UMDS downloads upgrades for virtual appliances, patch metadata, patch binaries, and notications that
would not otherwise be available to the Update Manager server.
For security reasons and deployment restrictions, vSphere, including Update Manager, might be installed in
a secured network that is disconnected from other local networks and the Internet. Update Manager
requires access to patch information to function properly. If you are using such an environment, you can
install UMDS on a computer that has Internet access to download upgrades, patch binaries, and patch
metadata, and then export the downloads to a portable media drive so that they become accessible to the
Update Manager server.
In a deployment where the machine on which Update Manager is installed has no Internet access, but is
connected to a server that has Internet access, you can automate the export process and transfer les from
UMDS to the Update Manager server by using a Web server on the machine on which UMDS is installed.
UMDS 6.5 supports patch recalls and notications. A patch is recalled if the released patch has problems or
potential issues. After you download patch data and notications with UMDS, and export the downloads so
that they become available to the Update Manager server, Update Manager deletes the recalled patches and
displays the notications on the Update Manager  tab. For more information about patch
recalls and notications, see “Conguring and Viewing Notications,” on page 74.
With Update Manager release 6.5, the UMDS is available for installation on Windows and Linux-based
operating systems. The machine on which you install UMDS must have Internet access.
For UMDS that runs on Windows, only Administrator or users that are part of the Administrators group can
download patches. Administrator access is not a requirement for downloading patches with UMDS that
runs on Linux.
This chapter includes the following topics:
n“Compatibility Between UMDS and the Update Manager Server,” on page 54
n“Installing UMDS on a Windows Operating System,” on page 54
n“Installing and Upgrading UMDS on a Linux-Based Operating System,” on page 56
n“Seing Up and Using UMDS,” on page 59
VMware, Inc. 53
Compatibility Between UMDS and the Update Manager Server
UMDS must be of a version that is compatible with the Update Manager server.
Update Manager can work with a certain UMDS version if the metadata and structure of the patch store that
UMDS exports is compatible with Update Manager, and if the data can be imported and used by the
Update Manager server.
UMDS 6.5 is compatible and can work only with Update Manager 6.5.
Installing UMDS on a Windows Operating System
You can install and use UMDS to download virtual appliance upgrades, patch binaries, patch metadata, and
notications if Update Manager does not have access to the Internet. The machine on which you install
UMDS must have Internet access.
N You cannot upgrade UMDS 5.5 or UMDS 6.0 to UMDS 6.5. You can perform a fresh installation of
UMDS 6.5 according to all system requirements, and use an existing patch store from UMDS 5.5 or UMDS
6.0. You can install UMDS only on 64-bit machines.
Before installing UMDS, you must create a supported database instance, congure a 64-bit DSN, and test the
DSN from ODBC. If you are using the bundled Microsoft SQL Server 2012 Express, you can install and
congure the database when you install UMDS.
Installing UMDS 6.5 in an Environment With Update Manager 6.5 Instances Only
In the UMDS 6.5 installation wizard for Windows, you can select the patch store to be an existing download
directory from an earlier UMDS 5.5 or UMDS 6.0 installation and reuse the applicable downloaded updates
in UMDS 66.5. You must uninstall existing UMDS 5.5 or UMDS 6.0 instances before reusing the patch store.
Once you associate an existing download directory with UMDS 6.5, you cannot use it with earlier UMDS
versions.
If you install UMDS with an existing download directory, make sure that you perform at least one download
by using UMDS 6.5 before you export updates.
Installing UMDS 6.5 in an Environment With Both Update Manager 6.0 and
Update Manager 6.5 Instances
You must not install UMDS 6.5 with an existing UMDS 6.0 download directory if your environment contains
both Update Manager 6.0 and Update Manager 6.5 instances. In such a case, you need a UMDS 6.0 and a
UMDS 6.5 installation on two separate machines, so that you can export updates for the respective
Update Manager versions.
Regardless of the version, you must not install the UMDS on the same machine as the Update Manager
server.
Install UMDS on a Windows Operating System
Install UMDS if the machine on which Update Manager is installed does not have access to the Internet.
Prerequisites
nVerify that the machine on which you install UMDS has Internet access, so that UMDS can download
upgrades, patch metadata, and patch binaries.
nUninstall any 6.0 or earlier instance of UMDS if it is installed on the machine. If such a version of UMDS
is already installed, the installation wizard displays an error message and the installation cannot
proceed.
vSphere Update Manager Installation and Administration Guide
54 VMware, Inc.
nBefore you install UMDS, create a database instance and congure it. If you install UMDS on a 64-bit
machine, you must congure a 64-bit DSN and test it from ODBC. The database privileges and
preparation steps are the same as the ones used for Update Manager. For more information, see
“Preparing the Update Manager Database,” on page 28.
nIf you plan to use the bundled Microsoft SQL Server 2012 Express database, make sure that you install
Microsoft Windows Installer version 4.5 (MSI 4.5) on your system.
nUMDS and Update Manager must be installed on dierent machines.
nTo ensure optimal performance, install UMDS on a system with requirements same as the ones for the
Update Manager server listed in “System Requirements,” on page 26.
Procedure
1 In the software installer directory, double-click the autorun.exe le and select vSphere Update
Manager > Download Service.
If you cannot run autorun.exe, browse to the umds folder and run VMware-UMDS.exe.
2 (Optional) Select the option to Use Microsoft SQL Server 2012 Express as the embedded database, and
click Install.
N Skip this step only if you plan to use another supported Oracle or SQL Server database.
If the Microsoft SQL Server 2012 Express is not present on your system from previous Update Manager
installations, the installation wizard for the Microsoft SQL Server 2012 Express opens.
3 Click Install.
4 Select the language for the installation and click OK.
5 (Optional) If the wizard prompts you, install the required items such as Windows Installer 4.5.
This step is required only if Windows Installer 4.5 is not present on your machine and you must
perform it the rst time you install a vSphere 5.x product. After the system restarts, the installer starts
again.
6 Review the Welcome page and click Next.
7 Read and accept the license agreement, and click Next.
8 Accept the terms in the license agreement and click Next.
9 (Optional) Select the database, and click Next.
If you selected to use the embedded Microsoft SQL Server 2012 Express database, the installation
wizard skips this page.
a Use an existing supported database, by selecting your database from the list of DSNs. If the DSN
does not use Windows NT authentication, enter the user name and password for the DSN and click
Next.
I The DSN must be a 64-bit DSN.
10 Enter the Update Manager Download Service proxy seings and click Next.
11 Select the Update Manager Download Service installation and patch download directories and click
Next.
If you do not want to use the default locations, you can click Change to browse to a dierent directory.
You can select the patch store to be an existing download directory from a previous UMDS 5.5 or
UMDS 6.0 installation and reuse the applicable downloaded updates in UMDS 6.5. After you associate
an existing download directory with UMDS 6.5, you cannot use it with earlier UMDS versions.
Chapter 8 Installing, Setting Up, and Using Update Manager Download Service
VMware, Inc. 55
12 (Optional) In the warning message about the disk free space, click OK.
13 Click Install to begin the installation.
14 Click OK in the Warning message notifying you that .NET Framework 4.0 is not installed.
The UMDS installer installs the prerequisite before the actual product installation.
15 Click Finish.
UMDS is installed.
Installing and Upgrading UMDS on a Linux-Based Operating System
In vSphere 6.5 release, the UMDS 6.5 is bundled with the vCenter Server Appliance 6.5. You can use the
UMDS bundle from the vCenter Server Appliance to install UMDS 6.5 on a separate Linux-based system.
UMDS is a 64-bit application and requires a 64-bit Linux-based system.
You cannot upgrade UMDS that runs on a Linux-based operating system. You can uninstall the current
version of UMDS, perform a fresh installation of UMDS according to all system requirements, and use the
existing patch store from the UMDS that you uninstalled.
A UMDS that you install on a Linux-based operating system requires PostgreSQL database.
Supported Linux-Based Operating Systems and Databases for Installing UMDS
The Update Manager Download Service (UMDS) can run on a limited number of Linux-based operating
systems in combination with a particular database format.
The supported combinations of a Linux-based operating system and a database that can run UMDS are as
follows:
nUbuntu 14.0.4 with PostgreSQL database 9.3.11.
nRed Hat Enterprise Linux 7.0 with PostgreSQL database 9.2.
Configure PostgreSQL Database for UMDS on Linux
Install and congure a PostgreSQL database instance on the Linux-based machine where you plan to install
Update Manager Download Service (UMDS).
Prerequisites
nVerify PostgreSQL database instance of a supported version is installed on the system, and that the
Linux system is also of a supported type. See “Supported Linux-Based Operating Systems and
Databases for Installing UMDS,” on page 56
nVerify you have PostgreSQL database user credentials.
nVerify that the UMDS installation directory is dierent from the patch store directory.
Procedure
1 In the Linux machine, open the Command Shell.
2 Log in as a PostgreSQL user, and create a database instance and a database user, by running the
following commands:
su - postgres
createdb <database_name>
createuser -d -e -r <database_username> -P
Pwd: <database_password>
vSphere Update Manager Installation and Administration Guide
56 VMware, Inc.
3 Navigate to the folder that contains the PostgreSQL conguration le pg_hba.conf.
Linux system Default Location
Ubuntu 14.0.4 /etc/postgresql/<postgres_version>/main/pg_hba.conf
Red Hat Enterprise Linux 7.0 /var/lib/pgsql/<postgres_version>/data/pg_hba.conf
4 In the PostgreSQL conguration le, enable password authentication for the database user by inserting
the following line right above local all all peer.
#TYPE DATABASE USER ADDRESS METHOD
local <database_name> <database_username> md5
5 Log out as a PostgreSQL user, by running the following command:
logout
6 Create a conguration le /etc/odbcinst.ini.
7 Depending on the Linux system, navigate to the ODBC driver les psqlodbcw.so or libodbcpsqlS.so.
Linux system Default Location
Ubuntu 14.0.4 /usr/lib/x86_64-linux-gnu/odbc/psqlodbcw.so
Red Hat Enterprise Linux 7.0 /usr/lib64/libodbcpsqlS.so
8 Add driver paths les to /etc/odbcinst.ini.
Linux system Command
Ubuntu 14.0.4 [PostgreSQL]
Description=PostgreSQL ODBC driver (Unicode version)
Driver=/usr/lib/x86_64-linux-gnu/odbc/psqlodbcw.so
Debug=0
CommLog=1
UsageCount=1
Red Hat Linux 7.0 [PostgreSQL]
Description=PostgreSQL ODBC driver (Unicode version)
Driver64=<path>/psqlodbcw.so
Setup64=<path>/libodbcpsqlS.so
Debug=0
CommLog=1
UsageCount=1
9 Create a system le /etc/odbc.ini.
10 Add the following content to /etc/odbc.ini.
[UMDS_DSN]
;DB_TYPE = PostgreSQL
;SERVER_NAME = localhost
;SERVER_PORT = 5432
;TNS_SERVICE = <database_name>
;USER_ID = <database_username>
Driver = PostgreSQL
DSN = UMDS_DSN
ServerName = localhost
PortNumber = 5432
Server = localhost
Chapter 8 Installing, Setting Up, and Using Update Manager Download Service
VMware, Inc. 57
Port = 5432
UserID = <database_username>
User = <database_username>
Database = <database_name>
11 Create a symbolic link between the UMDS and the PostgreSQL, by running the following command:
ln -s /var/run/postgresql/.s.PGSQL.5432 /tmp/.s.PGSQL.5432
What to do next
When installing UMDS on a Linux-based system, use the PostgreSQL database instance that you congured
here.
Install UMDS on a Linux OS
If the vCenter Server Appliance 6.5 in which Update Manager runs does not have access to the Internet, you
can install UMDS on a Linux-based operating system to download patch binaries and metadata.
Prerequisites
nVerify you have administrative privileges on the Linux machine where you install the UMDS.
nInstall and congure a PostgreSQL database on the Linux machine.
nMount the ISO le of the vCenter Server Appliance 6.5 to the Linux machine.
Procedure
1 In the Linux machine, open the Command Shell.
2 From the vCenter Server Appliance ISO that you mounted to the Linux machine, copy the VMware-
UMDS-6.5.0.-build_number.tar.gz le to the Linux machine.
3 Unarchive the VMware-UMDS-6.5.0.-build_number.tar.gz le, and navigate to the newly extracted
directory /vmware-umds-distrib.
For example, if you unarchived the VMware-UMDS-6.5.0.-build_number.tar.gz le, to a directory you
created with the name umds, your navigation path is /umds/vmware-umds-distrib.
4 Run the le UMDS installation script.
The script has the following lename: vmware-install.pl.
5 Read and accept the EULA.
6 Select a directory where to install the UMDS.
7 Enter the UMDS proxy seings.
You can also change proxy conguration after you install UMDS by using the following command:
vmware-umds -S --proxy <proxyAddress:port>
8 Select a directory where to store the patches.
I The patch store directory must be dierent from the UMDS installation directory.
9 Select the database.
a Provide the database DSN.
b Provide the database user name.
c Provide the database password.
The database is overridden with tables required by the Update Manager Download Service.
vSphere Update Manager Installation and Administration Guide
58 VMware, Inc.
UMDS is installed.
Uninstall UMDS from a Linux OS
To use the latest version of the Update Manager Download Service (UMDS) on your Linux-based system,
rst you must uninstall the current version of UMDS. No direct upgrade path is available to a later version
of UMDS, which runs on a Linux-based system.
Prerequisites
nVerify you have administrative privileges on the Linux machine where UMDS runs.
Procedure
1 In the Linux machine, open the Command Shell.
2 Navigate to the UMDS installation directory, and locate the le vmware-uninstall-umds.pl.
3 Run the following command:
./vmware-uninstall-umds.pl
4 To conrm that you want to uninstall UMDS from the system, enter Yes.
The UMDS uninstallation procedure starts.
UMDS is uninstalled from the Linux system.
What to do next
You can upgrade your Linux OS, and install a later compatible version of UMDS.
Setting Up and Using UMDS
You can set up UMDS to download upgrades for virtual appliances, or patches and notications for ESXi
hosts. You can also set up UMDS to download ESXi 5.5, ESXi 6.0, and ESXi 6.5 patch binaries, patch
metadata, and notications from third-party portals.
For UMDS that runs on Windows, only Administrator or users that are part of the Administrators group can
download patches. Administrator access is not a requirement for downloading patches with UMDS that
runs on Linux.
After you download the upgrades, patch binaries, patch metadata, and notications, you can export the data
to a Web server or a portable media drive and set up Update Manager to use a folder on the Web server or
the media drive (mounted as a local disk) as a shared repository.
You can also set up UMDS to download ESXi 5.5, ESXi 6.0, and ESXi 6.5 patches and notications from
third-party portals.
To use UMDS, the machine on which you install it must have Internet access. After you download the data
you want, you can copy it to a local Web server or a portable storage device, such as a CD or USB ash drive.
The best practice is to create a script to download the patches manually and set it up as a Windows
Scheduled Task that downloads the upgrades and patches automatically.
Set Up the Data to Download with UMDS
By default UMDS downloads patch binaries, patch metadata, and notications for hosts. You can specify
which patch binaries and patch metadata to download with UMDS.
Procedure
1 Log in to the machine where UMDS is installed, and open a Command Prompt window.
Chapter 8 Installing, Setting Up, and Using Update Manager Download Service
VMware, Inc. 59
2 Navigate to the directory where UMDS is installed.
nThe default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update
Manager.
nThe default location in 64-bit Linux is /usr/local/vmware-umds.
3 Specify the updates to download.
nTo set up a download of all ESXi host updates and all virtual appliance upgrades, run the following
command:
vmware-umds -S --enable-host --enable-va
nTo set up a download of all ESXi host updates and disable the download of virtual appliance
upgrades, run the following command:
vmware-umds -S --enable-host --disable-va
nTo set up a download of all virtual appliance upgrades and disable the download of host updates,
run the following command:
vmware-umds -S --disable-host --enable-va
What to do next
Download the selected data.
Change the UMDS Patch Repository Location
UMDS downloads upgrades, patch binaries, patch metadata, and notications to a folder that you can
specify during the UMDS installation.
The default folder to which UMDS downloads patch binaries and patch metadata on a Windows machine is
C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data.
The default folder to which UMDS downloads patch binaries and patch metadata on a Linux machine
is /var/lib/vmware-umds .
You can change the folder in which UMDS downloads data after you install UMDS.
If you have already downloaded any virtual appliances upgrades, or host updates, make sure that you copy
all the les and folders from the old location to the new patch store location. The folder in which UMDS
downloads patch binaries and patch metadata must be located on the machine on which UMDS is installed.
Procedure
1 Log in as an administrator to the machine where UMDS is installed, and open a Command Prompt
window.
2 Navigate to the directory where UMDS is installed.
nThe default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update
Manager.
nThe default location in 64-bit Linux is /usr/local/vmware-umds.
3 Change the patch repository directory by running the command:
vmware-umds -S --patch-store your_new_patchstore_folder
In this example, your_new_patchstore_folder is the path to the new folder in which you want to
download the patch binaries and patch metadata.
You successfully changed the directory in which UMDS stores patch data.
vSphere Update Manager Installation and Administration Guide
60 VMware, Inc.
What to do next
Download data using UMDS.
Configure URL Addresses for Hosts
You can congure UMDS to connect to the websites of third-party vendors to download ESXi 5.5, ESXi 6.0,
and ESXi 6.5 host patches and notications.
Procedure
1 Log in to the machine where UMDS runs, and open a Command Prompt window.
2 Navigate to the directory where UMDS is installed.
nThe default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update
Manager.
nThe default location in 64-bit Linux is /usr/local/vmware-umds.
3Congure UMDS to download data from the new URL address.
uTo add a new URL address for downloading patches and notications for ESXi 5.5, ESXi 6.0, or
ESXi 6.5 hosts, run the following command:
vmware-umds -S --add-url https://host_URL/index.xml --url-type HOST
4 (Optional) Remove a URL address, so that UMDS does not download data from it anymore.
Downloaded data is retained and can be exported.
nIf you are using UMDS on a Windows machine, use the following command:
vmware-umds.exe -S --remove-url https://URL_to_remove/index.xml
nIf you are using UMDS on a Linux machine, use the following command:
vmware-umds -S --remove-url https://URL_to_remove/index.xml
You congured UMDS to download host patches and notications from specic URL addresses.
What to do next
Download the patches and notications by using UMDS.
Download the Specified Data Using UMDS
After you set up UMDS, you can download upgrades, patches and notications to the machine on which
UMDS is installed.
Prerequisites
nIf you are using UMDS on Windows, log in as an Administrator, or a user that belongs to the
Administrators group. Administrator level access is not a requirement for downloading data with
UMDS that runs on Linux.
Procedure
1 Log in to the machine where UMDS is installed, and open a Command Prompt window.
2 Navigate to the directory where UMDS is installed.
nThe default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update
Manager.
Chapter 8 Installing, Setting Up, and Using Update Manager Download Service
VMware, Inc. 61
nThe default location in 64-bit Linux is /usr/local/vmware-umds.
3 Download the selected updates.
vmware-umds -D
This command downloads all the upgrades, patches and notications from the congured sources for
the rst time. Subsequently, it downloads all new patches and notications released after the previous
UMDS download.
4 (Optional) If you have already downloaded upgrades, patches, and notications and want to download
them again, you can include the start and end times to restrict the data to download.
The command to re-download patches and notications deletes the existing data from the patch store (if
present) and re-downloads it.
To re-download the upgrades, patches and notications that were downloaded in November 2010, for
example, run the following command:
vmware-umds -R --start-time 2010-11-01T00:00:00 --end-time 2010-11-30T23:59:59
The data previously downloaded for the specied period is deleted and downloaded again.
What to do next
Export the downloaded upgrades, patches, and notications.
Export the Downloaded Data
You can export downloaded upgrades, patches, and notications to a specic location that serves as a shared
repository for Update Manager. You can congure Update Manager to use the shared repository as a patch
download source. The shared repository can also be hosted on a Web server.
Prerequisites
nIf you are using UMDS on Windows, log in as an Administrator, or a user that belongs to the
Administrators group. Administrator level access is not a requirement for exporting the downloaded
data with UMDS that runs on Linux.
nIf you installed UMDS with an existing download directory, make sure that you perform at least one
download by using UMDS 6.5 before you export updates.
Procedure
1 Log in to the machine where UMDS is installed and open a Command Prompt window.
2 Navigate to the directory where UMDS is installed.
nThe default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update
Manager.
nThe default location in 64-bit Linux is /usr/local/vmware-umds.
3 Specify the export parameters and export the data.
vmware-umds -E --export-store repository_path
In the command, you must specify the full path of the export directory.
If you are working in a deployment in which the Update Manager server is installed on a machine
connected to the machine on which UMDS is installed, repository_path can be the path to the folder on
the Web server that serves as a shared repository.
If the Update Manager server is installed on a machine in an isolated and secure environment,
repository_path can be the path to a portable media drive. Export the downloads to the portable media
drive to physically transfer the patches to the machine on which Update Manager is installed.
vSphere Update Manager Installation and Administration Guide
62 VMware, Inc.
The data you downloaded by using UMDS is exported to the path you specify. Make sure that all les
are exported. You can periodically perform export from UMDS and populate the shared repository so
that Update Manager can use the new patch binaries and patch metadata.
4 (Optional) You can export the ESXi patches that you downloaded during a specied time window.
For example, to export the patches downloaded in November 2010, run the following command:
vmware-umds -E --export-store repository-path --start-time 2010-11-01T00:00:00 --end-time
2010-11-30T23:59:59
What to do next
Congure Update Manager to use a shared repository as a patch download source. For more information,
see “Use a Shared Repository as a Download Source,” on page 71.
Chapter 8 Installing, Setting Up, and Using Update Manager Download Service
VMware, Inc. 63
vSphere Update Manager Installation and Administration Guide
64 VMware, Inc.
Configuring Update Manager 9
Update Manager runs with the default conguration properties if you have not modied them during the
installation. You can modify the Update Manager seings later from the Update Manager Administration
view.
You can congure and modify the Update Manager seings only if you have the privileges to congure the
Update Manager seings and service. These permissions must be assigned on the vCenter Server system
with which Update Manager is registered. For more information about managing users, groups, roles and
permissions, see vSphere Security documentation. For a list of Update Manager privileges and their
descriptions, see “Update Manager Privileges,” on page 84.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have installed and registered more than one Update Manager instance, you can
congure the seings for each Update Manager instance. Conguration properties you modify are applied
only to the Update Manager instance you specify and are not propagated to the other instances in the group.
You can specify an Update Manager instance by selecting the name of the vCenter Server system with which
the Update Manager instance is registered from the navigation bar.
This chapter includes the following topics:
n“Update Manager Network Connectivity Seings,” on page 66
n“Change the Update Manager Network Seings,” on page 67
n“Conguring the Update Manager Download Sources,” on page 68
n“Congure the Update Manager Proxy Seings,” on page 73
n“Congure Checking for Updates,” on page 73
n“Conguring and Viewing Notications,” on page 74
n“Conguring Host and Cluster Seings,” on page 77
n“Take Snapshots Before Remediation,” on page 81
n“Congure Smart Rebooting,” on page 82
n“Congure the Update Manager Patch Repository Location,” on page 82
n“Restart the Update Manager Service,” on page 83
n“Run the VMware vSphere Update Manager Update Download Task,” on page 83
n“Update Manager Privileges,” on page 84
VMware, Inc. 65
Update Manager Network Connectivity Settings
The port, IP, and DNS seings are congured during the installation of Update Manager and do not depend
on your deployment model.
Default Network Ports
The network port seings are congured during installation but you can change them later to avoid conicts
with other programs installed on the same machine.
Table 91. Update Manager Default Network Ports
TCP Port Number Description
80 The port used by Update Manager to connect to vCenter Server.
9084 The port used by ESXi hosts to access host patch downloads over
HTTP.
902 The port used by Update Manager to push host upgrade les.
8084 The port used by Update Manager Client plug-in to connect to the
Update Manager SOAP server.
9087 The HTTPS port used by Update Manager Client plug-in to
upload host upgrade les.
IP Address and DNS Name
The Update Manager network seings include the IP address or DNS name that the update utility on hosts
uses to retrieve the patch metadata and binaries from the Update Manager server (through HTTP). The IP
address is congured during installation, but you can change it later from the IP address or host name for
the patch store drop-down menu on the Network Connectivity page of the  tab.
I To avoid any potential DNS resolution problems, use an IP address whenever possible. If you
must use a DNS name instead of an IP address, ensure that the DNS name you specify can be resolved from
all hosts managed by Update Manager as well as by vCenter Server.
Update Manager supports Internet Protocol version 6 (IPv6) environments for scanning and remediating
hosts running ESXi 5.0 and later. Update Manager does not support IPv6 for scanning and remediation of
virtual machines and virtual appliances.
vCenter Server, Update Manager, and your ESXi hosts might exist in a heterogeneous IPv6 and IPv4
network environment. In such an environment, if you use IP addresses, and no dual stack IPv4 or IPv6 DNS
servers exist, the ESXi hosts congured to use only IPv4 address cannot access the IPv6 network resources.
The hosts congured to use only IPv6 cannot access the IPv4 network resources either.
You can install Update Manager on a machine on which both IPv4 and IPv6 are enabled. During host
operations such as scanning, staging, and remediation, Update Manager provides the address of its patch
store location to the ESXi hosts. If Update Manager is congured to use an IP address, it provides an IP
address of either IPv4 or IPv6 type, and can be accessed only by some of the hosts. For example, if
Update Manager provides an IPv4 address, the hosts that use only an IPv6 address cannot access the
Update Manager patch store. In such a case, consider the following conguration.
vSphere Update Manager Installation and Administration Guide
66 VMware, Inc.
Table 92. Update Manager Configuration
Host IP Version Action
IPv4 Congure Update Manager to use either an IPv4 address
or a host name. Using a host name lets all hosts rely on the
DNS server to resolve to an IPv4 address.
IPv6 Congure Update Manager to use either an IPv6 address
or a host name. Using a host name lets hosts rely on the
DNS server to resolve to an IPv6 address.
IPv4 and IPv6 Congure Update Manager to use either IPv4 or IPv6.
Change the Update Manager Network Settings
The network ports are congured during installation. In the Network Seings for Update Manager, you can
only edit the seing to use IP address or host name for the patch store in the Update Manager network
connectivity seings.
Prerequisites
nIf any remediation or scan tasks are running, cancel them or wait until they complete.
nTo obtain metadata for the patches, Update Manager must have access to hps://www.vmware.com,
and requires outbound ports 80 and 443.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Network Connectivity.
5 See information about the network connectivity seings for Update Manager.
Option Description
SOAP port Update Manager client uses this port to communicate
with the Update Manager server.
Server port (range: 80, 9000–9100) Listening port for the Web server that provides access to
the patch depot for ESXi hosts.
IP address or host name for the patch store The IP address or name of the host where patches are
downloaded and stored.
You can only edit the IP address or host name for the patch store. The ports are dened during
installation.
6 Click Edit, and select an IP address or host name for the patch store.
I Use an IP address whenever possible to avoid any potential DNS resolution problems. If
you must use a DNS name instead of an IP address, ensure that the DNS name you specify can be
resolved from vCenter Server, and all hosts and virtual appliances managed by Update Manager.
7 Click OK.
Chapter 9 Configuring Update Manager
VMware, Inc. 67
What to do next
Restart the Update Manager service for network changes to take eect.
Configuring the Update Manager Download Sources
You can congure the Update Manager server to download patches and extensions for ESXi hosts or
upgrades for virtual appliances either from the Internet or from a shared repository of UMDS data. You can
also import patches and extensions for ESXi hosts manually from a ZIP le.
If your deployment system is connected to the Internet, you can use the default seings and links for
downloading upgrades, patches, and extensions to the Update Manager repository. You can also add URL
addresses to download virtual appliance upgrades or third-party patches and extensions. Third-party
patches and extensions are applicable only to hosts that are running ESXi 5.0 and later.
Downloading host patches from the VMware Web site is a secure process.
nPatches are cryptographically signed with the VMware private keys. Before you try to install a patch on
a host, the host veries the signature. This signature enforces the end-to-end protection of the patch
itself, and can also address any concerns about patch download.
nUpdate Manager downloads patch metadata and patch binaries over SSL connections. Update Manager
downloads patch metadata and patch binaries only after verication of both the validity of the SSL
certicates and the common name in the certicates. The common name in the certicates must match
the names of the servers from which Update Manager downloads patches.
If your deployment system is not connected to the Internet, you can use a shared repository after
downloading the upgrades, patches, and extensions by using Update Manager Download Service (UMDS).
For more information about UMDS, see Chapter 8, “Installing, Seing Up, and Using Update Manager
Download Service,” on page 53.
Changing the download source from a shared repository to Internet, and the reverse, is a change in the
Update Manager conguration. Both options are mutually exclusive. You cannot download updates from
the Internet and a shared repository at the same time. To download new data, you must run the VMware
vSphere Update Manager Download task. You can start the task by clicking the Download Now buon at
the boom of the Download Sources pane.
If the VMware vSphere Update Manager Update Download task is running when you apply the new
conguration seings, the task continues to use the old seings until it completes. The next time the task to
download updates starts, it uses the new seings.
With Update Manager, you can import both VMware and third-party patches or extensions manually from a
ZIP le, also called an oine bundle. Import of oine bundles is supported only for hosts that are running
ESXi 5.0 and later. You download the oine bundle ZIP les from the Internet or copy them from a media
drive, and save them on a local or a shared network drive. You can import the patches or extensions to the
Update Manager patch repository later. You can download oine bundles from the VMware Web site or
from the Web sites of third-party vendors.
N You can use oine bundles for host patching operations only. You cannot use third-party oine
bundles or oine bundles that you generated from custom VIB sets for host upgrade from ESXi 5.5.x and
ESXi 6.0.x to ESXi 6.5.
Oine bundles contain one metadata.zip le, one or more VIB les, and optionally two .xml les, index.xml
and vendor-index.xml. When you import an oine bundle to the Update Manager patch repository,
Update Manager extracts it and checks whether the metadata.zip le has already been imported. If the
metadata.zip le has never been imported, Update Manager performs sanity testing, and imports the les
successfully. After you conrm the import, Update Manager saves the les into the Update Manager
database and copies the metadata.zip le, the VIBs, and the .xml les, if available, into the Update Manager
patch repository.
vSphere Update Manager Installation and Administration Guide
68 VMware, Inc.
nCongure Update Manager to Use the Internet as a Download Source on page 69
If your deployment system is connected to the Internet, you can directly download ESXi patches and
extensions, and virtual appliance upgrades.
nAdd a New Download Source on page 70
If you use the Internet as a download source for updates, you can add a third-party URL address to
download virtual appliance upgrades, and patches and extensions for hosts that are running ESXi 5.5
and later.
nUse a Shared Repository as a Download Source on page 71
You can congure Update Manager to use a shared repository as a source for downloading virtual
appliance upgrades, as well as ESXi patches, extensions, and notications.
nImport Patches Manually on page 72
Instead of using a shared repository or the Internet as a download source for patches and extensions,
you can import patches and extensions manually by using an oine bundle.
Configure Update Manager to Use the Internet as a Download Source
If your deployment system is connected to the Internet, you can directly download ESXi patches and
extensions, and virtual appliance upgrades.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Setings.
5 In the Download Sources pane, click Edit.
An Edit Download Sources dialog box opens.
6 Select the option Use direct connection to Internet.
7 Select a download source from the list, and click Enable or Disable depending on whether you want to
download updates from that source.
You can choose to download virtual appliance upgrades and host patches and extensions. You cannot
edit the download source location of the default ESXi patches and extensions. You can only enable or
disable downloading.
8 (Optional) Add an extra third-party download source for virtual appliances or hosts that are running
ESXi 5.5 and later.
9 Click OK to close the Edit Download Sources dialog box.
10 In the Download Sources pane, click Download Now to run the Download patch denitions task.
All notications and updates are downloaded immediately even if the Enable scheduled download
check box is selected in  >  Check Schedule or  > Download Schedule,
respectively.
Chapter 9 Configuring Update Manager
VMware, Inc. 69
Add a New Download Source
If you use the Internet as a download source for updates, you can add a third-party URL address to
download virtual appliance upgrades, and patches and extensions for hosts that are running ESXi 5.5 and
later.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Setings.
5 In the Download Sources pane, click Edit.
An Edit Download Sources dialog box opens.
6 Select the option Use direct connection to Internet.
7 Click Add.
An Add Download Source dialog box opens.
8 Enter a URL to a new download source.
Update Manager supports both HTTP and HTTPS URL addresses. Use HTTPS URL addresses, so that
the data is downloaded securely. The URL addresses that you add must be complete and contain the
index.xml le, which lists the vendor and the vendor index.
N The proxy seings for Update Manager are applicable to third-party URL addresses too. You can
congure the proxy seings from the Proxy Seings pane.
9 Type a short description for the URL, and click OK.
The vSphere Web Client performs validation of the URL.
10 Click OK to close the Edit Download Sources dialog box.
11 In the Download Sources pane, click Download Now to run the Download patch denitions task.
All notications and updates are downloaded immediately even if the Enable scheduled download
check box is selected in  >  Check Schedule or  > Download Schedule,
respectively.
The location is added to the list of Internet download sources.
vSphere Update Manager Installation and Administration Guide
70 VMware, Inc.
Use a Shared Repository as a Download Source
You can congure Update Manager to use a shared repository as a source for downloading virtual appliance
upgrades, as well as ESXi patches, extensions, and notications.
Prerequisites
nCreate a shared repository using UMDS, and host it on a Web server or a local disk. The UMDS version
you use must be of a version compatible with your Update Manager installation. For more information
about the compatibility, see “Compatibility Between UMDS and the Update Manager Server,” on
page 54. You can nd the detailed procedure about exporting the upgrades, patch binaries, patch
metadata, and notications in “Export the Downloaded Data,” on page 62.
nRequired privileges: VMware vSphere Update Manager..
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Setings.
5 In the Download Sources pane, click Edit.
An Edit Download Sources dialog box opens.
6 Select the option Use a shared repository.
7 Enter the path or the URL to the shared repository.
For example, C:\repository_path\, https://repository_path/, or http://repository_path/
In these examples, repository_path is the path to the folder to which you have exported the downloaded
upgrades, patches, extensions, and notications. In an environment where the Update Manager server
does not have direct access to the Internet, but is connected to a machine that has Internet access, the
folder can be on a Web server.
You can specify an HTTP or HTTPS address, or a location on the disk on which Update Manager is
installed. HTTPS addresses are supported without any authentication.
I You cannot use folders located on a network drive as a shared repository. Update Manager
does not download updates from folders on a network share either in the Microsoft Windows Uniform
Naming Convention form (such as \\Computer_Name_or_Computer_IP\Shared), or on a mapped network
drive (for example, Z:\).
8 Click OK to close the Edit Download Sources dialog.
The vSphere Web Client performs validation of the URL.
I If the updates in the folder you specify are downloaded with a UMDS version that is not
compatible with the Update Manager version you use, the validation fails and you receive an error
message.
You must make sure that the validation is successful. If the validation fails, Update Manager reports a
reason for the failure. You can use the path to the shared repository only when the validation is
successful.
Chapter 9 Configuring Update Manager
VMware, Inc. 71
9 In the Download Sources pane, click Download Now to run the Download patch denitions task.
All notications and updates are downloaded immediately even if the Enable scheduled download
check box is selected in  >  Check Schedule or  > Download Schedule,
respectively.
The shared repository is used as a source for downloading upgrades, patches, and notications.
Example: Using a Folder or a Server as a Shared Repository
You can use a folder or a Web server as a shared repository.
nWhen you use a folder as a shared repository, repository_path is the top-level directory where patches
and notications exported from UMDS are stored.
For example, export the patches and notications using UMDS to F:\ drive, which is a drive mapped to
a plugged-in USB device on the machine on which UMDS is installed. Then, plug in the USB device to
the machine on which Update Manager is installed. On this machine the device is mapped as E:\. The
folder to congure as a shared repository in the Update Manager is E:\.
nWhen you use a Web server as a shared repository, repository_path is the top-level directory on the Web
server where the patches exported from UMDS are stored.
For example, export the patches and notications from UMDS to C:\docroot\exportdata. If the folder is
congured on a Web server and is accessible from other machines at the URL
https://umds_host_name/exportdata, the URL to congure as a shared repository in Update Manager is
https://umds_host_name/exportdata.
Import Patches Manually
Instead of using a shared repository or the Internet as a download source for patches and extensions, you
can import patches and extensions manually by using an oine bundle.
You can import oine bundles only for hosts that are running ESXi 5.5 or later.
Prerequisites
nThe patches and extensions you import must be in ZIP format.
nRequired privileges: VMware vSphere Update Manager.Upload File.Upload File.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Setings.
5 In the Download Sources pane, click Import Patches.
The Import Patches wizard opens.
6 On the Import Patches page, browse and select the .zip le containing the patches you want to import.
7 Click Upload  and wait until the le upload completes successfully.
In case of upload failure, check whether the structure of the .zip le is correct, or whether the
Update Manager network seings are set up correctly.
8 On the Ready to complete page, review the patches that you have selected to import into the repository.
vSphere Update Manager Installation and Administration Guide
72 VMware, Inc.
9 Click Finish.
You imported the patches into the Update Manager patch repository. You can view the imported patches on
the Update Manager Patch Repository tab.
Configure the Update Manager Proxy Settings
You can congure Update Manager to download updates from the Internet using a proxy server.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Setings.
5 In the Proxy Seings pane, click Edit.
6 Select Use proxy, and change the proxy information.
7 If the proxy requires authentication, select Proxy requires authentication, and provide a user name and
password.
8 (Optional) Click Test Connection to test that you can connect to the Internet through the proxy.
9 Click OK.
You congured Update Manager to use an Internet proxy to download upgrades, patches, extensions, and
related metadata.
Configure Checking for Updates
Update Manager checks for virtual appliance upgrades, host patches, and extensions at regular intervals.
Generally, the default schedule seings are sucient, but you can change the schedule if your environment
requires more or less frequent checks.
In some cases you might want to decrease the duration between checks for updates. If you are not concerned
about the latest updates and want to reduce network trac, or if you cannot access the update servers, you
can increase the duration between checks for updates.
By default the task to download update metadata and binaries is enabled and is called
VMware vSphere Update Manager Update Download task. By modifying this task, you can congure
checking for updates.You can modify the VMware vSphere Update Manager Check Notication task in one
of the following ways:
nThe  tab of the Update Manager Administration view.
nIn the vSphere Web Client, navigate to Monitor tab, select the Tasks & Events tab, and select
Scheduled Tasks.
Prerequisites
Required privileges: VMware vSphere Update Manager.
To download update data, the machine on which Update Manager is installed must have Internet access.
Chapter 9 Configuring Update Manager
VMware, Inc. 73
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Download Schedule.
5 Click Edit.
The Edit Download Schedule wizard opens.
6 Select Enable scheduled task check box, and click Next.
If you deselect the check box, the scheduled task that checks for notications is disabled. However, you
can still force a check and download notications by clicking the Download Now buon in Download
 pane.
7 Specify a task name and, optionally, a description, or keep the defaults.
8 Click Change to specify the time when notication checks run, and click OK.
The Congure Scheduler dialog box opens.
Option Description
Run this action now Runs the notication check immediately.
Schedule this option to run later Runs the notication check at the time that you schedule for the task.
Setup a recurring schedule for this
action
Runs the notication check recurrently at the frequency, interval, and start
time that you schedule for the task.
9 (Optional) Specify one or more email addresses where notications about patch recalls or email alerts
are sent, and click Next.
You must congure mail seings for the vSphere Web Client system to enable this option. For more
information, see vCenter Server and Host Management.
10 Review the Ready to Complete page, and click Finish.
The task runs according to the time you specied.
Configuring and Viewing Notifications
At regular time intervals, Update Manager contacts VMware to download information (notications) about
patch recalls, new xes, and alerts.
In case patches with issues or potential issues are released, the patch metadata is updated, and
Update Manager marks the patches as recalled. If you try to install a recalled patch, Update Manager
noties you that the patch is recalled and does not install it on the host. Update Manager noties you if a
recalled patch is already installed on certain hosts. Update Manager also deletes all the recalled patches
from the patch repository.
When a patch xing the problem is released, Update Manager downloads the new patch and prompts you
to install it to x the issues that the recalled patch might cause. If you have already installed a recalled patch,
Update Manager alerts you that the patch is recalled and that there is a x you must install.
vSphere Update Manager Installation and Administration Guide
74 VMware, Inc.
Update Manager supports patch recalls for oine bundles that you have imported. Patches from an
imported oine bundle are recalled when you import a new oine bundle. The metadata.zip le contains
information about the patches that must be recalled. Update Manager removes the recalled patches from the
patch repository, and after you import a bundle containing xes, Update Manager noties you about the
xes and sends email notications if you have enabled them.
If you use a shared repository as a source for downloading patches and notications, Update Manager
downloads recall notications from the shared repository to the Update Manager patch repository, but does
not send recall email alerts. For more information about using a shared repository, see “Use a Shared
Repository as a Download Source,” on page 71.
N After a download of patch recall notications, Update Manager ags recalled patches but their
compliance state does not refresh automatically. You must perform a scan to view the updated compliance
state of patches aected by the recall.
Configure Notifications Checks
By default Update Manager checks for notications about patch recalls, patch xes, and alerts at certain time
intervals. You can modify this schedule.
Prerequisites
Required privileges: VMware vSphere Update Manager.
To congure notication checks, make sure that the machine on which Update Manager is installed has
Internet access.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select  Check Schedule.
5 Click Edit.
The Edit Notications Check Schedule wizard opens.
6 Select Enable scheduled task check box, and click Next.
If you deselect the check box, the scheduled task that checks for notications is disabled. However, you
can still force a check and download notications by clicking the Download Now buon in Download
 pane.
7 Specify a task name and, optionally, a description, or keep the defaults.
8 Click Change to specify the time when notication checks run, and click OK.
The Congure Scheduler dialog box opens.
Option Description
Run this action now Runs the notication check immediately.
Schedule this option to run later Runs the notication check at the time that you schedule for the task.
Setup a recurring schedule for this
action
Runs the notication check recurrently at the frequency, interval, and start
time that you schedule for the task.
Chapter 9 Configuring Update Manager
VMware, Inc. 75
9 (Optional) Specify one or more email addresses where notications about patch recalls or email alerts
are sent, and click Next.
You must congure mail seings for the vSphere Web Client system to enable this option. For more
information, see vCenter Server and Host Management.
10 Review the Ready to Complete page, and click Finish.
The task runs according to the time you specied.
View Notifications and Run the Notification Checks Task Manually
Notications that Update Manager downloads are displayed on the  tab of the
Update Manager Administration view.
Prerequisites
Connect thevSphere Web Client to a vCenter Server system with which Update Manager is registered, and
on the Home page, click Update Manager icon.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Monitor tab.
4 Click the  tab.
5 To view the notication details, double-click a notication.
6 To check for notications immediately, click Check  on the upper right of the notications
list.
You immediately download all new notications that are available on the VMware website. The
notications are downloaded even if the Enable scheduled download check box is not selected in
Manage >  >  Check Schedule.
Types of Update Manager Notifications
Update Manager downloads all notications that are available on the VMware Web site. Some notications
can trigger an alarm. By using the Alarm Denitions wizard, you can congure automated actions to be
taken when an alarm is triggered.
Notications appear in the  tab that is located under the Monitor tab in the Update Manager
Admin View.
Information
notifications
Information notications do not trigger an alarm. Clicking an information
notication opens the Notication Details window.
Warning notifications Warning notications trigger an alarm, which appears in the
vSphere Web Client Alarms pane. Warning notications are typically xes
for patch recalls. Clicking a warning notication opens the Patch Recall
Details window.
Alert notifications Alert notications trigger an alarm, which appears in the vSphere Web Client
Alarms pane. Alert notications are typically patch recalls. Clicking an alert
notication opens the Patch Recall Details window.
vSphere Update Manager Installation and Administration Guide
76 VMware, Inc.
Configuring Host and Cluster Settings
When you update vSphere objects in a cluster with vSphere Distributed Resource Scheduler (DRS), vSphere
High Availability (HA), and vSphere Fault Tolerance (FT) enabled, you can temporarily disable vSphere
Distributed Power Management (DPM), HA admission control, and FT for the entire cluster. When the
update completes, Update Manager restores these features.
Updates might require the host to enter maintenance mode during remediation. Virtual machines cannot
run when a host is in maintenance mode. To ensure availability, vCenter Server can migrate virtual
machines to other ESXi hosts within a cluster before the host is put into maintenance mode. vCenter Server
migrates the virtual machines if the cluster is congured for vSphere vMotion, and if DRS is enabled.
Еnable Enhanced vMotion Compatibility (EVC) to help ensure vSphere vMotion compatibility between the
hosts in the cluster. EVC ensures that all hosts in a cluster present the same CPU feature set to virtual
machines, even if the actual CPUs on the hosts dier. Use of EVC prevents migrations with
vSphere vMotion from failing because of incompatible CPUs. You can enable EVC only in a cluster where
host CPUs meet the compatibility requirements. For more information about EVC and the requirements that
the hosts in an EVC cluster must meet, see vCenter Server and Host Management.
If a host has no running virtual machines, DPM might put the host in standby mode and interrupt an
Update Manager operation. To make sure that scanning and staging complete successfully, Update Manager
disables DPM during these operations. To ensure a successful remediation, have Update Manager disable
DPM and HA admission control before the remediation operation. After the operation completes,
Update Manager restores DPM and HA admission control. Update Manager disables HA admission control
before staging and remediation but not before scanning.
If DPM has already put hosts in standby mode, Update Manager powers on the hosts before scanning,
staging, and remediation. After the scanning, staging, or remediation is complete, Update Manager turns on
DPM and HA admission control and lets DPM put hosts into standby mode, if needed. Update Manager
does not remediate powered o hosts.
If hosts are put into standby mode and DPM is manually disabled for a reason, Update Manager does not
remediate or power on the hosts.
Within a cluster, temporarily disable HA admission control to let vSphere vMotion to proceed. This action
prevents downtime of the machines on the hosts that you remediate. After the remediation of the entire
cluster, Update Manager restores HA admission control seings.
If FT is turned on for any of the virtual machines on hosts within a cluster, temporarily turn o FT before
performing any Update Manager operations on the cluster. If FT is turned on for any of the virtual machines
on a host, Update Manager does not remediate that host. Remediate all hosts in a cluster with the same
updates, so that FT can be reenabled after the remediation. A primary virtual machine and a secondary
virtual machine cannot reside on hosts of dierent ESXi version and patch levels.
As you remediate hosts that are part of a vSAN cluster, be aware of the following behavior:
nThe host remediation process might take an extensive amount of time to complete.
nBy design, only one host from a vSAN cluster can be in a maintenance mode at any time.
nUpdate Manager remediates hosts that are part of a vSAN cluster sequentially even if you set the option
to remediate the hosts in parallel.
nIf a host is a member of a vSAN cluster, and any virtual machine on the host uses a VM storage policy
with a seing for "Number of failures to tolerate=0", the host might experience unusual delays when
entering maintenance mode. The delay occurs because vSAN has to migrate the virtual machine data
from one disk to another in the vSAN datastore cluster. Delays might take up to hours. You can work
around this by seing the "Number of failures to tolerate=1" for the VM storage policy, which results in
creating two copies of the virtual machine les in the vSAN datastore.
Chapter 9 Configuring Update Manager
VMware, Inc. 77
Configure Host Maintenance Mode Settings
ESXi host updates might require that the host enters maintenance mode before they can be applied.
Update Manager puts the ESXi hosts in maintenance mode before applying these updates. You can
congure how Update Manager responds if the host fails to enter maintenance mode.
For hosts in a container dierent from a cluster or for individual hosts, migration of the virtual machines
with vMotion cannot be performed. If vCenter Server cannot migrate the virtual machines to another host,
you can congure how Update Manager responds.
Hosts that are part of a vSAN cluster can enter maintenance mode only one at a time. This is a specicity of
the vSAN clusters.
If a host is a member of a vSAN cluster, and any virtual machine on the host uses a VM storage policy with a
seing for "Number of failures to tolerate=0", the host might experience unusual delays when entering
maintenance mode. The delay occurs because vSAN has to migrate the virtual machine data from one disk
to another in the vSAN datastore cluster. Delays might take up to hours. You can work around this by
seing the "Number of failures to tolerate=1" for the VM storage policy, which results in creating two copies
of the virtual machine les in the vSAN datastore.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Host/Cluster .
5 Click Edit.
The Edit Host/Cluster Seings dialog box opens.
6 Under Host Seings, select an option from the VM Power state drop-down menu to determine the
change of the power state of the virtual machines and appliances that run on the host to be remediated.
The option that you select determines how the power state changes for the virtual machines and
appliances that run on the host when the host enters maintenance mode before remediation.
Option Description
Power Off virtual machines Powers o all virtual machines and virtual appliances before remediation.
Suspend virtual machines Suspends all running virtual machines and virtual appliances before
remediation.
Do Not Change VM Power State Leaves virtual machines and virtual appliances in their current power
state. This is the default seing.
7 (Optional) Select Retry entering maintenance mode in case of failure, and specify the retry delay, and
the number of retries.
If a host fails to enter maintenance mode before remediation, Update Manager waits for the retry delay
period and retries puing the host into maintenance mode as many times as you indicate in Number of
retries.
vSphere Update Manager Installation and Administration Guide
78 VMware, Inc.
8 (Optional) Select Temporarily disable any removable media devices that might prevent a host from
entering maintenance mode.
Update Manager does not remediate hosts on which virtual machines have connected CD/DVD or
oppy drives. All removable media drives that are connected to the virtual machines on a host might
prevent the host from entering maintenance mode and interrupt remediation.
After remediation, Update Manager reconnects the removable media devices if they are still available.
9 Click OK.
These seings become the default failure response seings. You can specify dierent seings when you
congure individual remediation tasks.
Configure Cluster Settings
For ESXi hosts in a cluster, the remediation process can run either in a sequence or in parallel. Certain
features might cause remediation failure. If you have VMware DPM, HA admission control, or Fault
Tolerance enabled, you should temporarily disable these features to make sure that the remediation is
successful.
N Remediating hosts in parallel can improve performance signicantly by reducing the time required
for cluster remediation. Update Manager remediates hosts in parallel without disrupting the cluster
resource constraints set by DRS. Avoid remediating hosts in parallel if the hosts are part of a vSAN cluster.
Due to the specics of the vSAN cluster, a host cannot enter maintenance mode while other hosts in the
cluster are currently in maintenance mode.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Host/Cluster .
5 Click Edit.
The Edit Host/Cluster Seings dialog box opens.
Chapter 9 Configuring Update Manager
VMware, Inc. 79
6 Under Cluster Seings, select the check boxes for options that you want to disable or enable.
Option Description
Distributed Power Management
(DPM)
VMware DPM monitors the resource use of the running virtual machines
in the cluster. If sucient excess capacity exists, VMware DPM
recommends moving virtual machines to other hosts in the cluster and
placing the original host into standby mode to conserve power. If the
capacity is insucient, VMware DPM might recommend returning
standby hosts to a powered-on state.
If you do not choose to disable DPM, Update Manager skips the cluster on
which VMware DPM is enabled. If you choose to temporarily disable
VMware DPM, Update Manager disables DPM on the cluster, remediates
the hosts in the cluster, and re-enables VMware DPM after remediation is
complete.
High Availability (HA) admission
control
Admission control is a policy used by VMware HA to ensure failover
capacity within a cluster. If HA admission control is enabled during
remediation, the virtual machines within a cluster might not migrate with
vMotion.
If you do not choose to disable HA admission control, Update Manager
skips the cluster on which HA admission control is enabled. If you choose
to temporarily disable HA admission control, Update Manager disables
HA admission control, remediates the cluster, and re-enables HA
admission control after remediation is complete.
Fault Tolerance (FT) FT provides continuous availability for virtual machines by automatically
creating and maintaining a secondary virtual machine that is identical to
the primary virtual machine. If you do not choose to turn o FT for the
virtual machines on a host, Update Manager does not remediate that host.
Enable parallel remediation for
hosts in cluster
Update Manager can remediate hosts in clusters in a parallel manner.
Update Manager continuously evaluates the maximum number of hosts it
can remediate in parallel without disrupting DRS seings. If you do not
select the option, Update Manager remediates the hosts in a cluster
sequentially.
By design only one host from a vSAN cluster can be in a maintenance
mode at any time. Update Manager remediates hosts that are part of a
vSAN cluster sequentially even if you select the option to remediate them
in parallel.
Migrate powered off and suspended
virtual machines to other hosts in
the cluster, if a host must enter
maintenance mode
Update Manager migrates the suspended and powered o virtual
machines from hosts that must enter maintenance mode to other hosts in
the cluster. You can select to power o or suspend virtual machines before
remediation in the Maintenance Mode Seings pane.
7 Click OK.
These seings become the default failure response seings. You can specify dierent seings when you
congure individual remediation tasks.
Enable Remediation of PXE Booted ESXi Hosts
You can congure Update Manager to let other software initiate remediation of PXE booted ESXi hosts. The
remediation installs patches and software modules on the hosts, but typically the host updates are lost after
a reboot.
The global seing in the Update Manager  tab enables solutions such as ESX Agent Manager
or Cisco Nexus 1000V to initiate remediation of PXE booted ESXi hosts. In contrast, the Enable patch
remediation of powered on PXE booted ESXi hosts seing in the Remediate wizard enables Update
Manager to patch PXE booted hosts.
vSphere Update Manager Installation and Administration Guide
80 VMware, Inc.
To retain updates on stateless hosts after a reboot, use a PXE boot image that contains the updates. You can
update the PXE boot image before applying the updates with Update Manager, so that the updates are not
lost because of a reboot. Update Manager itself does not reboot the hosts because it does not install updates
requiring a reboot on PXE booted ESXi hosts.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and select Host/Cluster .
5 Click Edit.
The Edit Host/Cluster Seings dialog box opens.
6 Under Host Seings, select Allow installation of additional software on PXE booted ESXi hosts.
Selecting this option enables installation of software for solutions on PXE booted ESXi hosts in the
vSphere inventory that you manage with this Update Manager instance.
7 Click OK.
Take Snapshots Before Remediation
By default, Update Manager is congured to take snapshots of virtual machines before applying updates. If
the remediation fails, you can use the snapshot to return the virtual machine to the state before the
remediation.
Update Manager does not take snapshots of fault tolerant virtual machines and virtual machines that are
running virtual machine hardware version 3. If you decide to take snapshots of such virtual machines, the
remediation might fail.
You can choose to keep snapshots indenitely or for a xed period. Use the following guidelines when
managing snapshots:
nKeeping snapshots indenitely might consume a large amount of disk space and degrade virtual
machine performance.
nKeeping no snapshots saves space, ensures best virtual machine performance, and might reduce the
amount of time it takes to complete remediation, but limits the availability of a rollback.
nKeeping snapshots for a set period uses less disk space and oers a backup for a short time.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
Chapter 9 Configuring Update Manager
VMware, Inc. 81
3 Click the Manage tab.
4 Click , and select VM .
5 Click Edit.
The Edit VM Seings dialog box opens.
6 To enable or disable taking of snapshots of virtual machines before remediating them, select the Take a
snapshot of the virtual machines before remediation to enable rollback check box.
The option to take snapshots is selected by default.
7Congure snapshots to be kept indenitely or for a xed period.
8 Click Apply.
These seings become the default rollback option seings for virtual machines. You can specify dierent
seings when you congure individual remediation tasks.
Configure Smart Rebooting
Smart rebooting selectively restarts the virtual appliances and virtual machines in the vApp to maintain
startup dependencies. You can enable and disable smart rebooting of virtual appliances and virtual
machines in a vApp after remediation.
A vApp is a prebuilt software solution, consisting of one or more virtual machines and applications, which
are potentially operated, maintained, monitored, and updated as a unit.
Smart rebooting is enabled by default. If you disable smart rebooting, the virtual appliances and virtual
machines are restarted according to their individual remediation requirements, disregarding existing
startup dependencies.
Prerequisites
Required privileges: VMware vSphere Update Manager.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click , and click vApp .
5 Click Edit.
The vApp Seings dialog box opens.
6 Click the Enable smart reboot after remediation check box to enable or disable smart rebooting.
Configure the Update Manager Patch Repository Location
When you install Update Manager, you can select the location for storing the downloaded patches and
upgrade binaries. To change the location after installation, you must manually edit the vci-integrity.xml
le.
Procedure
1 Log in as an administrator to the machine on where Update Manager server runs.
vSphere Update Manager Installation and Administration Guide
82 VMware, Inc.
2 Stop the Update Manager service.
a Right-click My Computer and click Manage.
b In the left pane, expand Services and Applications, and click Services.
c In the right pane, right-click VMware vSphere Update Manager Service and click Stop.
3 Navigate to the Update Manager installation directory and locate the vci-integrity.xml le.
The default location is C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
4 (Optional) In case you want to revert to the previous conguration, create a backup copy of this le.
5 Edit the le by changing the following items:
<patchStore>your_new_location</patchStore>
The default patch download location is
C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data\.
The directory path must end with \.
6 Save the le in UTF-8 format, replacing the existing le.
7 Copy the contents from the old patch store directory to the new folder.
8 Start the Update Manager service by right-clicking VMware vSphere Update Manager Service in the
Computer Management window and selecting Start.
Restart the Update Manager Service
In certain cases, such as when you change the network connectivity seings, you must restart the
Update Manager service.
Procedure
1 Log in as the administrator to the machine on which the Update Manager server component is installed.
2 Right-click My Computer and click Manage.
3 In the left pane of the Computer Management window, expand Services and Applications and click
Services.
4 In the right pane, right-click VMware vSphere Update Manager Service and select Restart.
The service restarts on the local computer.
Run the VMware vSphere Update Manager Update Download Task
If you change the patch download source seings, you must run the VMware vSphere Update Manager
Update Download task to download any new patches, extensions, and notications.
Procedure
1 In the vSphere Web Client, select an inventory object, and select the Monitor tab.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter
Single Sign-On domain, specify the Update Manager instance to congure.
2 Click the Task & Events tab, and select Scheduled Tasks.
3 Right-click the VMware vSphere Update Manager Update Download task, and select Run.
You can see the running task listed in the Recent Tasks pane.
Chapter 9 Configuring Update Manager
VMware, Inc. 83
Update Manager Privileges
To congure Update Manager seings, to manage baselines, patches, and upgrades, you must have the
proper privileges. You can assign Update Manager privileges to dierent roles from the vSphere Web Client.
Update Manager privileges cover distinct functionalities.
Table 93. Update Manager Privileges
Privilege Group Privilege Description
Congure  Service Congure the Update Manager service and
the scheduled patch download task.
Manage Baseline  Baseline Aach baselines and baseline groups to
objects in the vSphere inventory.
Manage Baseline Create, edit, or delete baseline and baseline
groups.
Manage Patches and Upgrades Remediate to Apply Patches,
Extensions, and Upgrades
Remediate virtual machines, virtual
appliances, and hosts to apply patches,
extensions, or upgrades. In addition, this
privilege allows you to view compliance
status.
Scan for Applicable Patches,
Extensions, and Upgrades
Scan virtual machines, virtual appliances,
and hosts to search for applicable patches,
extensions, or upgrades.
Stage Patches and Extensions Stage patches or extensions to hosts. In
addition, this privilege allows you to view
compliance status of the hosts.
View Compliance Status View baseline compliance information for
an object in the vSphere inventory.
Upload File Upload File Upload upgrade images and oine patch
bundles.
For more information about managing users, groups, roles, and permissions, see vCenter Server and Host
Management.
vSphere Update Manager Installation and Administration Guide
84 VMware, Inc.
Working with Baselines and Baseline
Groups 10
Update Manager baselines are hosts baselines, virtual machine baselines, and virtual appliance baselines. To
upgrade objects in your vSphere inventory, you can use predenes baselines, system-managed baselines, or
custom baselines that you create.
When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and
baseline groups to determine their level of compliance.
In the vSphere Web Client, the baselines and baseline groups are displayed on the Host Baselines and
VMs/VAs Baselines tabs of the Update Manager Admin view.
Depending on the purpose for which you want to use them, host baselines can contain a collection of one or
more patches, extensions, or upgrades. Therefore host baselines are upgrade, extension, or patch baselines.
To update or upgrade your hosts you can use the Update Manager default baselines, or custom baselines
that you create.
The VMs/VAs baselines are predened. You cannot create custom VMs/VAs baselines.
The default baselines are the predened and system managed baselines.
System Managed Baselines
The Update Manager displays system managed baselines that are generated by vSAN. These baselines
appear by default when you use vSAN clusters with ESXi hosts of version 6.0 Update 2 and later in your
vSphere inventory. If your vSphere environment does not contain any vSAN clusters, no system managed
baselines are created.
The system managed baselines automatically update their content periodically, which requires Update
Manager to have constant access to the Internet. The vSAN system baselines are typically refreshed every 24
hours.
You can use the system managed baselines to upgrade your vSAN clusters to recommended critical patches,
drivers, updates or latest supported ESXi host version for vSAN.
Predefined Baselines
Predened baselines cannot be edited or deleted, you can only aach or detach them to the respective
inventory objects.
VMware, Inc. 85
Under the Host Baselines tab in Update Manager Admin view, you can see the following predened
baselines:
Critical Host Patches
(Predefined)
Checks ESXi hosts for compliance with all critical patches.
Non-Critical Host
Patches (Predefined)
Checks ESXi hosts for compliance with all optional patches.
Under the VMs/VAs Baselines tab Update Manager Admin view, you can see the following predened
baselines:
VMware Tools Upgrade
to Match Host
(Predefined)
Checks virtual machines for compliance with the latest VMware Tools
version on the host. Update Manager supports upgrading of VMware Tools
for virtual machines on hosts that are running ESXi 5.5.x and later.
VM Hardware Upgrade
to Match Host
(Predefined)
Checks the virtual hardware of a virtual machine for compliance with the
latest version supported by the host. Update Manager supports upgrading to
virtual hardware version vmx-13 on hosts that are running ESXi 6.5 .
VA Upgrade to Latest
(Predefined)
Checks virtual appliance compliance with the latest released virtual
appliance version.
Custom Baselines
Custom baselines are the baselines you create.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain and you have an Update Manager instance for each vCenter Server system in the group,
the baselines and baseline groups you create and manage are applicable only to inventory objects managed
by the vCenter Server system with which the selected Update Manager instance is registered. You can use
an Update Manager instance only with a vCenter Server system with which the instance is registered.
Baseline Groups
Baseline groups are assembled from existing baselines. A baseline group might contain one upgrade
baseline, and one or more patch and extension baselines, or might contain a combination of multiple patch
and extension baselines.
To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline privilege. To
aach baselines and baseline groups, you must have the  Baseline privilege. Privileges must be
assigned on the vCenter Server system with which Update Manager is registered. For more information
about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of
Update Manager privileges and their descriptions, see “Update Manager Privileges,” on page 84.
This chapter includes the following topics:
n“Creating and Managing Baselines,” on page 87
n“Creating and Managing Baseline Groups,” on page 97
nAach Baselines and Baseline Groups to Objects,” on page 101
n“Detach Baselines and Baseline Groups from Objects,” on page 102
vSphere Update Manager Installation and Administration Guide
86 VMware, Inc.
Creating and Managing Baselines
You can create custom patches, extensions, and upgrade baselines to meet the needs of your specic
deployment by using the New Baseline wizard. You create and manage baselines in the
Update Manager Client Administration view.
Update Manager also provides default baselines that you cannot edit or delete. Default baselines are the
predened baselines that contain patches for hosts and updates for VMs and virtual appliances. The other
type of default baselines is the system managed baselines that you can use to check if your vSAN clusters
run the latest supported software.
Create and Edit Patch or Extension Baselines
You can remediate hosts against baselines that contain patches or extensions. Depending on the patch
criteria you select, patch baselines can be either dynamic or xed.
Dynamic patch baselines contain a set of patches, which updates automatically according to patch
availability and the criteria that you specify. Fixed baselines contain only patches that you select, regardless
of new patch downloads.
Extension baselines contain additional software modules for ESXi hosts. This additional software might be
VMware software or third-party software. You can install additional modules by using extension baselines,
and update the installed modules by using patch baselines.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have more than one Update Manager instance, patch and extension baselines that
you create are not applicable to all inventory objects managed by other vCenter Server systems. Baselines
are specic for the Update Manager instance you select.
Prerequisites
Ensure that you have the Manage Baseline privilege.
nCreate a Fixed Patch Baseline on page 88
Fixed baselines consist of a specic set of patches that do not change as patch availability changes.
nCreate a Dynamic Patch Baseline on page 88
Dynamic baselines consist of a set of patches that meet certain criteria. The contents of a dynamic
baseline varies as the available patches change. You can also exclude or add specic patches. Patches
you select to add or exclude do not change with new patch downloads.
nCreate a Host Extension Baseline on page 89
Extension baselines contain additional software for ESXi hosts. This additional software might be
VMware software or third-party software. You create host extension baselines using the New Baseline
wizard.
nFilter Patches or Extensions in the New Baseline Wizard on page 90
When you create a patch or extension baseline, you can lter the patches and extensions available in
the Update Manager repository to nd specic patches and extensions to exclude or include in the
baseline.
nEdit a Patch Baseline on page 91
You can edit an existing host patch baseline.
nEdit a Host Extension Baseline on page 91
You can change the name, description, and composition of an existing extension baseline.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 87
Create a Fixed Patch Baseline
Fixed baselines consist of a specic set of patches that do not change as patch availability changes.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the Host Baselines tab, click New baseline.
6 Type a name, and optionally, a description of the baseline.
7 Under Baseline Type, select Host Patch, and click Next.
8 On the Patch Options page, select Fixed for the type of baseline, and click Next.
9 Select individual patches to include in the baseline.
10 (Optional) Click Advanced to nd specic patches to include in the baseline.
11 Click Next.
12 Review the Ready to Complete page, and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Create a Dynamic Patch Baseline
Dynamic baselines consist of a set of patches that meet certain criteria. The contents of a dynamic baseline
varies as the available patches change. You can also exclude or add specic patches. Patches you select to
add or exclude do not change with new patch downloads.
Prerequisites
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the Host Baselines tab, click Create a new baseline.
6 Type a name, and optionally, a description of the baseline.
7 Under Baseline Type select Host Patch, and click Next.
8 On the Patch Options page, select Dynamic as the type of baseline, and click Next.
vSphere Update Manager Installation and Administration Guide
88 VMware, Inc.
9 On the Criteria page, specify the criteria to dene the patches to include, and then click Next.
Option Description
Patch Vendor Species which patch vendor to use.
Product Restricts the set of patches to the selected products or operating systems.
The asterisk at the end of a product name is a wildcard character for any
version number.
Severity Species the severity of patches to include.
Category Species the category of patches to include.
Release Date Species the range for the release dates of the patches.
The relationship between these elds is dened by the Boolean operator AND.
For example, when you select a product and severity option, the patches are restricted to the ones that
are applicable for the selected product and are of the specied severity level.
10 (Optional) On the Patches to Exclude page, select one or more patches from the list.
11 (Optional) Click Advanced to search for specic patches to exclude from the baseline.
12 Click Next.
13 (Optional) On the Additional patches page, select individual patches to include in the baseline and click
the down arrow to move them into the Fixed Patches to Add list.
The patches you add to the dynamic baseline stay in the baseline regardless of the new downloaded
patches.
14 (Optional) Click Advanced to search for specic patches to include in the baseline.
15 Click Next.
16 Review the Ready to Complete page, and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Create a Host Extension Baseline
Extension baselines contain additional software for ESXi hosts. This additional software might be VMware
software or third-party software. You create host extension baselines using the New Baseline wizard.
Extensions can provide additional features, updated drivers for hardware, Common Information Model
(CIM) providers for managing third-party modules on the host, improvements to the performance or
usability of existing host features, and so on.
Host extension baselines that you create are always xed. You must carefully select the appropriate
extensions for the ESXi hosts in your environment.
To perform the initial installation of an extension, you must use an extension baseline. After the extension is
installed on the host, you can update the extension module with either patch or extension baselines.
N When applying extension baselines by using Update Manager, you must be aware of the functional
implications of new modules to the host. Extension modules might alter the behavior of ESXi hosts. During
installation of extensions, Update Manager only performs the checks and verications expressed at the
package level.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 89
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the Host Baselines tab, click New baseline.
6 Type a name, and optionally, a description of the baseline.
7 Under Baseline Type, select Host Extension, and click Next.
8 On the Extensions page, select individual extensions to include in the baseline.
9 (Optional) Select an extension, and click Show Patch Details to see additional information.
10 Click Next.
11 Review the Ready to Complete page, and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Filter Patches or Extensions in the New Baseline Wizard
When you create a patch or extension baseline, you can lter the patches and extensions available in the
Update Manager repository to nd specic patches and extensions to exclude or include in the baseline.
Procedure
1 In the New Baseline wizard, click Advanced.
nIf you are creating a xed patch baseline, on the Patches page, click Advanced.
nIf you are creating a dynamic patch baseline, on the Patches to Exclude or Additional Patches page,
click Advanced.
nIf you are creating a host extension baseline, on the Extensions page, click Advanced.
2 On the Filter Patches or Filter Extensions page, specify the criteria to dene the patches or extensions to
include or exclude.
Option Description
Patch Vendor Species which patch or extension vendor to use.
Product Restricts the set of patches or extensions to the selected products or
operating systems.
The asterisk at the end of a product name is a wildcard character for any
version number.
Severity Species the severity of patches or extensions to include.
Category Species the category of patches or extensions to include.
Release Date Species the range for the release dates of the patches or extensions.
Text Restricts the patches or extensions to those containing the text that you
enter.
The relationship between these elds is dened by the Boolean operator AND.
3 Click Find.
The patches or extensions in the New Baseline wizard are ltered with the criteria that you specied.
vSphere Update Manager Installation and Administration Guide
90 VMware, Inc.
Edit a Patch Baseline
You can edit an existing host patch baseline.
In the vSphere Web Client, you edit patch baselines from the Update Manager Admin view.
Prerequisites
Ensure that you have the Manage Baseline privilege.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click Host Baselines .
6 Select a patch baseline and click Edit above the Baselines pane.
7 Edit the name and description of the baseline and click Next.
8 Go through the Edit Baseline wizard to change the criteria, and select patches to include or exclude.
9 Review the Ready to Complete page, and click Finish.
Edit a Host Extension Baseline
You can change the name, description, and composition of an existing extension baseline.
In the vSphere Web Client, you edit patch baselines from the Update Manager Admin view.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Manage Baselines.Manage Baseline.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click Host Baselines .
6 Select an extension baseline, and click Edit above the Baselines pane.
7 Edit the name and description of the baseline, and click Next.
8 Make your changes by going through the Edit Baseline wizard.
9 Review the Ready to Complete page, and click Finish.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 91
Create and Edit Host Upgrade Baselines
You can create an ESXi host upgrade baseline by using the New Baseline wizard. You can create host
baselines with already uploaded ESXi 6.5 images.
You can upload and manage ESXi images from the ESXi Images tab of the Update Manager Administration
view.
Update Manager 6.5 supports upgrade from ESXi 5.5.x and ESXi 6.0.x to ESXi 6.5.
Before uploading ESXi images, obtain the image les from the VMware Web site or another source. You can
create custom ESXi images that contain third-party VIBs by using vSphere ESXi Image Builder. For more
information, see Customizing Installations with vSphere ESXi Image Builder.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have more than one Update Manager instance, host upgrade les that you upload
and baselines that you create are not applicable to the hosts managed by other vCenter Server systems.
Upgrade les and baselines are specic for the Update Manager instance you select.
nImport Host Upgrade Images and Create Host Upgrade Baselines on page 92
You can create upgrade baselines for ESXi hosts with ESXi 6.5 images that you import to the
Update Manager repository.
nCreate a Host Upgrade Baseline on page 93
To upgrade the hosts in your vSphere environment, you must create host upgrade baselines.
nEdit a Host Upgrade Baseline on page 94
You can change the name, description, and upgrade options of an existing host upgrade baseline. You
cannot delete a host upgrade image by editing the host upgrade baseline.
nDelete ESXi Images on page 94
You can delete ESXi images from the Update Manager repository if you no longer need them.
Import Host Upgrade Images and Create Host Upgrade Baselines
You can create upgrade baselines for ESXi hosts with ESXi 6.5 images that you import to the
Update Manager repository.
You can use ESXi .iso images to upgrade ESXi 5.5.x hosts and ESXi 6.0.x hosts to ESXi 6.5 .
To upgrade hosts, use the ESXi installer image distributed by VMware with the name format VMware-
VMvisor-Installer-6.5.0-build_number.x86_64.iso or a custom image created by using vSphere ESXi
Image Builder.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Upload File.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click ESXi Images, and click Import ESXi Image.
vSphere Update Manager Installation and Administration Guide
92 VMware, Inc.
6 On the Select ESXi Image page of the Import ESXi Image wizard, browse to and select the ESXi image
that you want to upload.
7 Click Next.
C Do not close the import wizard. Closing the import wizard stops the upload process.
8 (Optional) In the Security Warning window, select an option to handle the certicate warning.
A trusted certicate authority does not sign the certicates that are generated for vCenter Server and
ESXi hosts during installation. Because of this, each time an SSL connection is made to one of these
systems, the client displays a warning.
Option Action
Ignore Click Ignore to continue using the current SSL certicate and start the
upload process.
Cancel Click Cancel to close the window and stop the upload process.
Install this certificate and do not
display any security warnings
Select this check box and click Ignore to install the certicate and stop
receiving security warnings.
9 After the le is uploaded, click Next.
10 (Optional) Create a host upgrade baseline.
a Leave the Create a baseline using the ESXi image selected.
b Specify a name, and optionally, a description for the host upgrade baseline.
11 Click Finish.
The ESXi image that you uploaded appears in the Imported ESXi Images pane. You can see more
information about the software packages that are included in the ESXi image in the Software Packages pane.
If you also created a host upgrade baseline, the new baseline is displayed in the Baselines pane of the
Baselines and Groups tab.
What to do next
To upgrade the hosts in your environment, you must create a host upgrade baseline if you have not already
done so.
Create a Host Upgrade Baseline
To upgrade the hosts in your vSphere environment, you must create host upgrade baselines.
Prerequisites
Upload at least one ESXi image.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 93
5 On the Host Baselines tab, click New baseline.
6 Type a name, and optionally, a description of the baseline.
7 Under Baseline Type, select Host Upgrade, and click Next.
8 On the ESXi Image page, select a host upgrade image and click Next.
9 Review the Ready to Complete page and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Edit a Host Upgrade Baseline
You can change the name, description, and upgrade options of an existing host upgrade baseline. You
cannot delete a host upgrade image by editing the host upgrade baseline.
In the vSphere Web Client you can edit upgrade baselines from the Update Manager Client Administration
view.
Prerequisites
Ensure that you have the Manage Baseline privilege.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click Host Baselines .
6 Select an existing host upgrade baseline, and click Edit above the Baselines pane.
7 Edit the name and description of the baseline, and click Next.
8 Make your changes by going through the Edit Baseline wizard.
9 Review the Ready to Complete page, and click Finish.
Delete ESXi Images
You can delete ESXi images from the Update Manager repository if you no longer need them.
Connect thevSphere Web Client to a vCenter Server system with which Update Manager is registered, and
on the Home page, click Update Manager icon.
Prerequisites
Verify that the ESXi images are not included in baselines. You cannot delete images that are included in a
baseline.
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
vSphere Update Manager Installation and Administration Guide
94 VMware, Inc.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab.
4 Click the ESXi Images tab.
5 Under Imported ESXi Images, select the le you want to delete and click Delete.
6 Click Yes to conrm the deletion.
The ESXi image is deleted and no longer available.
Create and Edit a Virtual Appliance Upgrade Baseline
A virtual appliance upgrade baseline contains a set of updates to the operating system and to the
applications installed in the virtual appliance. The virtual appliance vendor considers these updates an
upgrade.
Virtual appliance baselines that you create consist of a set of user-dened rules. If you add rules that
conict, the Update Manager displays an Upgrade Rule Conict window so that you can resolve the
conicts.
Virtual appliance baselines let you upgrade virtual appliances either to the latest available version or to a
specic version number.
nCreate a Virtual Appliance Upgrade Baseline on page 95
You upgrade virtual appliances by using a virtual appliance upgrade baseline. You can either use the
predened virtual appliance upgrade baseline, or create custom virtual appliance upgrade baselines.
nEdit a Virtual Appliance Upgrade Baseline on page 96
You can change the name, description, and upgrade options of an existing upgrade baseline.
Create a Virtual Appliance Upgrade Baseline
You upgrade virtual appliances by using a virtual appliance upgrade baseline. You can either use the
predened virtual appliance upgrade baseline, or create custom virtual appliance upgrade baselines.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, click Create new baseline.
6 Type a name, and optionally, a description of the baseline.
7 Under Baseline Type, select VA Upgrade, and click Next.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 95
8 On the Upgrade Options page, select Vendor and Appliance options from the respective drop-down
menus.
The options listed in these menus depend on the virtual appliance upgrades that are downloaded in the
Update Manager repository. If no upgrades are downloaded in the repository, the available options are
All Vendors and All Products, respectively.
9 Select an option from the Upgrade To drop-down menu.
Option Description
Latest Upgrades the virtual appliance to the latest version.
A specific version number Upgrades the virtual appliance to a specic version. This option is
available when you select a specic vendor and appliance name.
Do Not Upgrade Does not upgrade the virtual appliance.
10 Click Add Rule.
11 (Optional) Add multiple rules.
a Click Add Multiple Rules.
b Select one or all vendors.
c Select one or all appliances.
d Select one Upgrade To option to apply to the selected appliances, and click OK.
If you create multiple rules to apply to the same virtual appliance, only the rst applicable rule in the
list is applied.
12 (Optional) Resolve any conicts within the rules you apply.
a In the Upgrade Rule Conict window, select whether to keep the existing rules, to use the newly
created rules, or to manually resolve the conict.
b Click OK.
13 Click Next.
14 Review the Ready to Complete page, and click Finish.
The new baseline is displayed in the Baselines pane of the Baselines and Groups tab.
Edit a Virtual Appliance Upgrade Baseline
You can change the name, description, and upgrade options of an existing upgrade baseline.
You can edit upgrade baselines from the Update Manager Admin view.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click VMs/VAs Baselines .
6 Select an existing baseline and click Edit existing baseline .
vSphere Update Manager Installation and Administration Guide
96 VMware, Inc.
7 Edit the name and the description of the baseline, and click Next.
8 Edit the upgrade options, and click Next.
9 Review the Ready to Complete page, and click Finish.
Delete Baselines
You can delete baselines that you no longer need from Update Manager. Deleting a baseline detaches it from
all the objects to which the baseline is aached.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, select the baselines to remove, and click Delete the baseline .
6 In the conrmation dialog box, click Yes.
The baseline is deleted.
Creating and Managing Baseline Groups
A baseline group consists of a set of non-conicting baselines. Baseline groups allow you to scan and
remediate objects against multiple baselines at the same time.
You can perform an orchestrated upgrade of the virtual machines by remediating the same folder or
datacenter against a baseline group containing the following baselines:
nVMware Tools Upgrade to Match Host
nVM Hardware Upgrade to Match Host
You can perform an orchestrated upgrade of hosts by using a baseline group that contains a single host
upgrade baseline and multiple patch or extension baselines.
You can create two types of baseline groups depending on the object type to which you want to apply them:
nBaseline groups for hosts
nBaseline groups for virtual machines and virtual appliances
Baseline groups that you create are displayed on the Baselines and Groups tab of the Update Manager
Client Administration view.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have more than one Update Manager instance, baseline groups you create are not
applicable to all inventory objects managed by other vCenter Server systems in the group. Baseline groups
are specic for the Update Manager instance that you select.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 97
Create a Host Baseline Group
You can combine one host upgrade baseline with multiple patch or extension baselines, or combine multiple
patch and extension baselines in a baseline group.
N You can click Finish in the New Baseline Group wizard at any time to save your baseline group and
add baselines to it at a later stage.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the Host Baselines tab, click New Baseline Group above the Baseline Groups pane.
6 Enter a unique name for the baseline group and click Next.
7 Select a host upgrade baseline to include it in the baseline group.
8 (Optional) Create a new host upgrade baseline by clicking Create a new Host Upgrade Baseline at the
boom of the Upgrades page, and complete the New Baseline wizard.
9 Click Next.
10 Select the patch baselines that you want to include in the baseline group.
11 (Optional) Create a new patch baseline by clicking Create a new Host Patch Baseline at the boom of
the Patches page, and complete the New Baseline wizard.
12 Click Next.
13 Select the extension baselines to include in the baseline group.
14 (Optional) Create a new extension baseline by clicking Create a new Extension Baseline at the boom
of the Patches page, and complete the New Baseline wizard.
15 Review the Ready to Complete page, and click Finish.
The host baseline group is displayed in the Baseline Groups pane.
Create a Virtual Machine and Virtual Appliance Baseline Group
You can combine upgrade baselines in a virtual machine and virtual appliance baseline group.
N You can click Finish in the New Baseline Group wizard at any time to save your baseline group, and
add baselines to it at a later stage.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
vSphere Update Manager Installation and Administration Guide
98 VMware, Inc.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, click Create new baseline  group.
6 Enter a name for the baseline group, and click Next.
7 For each type of upgrade (virtual appliance, virtual hardware, and VMware Tools), select one of the
available upgrade baselines to include in the baseline group.
N If you decide to remediate only virtual appliances, the upgrades for virtual machines are
ignored, and the reverse. If a folder contains both virtual machines and virtual appliances, the
appropriate upgrades are applied to each type of object.
8 Click Next.
9 Review the Ready to Complete page, and click Finish.
The new baseline group is displayed in the Baseline Groups pane.
Edit a Baseline Group
You can change the name and type of an existing baseline group. You can also edit a baseline group by
adding or removing the upgrade and patch baselines a baseline group contains.
In the vSphere Web Client, you edit baseline groups from the Update Manager Admin view.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Manage Baselines.Manage Baseline.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 Click VMs/VAs Baselines .
6 Select an existing baseline, and click Edit existing baseline .
7 Edit the name of the baseline group.
8 (Optional) Change the included upgrade baselines (if any).
9 (Optional) Change the included patch baselines (if any).
10 (Optional) Change the included extension baselines (if any).
11 Review the Ready to Complete page and click OK.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 99
Add Baselines to a Baseline Group
You can add a patch, extension, or upgrade baseline to an existing baseline group.
In the vSphere Web Client, you can add baselines to baseline groups from the
Update Manager Administration view.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Manage Baselines.Manage Baseline.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, select an existing baseline group, and click Edit existing baseline
group .
6 From the Upgrades page, select a baseline group and expand it to view the included baselines.
7 Select or deselect the baselines from the list.
The baseline is added to the selected baseline group.
Remove Baselines from a Baseline Group
You can remove individual baselines from existing baseline groups.
In the vSphere Web Client, you can edit the contents of baseline groups from the Update Manager Admin
view.
Prerequisites
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, select an existing baseline group, and expand it to view the included
baselines.
6 Select a baseline from the Baseline Groups pane on the right and click the left arrow.
The baseline is removed from the selected baseline group.
vSphere Update Manager Installation and Administration Guide
100 VMware, Inc.
Delete Baseline Groups
You can delete baseline groups that you no longer need from Update Manager. Deleting a baseline group
detaches it from all the objects to which the baseline group is aached.
In the vSphere Web Client, you can delete baseline groups from the Update Manager Admin view.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the Home view of the vSphere Web Client, select the Update Manager icon.
3 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
4 Click the Manage tab.
5 On the VMs/VAs Baselines tab, select an existing baseline group, and click Delete.
6 In the conrmation dialog box, click Yes.
The baseline group is deleted.
Attach Baselines and Baseline Groups to Objects
To view compliance information and scan objects in the inventory against baselines and baseline groups,
you must rst aach existing baselines and baseline groups to these objects. You can aach baselines and
baseline groups to objects.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Manage Baselines. Baseline.
Procedure
1 Select the type of object in the vSphere Web Client object navigator.
For example, Hosts and Clusters or VMs and Templates, and select an object or a container object.
2 Select the Update Manager tab.
3 In the Aach Baseline or Baseline Group window, select one or more baselines or baseline groups to
aach to the object.
If you select one or more baseline groups, all baselines in the groups are selected. You cannot deselect
individual baselines in a group.
4 (Optional) Create a baseline or a baseline group, if the existing baselines and groups do not match your
task, and complete the remaining steps in the respective wizard.
The Aach Baseline or Group window collapses to the Work In Progress pane, and the respective New
Baseline Group window or New Baseline Group window opens. When you complete the steps to create
the baseline or the baseline group, the Aach Baseline or Group window reopens.
5 Click OK.
What to do next
Scan the selected object against the aached baselines.
Chapter 10 Working with Baselines and Baseline Groups
VMware, Inc. 101
Detach Baselines and Baseline Groups from Objects
You can detach baselines and baseline groups from objects to which the baselines or baseline groups are
directly aached. Because vSphere objects can have inherited properties, you might have to select the
container object where the baseline or baseline group is aached and then detach it from the container
object.
Prerequisites
nRequired privileges: VMware vSphere Update Manager.Manage Baselines. Baseline.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 In the vSphere Web Client navigator, select Hosts and Clusters or VMs and Templates.
3 Select the object in the inventory, and select Update Manager.
4 Remove a baseline or a baseline group that is aached to the object.
a To remove a baseline, select the baseline, and click Detach on the upper left corner of the Aached
Baselines pane.
b To remove a baseline group, select the baseline group from the  Baseline Groups drop-
down menu, and click Detach at the upper right corner of the  Baseline Groups drop-
down menu.
You cannot detach an individual baseline from the group. You can only detach the entire baseline
group.
5 In the Detach Baseline Group dialog box, select the entities that you want to detach the baseline or the
baseline group from.
6 Click OK.
The baseline or baseline group that you detach is no longer listed in the Aached Baselines pane or the
Aached Baseline Groups drop-down menu.
vSphere Update Manager Installation and Administration Guide
102 VMware, Inc.
Scanning vSphere Objects and
Viewing Scan Results 11
Scanning is the process in which aributes of a set of hosts, virtual machines, or virtual appliances are
evaluated against the patches, extensions, and upgrades included in the aached baselines and baseline
groups.
You can congure Update Manager to scan virtual machines, virtual appliances, and ESXi hosts by
manually initiating or scheduling scans to generate compliance information. To generate compliance
information and view scan results, you must aach baselines and baseline groups to the objects you scan.
To initiate or schedule scans, you must have the Scan for Applicable Patches, Extensions, and Upgrades
privilege. For more information about managing users, groups, roles, and permissions, see vCenter Server
and Host Management. For a list of Update Manager privileges and their descriptions, see “Update Manager
Privileges,” on page 84.
You can scan vSphere objects from the Update Manager Client Compliance view.
This chapter includes the following topics:
n“Manually Initiate a Scan of ESXi Hosts,” on page 103
n“Manually Initiate a Scan of Virtual Machines and Virtual Appliances,” on page 104
n“Manually Initiate a Scan of a Container Object,” on page 104
n“Schedule a Scan,” on page 105
n“Viewing Scan Results and Compliance States for vSphere Objects,” on page 105
Manually Initiate a Scan of ESXi Hosts
Before remediation, you should scan the vSphere objects against the aached baselines and baseline groups.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 Select Home > Hosts and Clusters.
3 Select a host.
4 Select the Update Manager tab.
5 Click Scan for Updates.
The Scan for Updates dialog box opens.
6 Select the types of updates to scan for.
You can scan for Patches and Extensions and Upgrades.
VMware, Inc. 103
7 Click OK.
The selected host, or the container object is scanned against all patches, extensions, and upgrades in the
aached baselines.
What to do next
Stage and remediate the scanned inventory object with Update Manager in the vSphere Web Client.
Manually Initiate a Scan of Virtual Machines and Virtual Appliances
You can scan virtual machines and virtual appliances in the vSphere inventory against aached baselines
and baseline groups.
After you import a VMware Studio created virtual appliance in the vSphere Web Client, power it on so that
it is discovered as a virtual appliance.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 From the inventory object navigator, select a virtual machine, and click the Update Manager tab.
3 Click Scan for Updates.
The Scan for Updates wizard opens.
4 Select the types of updates to scan for.
You can scan for Virtual appliance upgrades, VMware Tools upgrades, and VM Hardware upgrades.
5 Click OK.
The virtual machines and appliances are scanned against the aached baselines, depending on the options
that you selected.
What to do next
Stage and remediate the scanned inventory object with Update Manager in the vSphere Web Client.
Manually Initiate a Scan of a Container Object
Start a simultaneous scan of hosts, virtual machines, and virtual appliances, by scanning a container object
that is a data center or a data center folder.
After you import a VMware Studio created virtual appliance in the vSphere Web Client, power it on so that
it is discovered as a virtual appliance.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 From the inventory object navigator, right-click a vCenter Server instance, a data center, a cluster, or a
VM Folder, and select Update Manager > Scan for Updates.
The Scan wizard opens.
3 Select the types of updates for which you want to perform scan operation.
nFor the ESXi hosts in the container object, you can scan for Patches and Extensions and Upgrades.
nFor virtual machines and virtual appliances in the data center, you can scan for Virtual appliance
upgrades, VMware Tools upgrades, and VM Hardware upgrades.
vSphere Update Manager Installation and Administration Guide
104 VMware, Inc.
4 Click OK.
The selected inventory object and all child objects are scanned against the aached baselines, depending on
the options that you selected. The larger the virtual infrastructure and the higher up in the object hierarchy
you initiate the scan, the longer the scan takes.
What to do next
Stage and remediate the scanned inventory object with Update Manager in the vSphere Web Client.
Schedule a Scan
You can congure the vSphere Web Client to scan virtual machines, virtual appliances, and ESXi hosts at
specic times or at intervals that are convenient for you.
Procedure
1 Connect the vSphere Web Client to a vCenter Server system with which Update Manager is registered,
and select an object from the inventory.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter
Single Sign-On domain, specify the Update Manager instance that you want to use to schedule a scan
task by selecting the name of the corresponding vCenter Server system in the navigation bar.
2 In the inventory tree, select the inventory object to be scanned.
All child objects of the object that you select are also scanned.
3 Select the Monitor tab, and click Task & Events.
4 Select Scheduled Tasks, and click Schedule a New Task.
5 Select Scan for Updates from the drop-down list that appears.
The Scan for Updates wizard opens.
6 On the Edit Seings page, select the types of updates to scan the inventory object for.
You must select at least one scan type.
7 On the Scheduling options page, describe and schedule the scan task.
a Enter a unique name, and optionally, a description for the scan task.
b Click Change to set the frequency and the start time for the scan task.
c (Optional) Specify one or more email addresses to receive notication after the scan task is
complete.
You must congure mail seings for the vCenter Server system to enable this option.
8 Click OK.
The scan task is listed in the Scheduled Tasks view of the vSphere Web Client.
Viewing Scan Results and Compliance States for vSphere Objects
Update Manager scans objects to determine how they comply with the aached baselines and baseline
groups. You can review compliance by examining results for a single virtual machine, virtual appliance,
template, or ESXi host, as well as for a group of virtual machines, appliances, or hosts.
Supported groups of virtual machines, appliances, or ESXi hosts include virtual infrastructure container
objects such as folders, vApps, clusters, and datacenters.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 105
Baselines and baseline groups interact with virtual machines, virtual appliances, templates, and hosts in the
following ways:
nObjects must have an aached baseline or baseline group to be examined for compliance information.
nCompliance with baselines and baseline groups is assessed at the time of viewing, so a brief pause
might occur while information is gathered to make sure that all information is current.
nCompliance status is displayed based on privileges. Users with the privilege to view a container, but
not all the contents of the container are shown the aggregate compliance of all objects in the container. If
a user does not have permission to view an object, its contents, or a particular virtual machine, the
results of those scans are not displayed. To view the compliance status, the user must also have the
privilege to view compliance status for an object in the inventory. Users that have privileges to
remediate against patches, extensions, and upgrades and to stage patches and extensions on a
particular inventory object, can view the compliance status of the same object even if they do not have
the view compliance privilege. For more information about the Update Manager privileges, see
“Update Manager Privileges,” on page 84. For more information about managing users, groups, roles
and permissions, see vCenter Server and Host Management.
In the vSphere infrastructure hierarchy, the baseline and baseline groups you aach to container objects are
also aached to the child objects. Consequently, the computed compliance state is also inherited. For
example, a baseline or baseline group aached to a folder is inherited by all objects in the folder (including
subfolders), but the status of inherited baselines or baseline groups propagates upwards, from the contained
objects to the folder. Consider a folder that contains two objects A and B. If you aach a baseline (baseline 1)
to the folder, both A and B inherit baseline 1. If the baseline state is noncompliant for A and compliant for B,
the overall state of baseline 1 against the folder is non-compliant. If you aach another baseline (baseline 2)
to B, and baseline 2 is incompatible with B, the overall status of the folder is incompatible.
N After a download of patch recall notications, Update Manager ags recalled patches but their
compliance state does not refresh automatically. You must perform a scan to view the updated compliance
state of patches aected by the recall.
View Compliance Information for vSphere Objects
You can review compliance information for the virtual machines, virtual appliances, and hosts against
baselines and baseline groups that you aach.
When you select a container object, you view the overall compliance status of the aached baselines, and all
the individual compliance statuses. If you select an individual baseline aached to the container object, you
see the compliance status of the baseline.
If you select an individual virtual machine, appliance, or host, you see the overall compliance status of the
selected object against all aached baselines and the number of updates. If you further select an individual
baseline aached to this object, you see the number of updates grouped by the compliance status for that
baseline.
Procedure
1 Depending on the compliance information you want to see, perform the following steps:
a To view host compliance information, select Home > Hosts and Clusters, and select a host, a
cluster, a data center, or a vCenter Server instance.
b To view virtual machine compliance information, select Home > VMs and Templates, and select a
virtual machine, a folder, or a virtual appliance.
2 Click the Update Manager tab.
3 Select one of the aached baselines to view compliance information for the object against the selected
baseline.
vSphere Update Manager Installation and Administration Guide
106 VMware, Inc.
You can see the compliance information in the table below the aached baselines to the object.
Review Compliance with Individual vSphere Objects
Scan results provide information about the degree of compliance with aached baselines and baseline
groups. You can view information about individual vSphere objects and about the patches, extensions, and
upgrades included in a baseline or a baseline group.
The following information is included in the scan results:
nThe last time that a scan was completed at this level.
nThe total number of noncompliant, incompatible, unknown, and compliant updates.
nFor each baseline or baseline group, the number of virtual machines, appliances, or hosts that are
applicable, noncompliant, incompatible, unknown, or compliant.
nFor each baseline or baseline group, the number of updates that are applicable to particular virtual
machines, appliances, or hosts.
Procedure
1 Connect the vSphere Web Client to a vCenter Server system with which Update Manager is registered,
and select Home > Inventory.
2 Select the type of object for which you want to view scan results.
For example, Hosts and Clusters or VMs and Templates.
3 Select an individual object from the inventory, such as a virtual machine, virtual appliance, or host.
4 Click the Update Manager tab.
5 Select a baseline group or baseline.
Select All Groups and Independent Baselines in the Aached Baseline Groups pane and All in the
Aached Baselines pane to view the overall compliance of all aached baselines and baseline groups.
6 In the Compliance pane, select the All Applicable compliance status to view the overall compliance
status of the selected object.
The selected object together with the number of patches, upgrades, and extensions (if the selected object
is a host) appear in the boom pane of the Update Manager tab.
7 Click a number link in the boom pane of the Update Manager tab to see more details about updates.
Column Description
Patches The link indicates the number of patches in the selected compliance state
and opens the Patch Details window.
Upgrades The link indicates the number of upgrades in the selected compliance state
and opens the Upgrade Details window.
Extensions The link indicates the number of extensions in the selected compliance
state and opens the Extension Details window.
Change log The link is available only if the upgrade in the baseline is applicable to the
selected virtual appliance. The link opens the Virtual Appliance Change
Log Details window.
Compliance View
Information about the compliance states of selected vSphere inventory objects against baselines and baseline
groups you aach is displayed in the Update Manager Client Compliance view.
The information is displayed in four panes.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 107
Table 111. Update Manager Tab Panes
Pane Description
Aached Baseline Groups Displays the baseline groups aached to the selected object. If you select All
Groups and Independent Baselines, all aached baselines in the Aached
Baselines pane are displayed. If you select an individual baseline group, only
the baselines in that group are displayed in the Aached Baselines pane.
Aached Baselines Displays the baselines aached to the selected object and included in the
selected baseline group.
vSphere Update Manager Installation and Administration Guide
108 VMware, Inc.
Table 111. Update Manager Tab Panes (Continued)
Pane Description
Compliance Contains a compliance graph that changes dynamically depending on the
inventory object, baseline groups, and baselines that you select. The graph
represents the percentage distribution of the virtual machines, appliances, or
hosts in a selected container object that are in a particular compliance state
against selected baselines.
If you select an individual host, virtual machine, or appliance, the color of the
graph is solid and represents a single compliance state.
Above the graph, the following compliance states are displayed:
All Applicable Total number of inventory objects for which
compliance is being calculated. This number is the
total of objects in the selected container inventory
object minus the objects for which the selected
baselines are not applicable.
The applicability of a baseline is determined on the
basis of whether the baseline is directly aached to
the virtual machine, appliance, or host, or whether it
is aached to a container object. Applicability also
depends on whether the baseline contains patches,
extensions, or upgrades that can be applied to the
selected object.
Non-Compliant Number of virtual machines, appliances, or hosts in
the selected container object that are not compliant
with at least one patch, extension, or upgrade in the
selected baselines or baseline groups.
Incompatible Number of virtual machines, appliances, or hosts in
the selected container object that cannot be
remediated against the selected baselines and
baseline groups. Incompatible state requires more
aention and investigation for determining the
reason for incompatibility. To obtain more
information about the incompatibility, view patch,
extension, or upgrade details.
Unknown Number of virtual machines, appliances, or hosts in
the selected container object that are not scanned
against at least one of the patches, extensions, or
upgrades in the selected baselines and baseline
groups.
Compliant Number of compliant virtual machines, appliances,
or hosts in the selected container object.
Boom pane The information in this pane depends on whether you select an individual
object or a container object.
If you select a container object, the boom pane of the Update Manager tab
displays the following information:
nA list of virtual machines, appliances, or hosts that meet the selections
from the Aached Baseline Groups, Aached Baselines and Compliance
panes.
nThe overall compliance of the objects against the patches, extensions, or
upgrades included in the selected baselines and baseline groups.
If you select an individual object (such as virtual machine, appliance, or
host), the boom pane of the Update Manager tab displays the following
information:
nThe number of patches, extensions, or upgrades included in the baseline
or baseline group that you select.
nThe number of staged patches or extensions to a host.
nThe overall compliance of the objects against the patches, extensions, or
upgrades included in the selected baselines and baseline groups.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 109
Table 111. Update Manager Tab Panes (Continued)
Pane Description
nThe vendor, product, version, compliance, release date as well as change
log for the selected virtual appliance against the aached upgrade
baseline.
Compliance States for Updates
In Update Manager, update stands for all patches, extensions, and upgrades that you can apply with
Update Manager. The compliance state of the updates in baselines and baseline groups that you aach to
objects in your inventory is calculated after you perform a scan of the target object.
Conflict The update conicts with either an existing update on the host or another
update in the Update Manager patch repository. Update Manager reports the
type of conict. A conict does not indicate any problem on the target object.
It just means that the current baseline selection is in conict. You can perform
scan, remediation, and staging operations. In most cases, you can take action
to resolve the conict.
Conflicting New Module The host update is a new module that provides software for the rst time,
but is in conict with either an existing update on the host or another update
in the Update Manager repository. Update Manager reports the type of
conict. A conict does not indicate any problem on the target object. It just
means that the current baseline selection is in conict. You can perform scan,
remediation, and staging operations. In most cases, you must take action to
resolve the conict.
Incompatible Hardware The hardware of the selected object is incompatible or has insucient
resources to support the update. For example, when you perform a host
upgrade scan against a 32-bit host or if a host has insucient RAM.
Installed Installed compliance state indicates that the update is installed on the target
object, and no further user action is required.
Missing Missing compliance state indicates that the update is applicable to the target
object, but not yet installed. You must perform a remediation on the target
object with this update, so that the update becomes compliant.
Missing Package This state occurs when metadata for the update is in the depot but the
corresponding binary payload is missing. The reasons can be that the
product might not have an update for a given locale; the Update Manager
patch repository is deleted or corrupt, and Update Manager no longer has
Internet access to download updates; or you have manually deleted an
upgrade package from the Update Manager repository.
New Module New module compliance state indicates that the update is a new module. An
update in this compliance state cannot be installed when it is part of a host
patch baseline. When it is part of a host extension baseline, the new module
state signies that the module is missing on the host and can be provisioned
by remediation. The compliance state of the baseline depends on the type of
baseline containing the update in new module state. If the baseline is a host
patch baseline, the overall status of the baseline is compliant. If the baseline
is a host extension baseline, the overall status of the baseline is not compliant.
vSphere Update Manager Installation and Administration Guide
110 VMware, Inc.
Not Applicable Not applicable compliance state indicates that the patch is not applicable to
the target object. A patch might be in not applicable compliance state for one
of the following reasons:
nThere are other patches in the Update Manager patch repository that
obsolete this patch.
nThe update does not apply to the target object.
Not Installable The update cannot be installed. The scan operation might succeed on the
target object, but remediation cannot be performed.
Obsoleted By Host This compliance state applies mainly to patches. The target object has a
newer version of the patch. For example, if a patch has multiple versions,
after you apply the latest version to the host, the earlier versions of the patch
are in Obsoleted By Host compliance state.
Staged This compliance state applies to host patches and host extensions. It indicates
that the update is copied from the Update Manager repository to the host,
but is not yet installed. Staged compliance state might occur only when you
scan hosts running ESXi 5.0 and later.
Unknown A patch is in unknown state for a target object until Update Manager
successfully scans the object. A scan might not succeed if the target object is
of an unsupported version, if Update Manager lacks metadata, or if the patch
metadata is corrupt.
Unsupported Upgrade The upgrade path is not possible. For example, the current hardware version
of the virtual machine is greater than the highest version supported on the
host.
Baseline and Baseline Group Compliance States
Compliance states are computed after you scan the objects in your inventory against aached baselines or
baseline groups. Update Manager computes the compliance state based on the applicability of the patches,
extensions, and upgrades contained in the aached baselines or baseline groups.
Compliant
Compliant state indicates that a vSphere object is compliant with all baselines in an aached baseline group
or with all patches, extensions, and upgrades in an aached baseline. Compliant state requires no further
action. If a baseline contains patches or upgrades that are not relevant to the target object, the individual
updates, and baselines or baseline groups that contain them, are treated as not applicable, and represented
as compliant. Compliant are also hosts with aached patch baselines containing extensions or patches in
Obsoleted By Host state.
Compliant state occurs under the following conditions:
nTarget objects are compliant with the baselines and baseline groups when all updates in the baseline or
baseline group are either installed on the target object, obsoleted by host, or are not applicable to the
target object.
nThe updates in a baseline are compliant when they are installed on the target object, or are not
applicable to the object.
Non-Compliant
Non-compliant state indicates that one or more baselines in a baseline group, or one or more patches,
extensions, or upgrades in a baseline are applicable to the target object, but are not installed (missing) on the
target. You must remediate the target object to make it compliant.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 111
When a baseline contains a non-compliant update, the overall status of the baseline is non-compliant. When
a baseline group contains a non-compliant baseline, the overall status of the baseline group is non-
compliant. The non-compliant state takes precedence over incompatible, unknown, and compliant states.
Unknown
When you aach a baseline or a baseline group to a vSphere object, and you do not scan the object, the state
of the vSphere object against the baseline or baseline group is Unknown. This state indicates that a scan
operation is required, that the scan has failed, or that you initiated a scan on an unsupported platform (for
example, you performed a VMware Tools scan on a virtual machine running on an ESX 3.5 host).
When a baseline contains updates in compliant and unknown states, the overall status of the baseline is
unknown. When a baseline group contains unknown baselines as well as compliant baselines, the overall
status of the baseline group is unknown. The unknown compliance state takes precedence over compliant
state.
Incompatible
Incompatible state requires aention and further action. You must determine the reason for incompatibility
by probing further. You can remediate the objects in this state, but there is no guarantee that the operation
will succeed. In most cases Update Manager provides sucient details for incompatibility. For more
information about incompatible compliance state, see “Incompatible Compliance State,” on page 149.
When a baseline contains updates in incompatible, compliant, and unknown states, the overall status of the
baseline is incompatible. When a baseline group contains incompatible, unknown, and compliant baselines,
the overall status of the baseline group is incompatible. The incompatible compliance state takes precedence
over compliant and unknown compliance states.
Viewing Patch Details
The Patch Details window displays a table of the patches ordered according to their compliance status with
the selected virtual machine or host.
The compliance summary above the table in the Patch Details window represents the number of the
applicable patches, missing patches (noncompliant), compliant patches, staged patches, and so on. If any of
the patches are in the incompatible state, the compliance summary displays a detailed view of the
incompatible patches. Incompatibility might be a result of a conict, missing update packages, and so on.
You can obtain complete information about a patch by double-clicking a patch in the Patch Details window.
Table 112. Patch Details Window
Option Description
Patch Name Name of the update.
Vendor Vendor of the update.
Compliance Compliance status of the patch. The state might be Missing (Non-Compliant), Not
Applicable, Unknown, Installed (Compliant), and so on.
Patch ID Vendor-assigned identication code of the update.
Severity Severity of the update. For hosts, the severity status might be Critical, General, Security,
and so on. For virtual machines, the severity might be Critical, Important, Moderate,
and so on.
Category Category of the update. The category might be Security, Enhancement, Recall, Info,
Other, and so on.
Impact The action that you must take to apply the update. This action might include rebooting
the system or puing the host into maintenance mode.
Release Date Release date of the update.
vSphere Update Manager Installation and Administration Guide
112 VMware, Inc.
Viewing Extension Details
The Extension Details window displays a table of the extensions in the order of their compliance status with
the selected host.
You can obtain complete information about an extension by double-clicking an extension in the Extension
Details window.
Table 113. Extension Details Window
Option Description
Patch Name Name of the update.
Vendor Vendor of the update.
Compliance Compliance status of the patch. The state might be Missing (Non-Compliant), Not
Applicable, Unknown, Installed (Compliant), and so on.
Patch ID Vendor-assigned identication code of the update.
Severity Severity of the update. For hosts, the severity status might be Critical, General, Security,
and so on. For virtual machines, the severity might be Critical, Important, Moderate,
and so on.
Category Category of the update. The category might be Security, Enhancement, Recall, Info,
Other, and so on.
Impact The action that you must take to apply the update. This action might include rebooting
the system or puing the host into maintenance mode.
Release Date Release date of the update.
Viewing Upgrade Details
The Upgrade Details window presents information about a specic upgrade you select.
Table 114. Host Upgrade Details Window
Option Description
Baseline Name Name of the upgrade baseline.
Baseline Type The baseline type is host upgrade.
Baseline Description Description of the baseline. If the baseline has no description, it is not displayed.
Compliance State Compliance status for the upgrade. It represents a comparison between the state of
the selected object and the upgrade baseline.
ESXi image Displays the ESXi image included in the baseline.
Product Displays the release version of the upgrade.
Version Target version of the upgrade baseline.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 113
Table 114. Host Upgrade Details Window (Continued)
Option Description
Vendor Vendor that provided the ESXi image.
Acceptance level Acceptance level of the ESXi image and included software packages. ESXi images
can be either Signed or Unsigned, indicating their level of acceptance by VMware.
Software packages included in ESXi images have the following acceptance levels:
VMware Certified The package has gone through a rigorous certication
program that veries the functionality of the feature, and
is signed by VMware with a private key. VMware
provides customer support for these packages.
VMware Accepted The package has gone through a less rigorous acceptance
test program that only veries that the package does not
destabilize the system, and is signed by VMware with a
private key. The test regimen does not validate the proper
functioning of the feature. VMware support will hand o
support calls directly to the partner.
Partner Supported The partner has signed an agreement with VMware and
has demonstrated a sound test methodology. VMware
provides a signed private/public key pair to the partner
to use for self-signing their packages. VMware support
will hand o support calls directly to the partner.
Community
Supported
The package is either unsigned, or signed by a key that is
not cross-signed by VMware. VMware does not provide
support for the package. For support, customers must
either utilize the community or contact the author of the
package.
Table 115. VMware Tools and Virtual Machine Hardware Upgrade Details Window
Option Description
Baseline Name Name of the upgrade baseline.
Baseline Type Type of the baseline. The values can be VMware Tools upgrade or virtual machine
hardware upgrade.
Baseline Description Description of the baseline.
Compliance State Compliance status for the upgrade. It represents a comparison between the state of
the selected object and the upgrade baseline.
VMware Tools Status Status of VMware Tools on the machine.
Current Hardware Version Hardware version of the virtual machine.
Target Hardware Version Target hardware version of the virtual machine.
Table 116. Virtual Appliance Change Log Details Window
Option Description
Name Name of the change.
Category Type of the change. For example, bug x or feature.
Severity Severity of the change. For example, critical or moderate.
Reference ID Unique ID in the reference le domain.
Reference Type Reference type of the change.
vSphere Update Manager Installation and Administration Guide
114 VMware, Inc.
Table 116. Virtual Appliance Change Log Details Window (Continued)
Option Description
Reference URL URL location that provides a detailed description of the change, such as a link to a
knowledge base article.
Introduced in Version of the virtual appliance in which the change was introduced.
Host Upgrade Scan Messages in Update Manager
When you scan ESXi hosts against an upgrade baseline, Update Manager runs a precheck script and
provides informative messages in the Upgrade Details window for each host. The messages notify you
about potential problems with hardware, third-party software on the host, and conguration issues, which
might prevent a successful upgrade to ESXi 6.5.
Messages that Update Manager provides correspond to error or warning codes from running the host
upgrade precheck script.
For interactive installations and upgrades performed by using the ESXi installer, the errors or warnings from
the precheck script are displayed on the nal panel of the installer, where you are asked to conrm or cancel
the installation or upgrade. For scripted installations and upgrades, the errors or warnings are wrien to the
installation log.
Update Manager provides scan result messages in the Upgrade Details window for errors or warnings from
the precheck script. To see the original errors and warnings returned by the precheck script during an
Update Manager host upgrade scan operation, review the Update Manager log le C:\Documents and
Settings\All Users\Application Data\VMware\VMware Update Manager\Logs\vmware-vum-server-
log4cpp.log.
Table 117. Scan Result Messages and Corresponding Error and Warning Codes
Scan Result Message in Update Manager Description
Host CPU is unsupported. New ESXi version
requires a 64-bit CPU with support for
LAHF/SAHF instructions in long mode.
This message appears if the host processor is 32-bit and
does not support required features.
The corresponding error code is 64BIT_LONGMODESTATUS.
Trusted boot is enabled on the host but the
upgrade does not contain the software package
esx-tboot. Upgrading the host will remove the
trusted boot feature.
This message indicates that the host upgrade scan did not
locate the esx-tboot VIB on the upgrade ISO.
The corresponding error code is TBOOT_REQUIRED
VMkernel and Service Console network interfaces
are sharing the same subnet subnet_name. This
configuration is not supported after upgrade.
Only one interface should connect to subnet
subnet_name.
Warning. An IPv4 address was found on an enabled
Service Console virtual NIC for which there is no
corresponding address in the same subnet in the vmkernel.
A separate warning appears for each such occurrence.
The corresponding error code is COS_NETWORKING.
New ESXi version requires a minimum of
core_count processor cores.
The host must have at least two cores.
The corresponding error code is CPU_CORES.
Processor does not support hardware
virtualization or it is disabled in BIOS.
Virtual machine performance may be slow.
Host performance might be impaired if the host processor
does not support hardware virtualization or if hardware
virtualization is not turned on in the host BIOS. Enable
hardware virtualization in the host machine boot options.
See your hardware vendor's documentation.
The corresponding error code is
HARDWARE_VIRTUALIZATION.
Insufficient memory, minimum size_in_MB
required for upgrade.
The host requires the specied amount of memory to
upgrade.
The corresponding error code is MEMORY_SIZE.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 115
Table 117. Scan Result Messages and Corresponding Error and Warning Codes (Continued)
Scan Result Message in Update Manager Description
Host upgrade validity checks for file_name are
not successful.
This test checks whether the precheck script itself can be
run.
The corresponding error code is PRECHECK_INITIALIZE.
The host partition layout is not suitable for
upgrade.
Upgrade is possible only if there is at most one VMFS
partition on the disk that is being upgraded and the VMFS
partition starts after sector 1843200.
The corresponding error code is PARTITION_LAYOUT.
Unsupported configuration. The le /etc/vmware/esx.conf must exist on the host.
This message indicates that the le /etc/vmware/esx.conf is
either missing, or the le data cannot be retrieved or read
correctly.
The corresponding error code is SANE_ESX_CONF.
The host does not have sufficient free space on
a local VMFS datastore to back up current host
configuration. A minimum of size_in_MB is
required.
The host disk must have enough free space to store the
ESXi 5.x conguration between reboots.
The corresponding error code is SPACE_AVAIL_CONFIG.
The upgrade is not supported for current host
version.
Upgrading to ESXi 6.5 is possible only from ESXi 5.5 and
ESXi 6.0 hosts.
The corresponding error code is SUPPORTED_ESX_VERSION.
Unsupported devices device_name found on the
host.
The script checks for unsupported devices. Some PCI
devices are not supported with ESXi 6.5.
The corresponding error code is UNSUPPORTED_DEVICES.
Host software configuration requires a reboot.
Reboot the host and try upgrade again.
To ensure a good bootbank for the upgrade, you must
reboot the hosts before remediation.
The corresponding error code is UPDATE_PENDING.
In an environment with Cisco Nexus 1000V Distributed
Virtual Switch, Update Manager displays dierent
messages in dierent situations. For details, see “Host
Upgrade Scan Messages When Cisco Nexus 1000V Is
Present,” on page 117.
If Cisco's Virtual Ethernet Module (VEM) software is found
on the host, the precheck script checks if the software is
part of the upgrade as well, and that the VEM supports the
same version of the Virtual Supervisor Module (VSM) as
the existing version on the host. If the software is missing
or is compatible with a dierent version of the VSM, the
script returns a warning and the scan result indicates the
version of the VEM software that was expected on the
upgrade ISO, and the version, if any, that was found on the
ISO.
The corresponding error code is
DISTRIBUTED_VIRTUAL_SWITCH.
The host uses an EMC PowerPath multipathing
module file_name to access storage. The host
will not be able to access such storage after
upgrade.
The script checks for installation of EMC PowerPath
software, consisting of a CIM module and a kernel module.
If either of these components is found on the host, the
script veries that matching components (CIM, VMkernel
module) also exist in the upgrade. If they do not, the script
returns a warning that indicates which PowerPath
components were expected on the upgrade ISO and which,
if any, were found.
The corresponding error code is POWERPATH.
vSphere Update Manager Installation and Administration Guide
116 VMware, Inc.
Host Upgrade Scan Messages When Cisco Nexus 1000V Is Present
When you scan a host that is managed by the Cisco Nexus 1000V virtual switch, host upgrade scan
messages provide information about problems with compliance between the VEM modules installed on the
host and the modules available on the ESXi 6.0 image.
Update Manager supports Cisco Nexus 1000V, a virtual access software switch that works with VMware
vSphere and consists of two components.
Virtual Supervisor
Module (VSM)
The control plane of the switch and a virtual machine that runs NX-OS.
Virtual Ethernet Module
(VEM)
A virtual line card embedded in ESXi hosts.
Update Manager determines whether a host is managed by Cisco Nexus 1000V. Update Manager veries
whether Cisco Nexus 1000V VEM VIBs in the ESXi upgrade image are compatible with the Cisco Nexus
1000V VSM managing the host.
By using vSphere ESXi Image Builder, you can create custom ESXi images, which contain third-party VIBs
that are required for a successful remediation operation.
Table 118. Host Upgrade Scan Messages for the Cisco Nexus 1000V network switch
Host Upgrade Scan Message Description
The upgrade does not contain any Cisco Nexus
1000V software package that is compatible with
the Cisco Nexus 1000V software package on the
host. Upgrading the host will remove the
feature from the host.
A VEM VIB is not available on the ESXi 6.0 upgrade image.
The host is currently added to a Cisco Nexus
1000V virtual network switch. The upgrade
contains a Cisco Nexus 1000V software package
VIB_name that is incompatible with the Cisco
Nexus 1000V VSM. Upgrading the host will remove
the feature from the host.
The VEM VIB on the ESXi 6.0 upgrade image is not
compatible with the version of the VSM.
The host is currently added to a Cisco Nexus
1000V virtual network switch. The upgrade does
not contain any Cisco Nexus 1000V software
package that is compatible with the Cisco Nexus
1000V VSM. Upgrading the host will remove the
feature from the host.
The host and the image do not contain VEM VIBs, but the
host is still listed in vCenter Server as managed by Cisco
Nexus 1000V.
Cannot determine whether the upgrade breaks
Cisco Nexus 1000V virtual network switch
feature on the host. If the host does not have
the feature, you can ignore this warning.
There was a problem with determining compatibility
between the VEM VIB on the ESXi 6.0 upgrade image and
the VSM. Check whether the version of the VSM managing
the host is certied as being compatible with
vCenter Server 6.0 and ESXi 6.0.
Chapter 11 Scanning vSphere Objects and Viewing Scan Results
VMware, Inc. 117
VMware Tools Status
For VMware Tools, the Upgrade Details window provides information about both compliance state and
status. The status indicates whether the current version of VMware Tools is installed or supported and
whether upgrades are available.
Table 119. VMware Tools Status
VMware Tools Status Description Compliance State
VMware Tools version is
compliant.
The VMware Tools version is recent and
supported.
Remediation is not required.
Compliant
VMware Tools is installed,
supported, and newer than the
version available on the host.
VMware Tools is installed on a machine
that is running on an earlier ESXi version.
Remediation is not required.
Compliant
VMware Tools is installed and
supported, but a newer version is
available on the host.
An earlier supported version of
VMware Tools is installed on the virtual
machine.
You can upgrade VMware Tools, but the
existing earlier version is also supported.
Non-Compliant
VMware Tools is installed, but
the installed version has a known
issue and should be immediately
upgraded.
A serious issue is present in the
VMware Tools version that is installed on
the machine.
You must remediate the virtual machine
against a VMware Tools upgrade baseline.
Non-Compliant
VMware Tools is installed, but
the version is too new to work
correctly with this virtual
machine.
The existing newer version might cause
problems on the virtual machine.
You must remediate the virtual machine
against a VMware Tools upgrade baseline,
to downgrade to a supported version.
Non-Compliant
VMware Tools is installed, but
the version is too old.
The VMware Tools version is no longer
supported.
You must remediate the virtual machine
against a VMware Tools upgrade baseline.
Non-Compliant
VMware Tools is not installed. VMware Tools is not present on the virtual
machine.
You must install VMware Tools by using
the vSphere Web Client.
Incompatible
VMware Tools is not managed by
vSphere.
VMware Tools is installed by using
operating system specic packages that
cannot be upgraded with Update Manager.
To upgrade VMware Tools by using
Update Manager, you must install
VMware Tools from the
vSphere Web Client.
Incompatible
Status is empty. The virtual machine has not been scanned. Unknown
vSphere Update Manager Installation and Administration Guide
118 VMware, Inc.
Remediating vSphere Objects 12
You can remediate virtual machines, virtual appliances, and hosts using either user-initiated remediation or
scheduled remediation at a time that is convenient for you.
You can remediate virtual machines and appliances together.
If your vCenter Server is connected to other vCenter Server systems by a common vCenter Single Sign-On
domain, you can remediate only the inventory objects managed by the vCenter Server system with which
Update Manager is registered.
To remediate vSphere objects, you need the Remediate to Apply Patches, Extensions, and Upgrades
privilege. For more information about managing users, groups, roles, and permissions, see the vCenter Server
and Host Management. For a list of Update Manager privileges and their descriptions, see “Update Manager
Privileges,” on page 84.
This chapter includes the following topics:
n“Orchestrated Upgrades of Hosts and Virtual Machines,” on page 119
n“Remediating Hosts,” on page 120
n“Remediating Virtual Machines and Virtual Appliances,” on page 135
n“Scheduling Remediation for Hosts, Virtual Machines, and Virtual Appliances,” on page 138
Orchestrated Upgrades of Hosts and Virtual Machines
You can perform orchestrated upgrades of hosts or virtual machines in your vSphere inventory by using
baseline groups. Baseline groups contain baselines for either hosts or virtual machines.
You can perform an orchestrated upgrade at the level of a container object or an individual object.
Orchestrated Upgrade of Hosts
Orchestrated upgrades let you apply upgrades, patches, and extensions to hosts in your inventory by using
a single host baseline group.
If the baseline group contains an upgrade baseline, Update Manager rst upgrades the hosts and then
applies the patch or extension baselines. Because the upgrade runs rst and patches are applicable to a
specic host version, the orchestrated workow ensures that patches are not lost during the upgrade.
VMware, Inc. 119
Orchestrated Upgrade of Virtual Machines
You can use an orchestrated upgrade to upgrade the virtual machine hardware and VMware Tools of all the
virtual machines in the vSphere inventory at the same time, using baseline groups containing the following
baselines:
nVM Hardware Upgrade to Match Host
nVMware Tools Upgrade to Match Host
Upgrading the virtual hardware of the virtual machines exposes new devices and capabilities to the guest
operating systems. You must upgrade VMware Tools before upgrading the virtual hardware version so that
all required drivers are updated in the guest. You cannot upgrade the virtual hardware of the virtual
machines if VMware Tools is not installed, is out of date, or is managed by third-party tools.
When you upgrade virtual machines against a baseline group containing the VM Hardware Upgrade to
Match Host baseline and the VMware Tools Upgrade to Match Host baseline, Update Manager sequences
the upgrade operations in the correct order, and VMware Tools is upgraded rst.
During the upgrade of VMware Tools, the virtual machines must be powered on. If a virtual machine is in
the powered o or suspended state before remediation, Update Manager powers it on. After the upgrade
completes, Update Manager restarts the machine and restores the original power state of the virtual
machine.
During the virtual hardware upgrade, the virtual machines must be shut down. If a virtual machine is
powered on, Update Manager powers the machine o, upgrades the virtual hardware, and then powers the
virtual machine on.
Remediating Hosts
Host remediation runs in dierent ways depending on the types of baselines you aach and whether the
host is in a cluster or not.
Remediation of Hosts in a Cluster
For ESXi hosts in a cluster, the remediation process is sequential by default. With Update Manager you can
select to run host remediation in parallel.
When you remediate a cluster of hosts sequentially and one of the hosts fails to enter maintenance mode,
Update Manager reports an error, and the process stops and fails. The hosts in the cluster that are
remediated stay at the updated level. The ones that are not remediated after the failed host remediation are
not updated. If a host in a DRS enabled cluster runs a virtual machine on which Update Manager or
vCenter Server are installed, DRS rst aempts to migrate the virtual machine running vCenter Server or
Update Manager to another host, so that the remediation succeeds. In case the virtual machine cannot be
migrated to another host, the remediation fails for the host, but the process does not stop. Update Manager
proceeds to remediate the next host in the cluster.
The host upgrade remediation of ESXi hosts in a cluster proceeds only if all hosts in the cluster can be
upgraded.
Remediation of hosts in a cluster requires that you temporarily disable cluster features such as VMware
DPM and HA admission control. You should also turn o FT if it is enabled on any of the virtual machines
on a host, and disconnect the removable devices connected to the virtual machines on a host, so that they
can be migrated with vMotion. Before you start a remediation process, you can generate a report that shows
which cluster, host, or virtual machine has the cluster features enabled. For more information, see “Cluster
Remediation Options Report,” on page 134.
vSphere Update Manager Installation and Administration Guide
120 VMware, Inc.
When you remediate a cluster of hosts in parallel, Update Manager remediates multiple hosts concurrently.
During parallel remediation, if Update Manager encounters an error when remediating a host, it ignores the
host and the remediation process continues for the other hosts in the cluster. Update Manager continuously
evaluates the maximum number of hosts it can remediate concurrently without disrupting DRS seings.
You can limit the number of concurrently remediated hosts to a specic number.
Update Manager remediates hosts that are part of a vSAN cluster sequentially even if you select the option
to remediate them in parallel. The reason is that by design only one host from a vSAN cluster can be in a
maintenance mode at any time.
For multiple clusters under a datacenter, the remediation processes run in parallel. If the remediation
process fails for one of the clusters within a datacenter, the remaining clusters are still remediated.
Remediation Against Baseline Groups
When you remediate hosts against baseline groups containing an upgrade baseline and patch or extension
baselines, the upgrade is performed rst.
Host Upgrade Remediation
When you upgrade an ESXi 5.5 and ESXi 6.0 host to ESXi 6.5, all supported custom VIBs remain intact on the
host after the upgrade, regardless of whether the VIBs are included in the installer ISO.
You can upgrade hosts by using custom ESXi images that contain third-party modules for ESXi 6.5. In such a
case, third-party modules that are compatible with ESXi 6.5 are available on the upgraded host.
Host upgrade in a high-latency network in which Update Manager and the hosts are at dierent locations
might take a few hours because the upgrade le is copied from the Update Manager server repository to the
host before the upgrade. During this time, the host stays in maintenance mode.
I After you have upgraded your host to ESXi 6.5, you cannot roll back to your version ESXi 5.5.x
or ESXi 6.0.x software. Back up your host conguration before performing an upgrade. If the upgrade fails,
you can reinstall the ESXi 5.5.x or ESXi 6.0.x software that you upgraded from, and restore your host
conguration. For more information about backing up and restoring your ESXi conguration, see vSphere
Upgrade.
Update Manager 6.5 supports upgrade from ESXi 5.5.x and ESXi 6.0.x to ESXi 6.5.
Host Patch Remediation
Update Manager handles host patches in the following ways:
nIf a patch in a patch baseline requires the installation of another patch, Update Manager detects the
prerequisite in the patch repository and installs it together with the selected patch.
nIf a patch is in conict with other patches that are installed on the host, the conicting patch might not
be installed or staged. However, if another patch in the baseline resolves the conicts, the conicting
patch is installed. For example, consider a baseline that contains patch A and patch C, and patch A
conicts with patch B, which is already installed on the host. If patch C obsoletes patch B, and patch C
is not in conict with patch A, the remediation process installs patches A and C.
nIf a patch is in conict with the patches in the Update Manager patch repository and is not in conict
with the host, after a scan, Update Manager reports this patch as a conicting one. You can stage and
apply the patch to the host.
nWhen multiple versions of the same patch are selected, Update Manager installs the latest version and
skips the earlier versions.
During patch remediation, Update Manager automatically installs the prerequisites of patches.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 121
With Update Manager 6.5, you can remediate hosts of version ESXi 5.5 and ESXi 6.0 against oine bundles
that you have imported manually.
You can stage patches before remediation to reduce host downtime.
Host Extension Remediation
During extension remediation, Update Manager does not automatically install the prerequisites of the
extension. This might cause some remediation operations to fail. If the missing prerequisite is a patch, you
can add it to a patch baseline. If the missing prerequisite is an extension, you can add it to the same or
another extension baseline. You can then remediate the host against the baseline or baselines that contain the
prerequisite and the original extension. For more information about troubleshooting failures of host
extension remediation or staging, see “Host Extension Remediation or Staging Fails Due to Missing
Prerequisites,” on page 146.
Remediation of PXE Booted ESXi Hosts
Update Manager 6.0 lets you to remediate PXE booted ESXi hosts. Update Manager does not apply patches
that require a reboot to PXE booted ESXi hosts.
If there is any additional software installed on the PXE booted ESXi host, the software might be lost if the
host restarts. You should update your image prole with the additional software so that it will be present
after the reboot.
Remediation Specifics of ESXi Hosts
For ESXi hosts, updates are all-inclusive. The most recent update contains the patches from all previous
releases.
The ESXi image on the host maintains two copies. The rst copy is in the active boot and the second one is in
the standby boot. When you patch an ESXi host, Update Manager creates a new image based on the content
of the active boot and the content of the patch. The new ESXi image is then located in the standby boot and
Update Manager designates the active boot as the standby boot and reboots the host. When the ESXi host
reboots, the active boot contains the patched image and the standby boot contains the previous version of
the ESXi host image.
When you upgrade an ESXi host, Update Manager replaces the backup image of the host with the new
image and replaces the active boot and the standby boot. During the upgrade, the layout of the disk hosting
the boots changes. The total disk space for an ESXi host remains 1GB, but the disk partition layout within
that 1GB disk space changes to accommodate the new size of the boots where the ESXi 6.0 images will be
stored.
For purposes of rollback, the term update refers to all ESXi patches, updates, and upgrades. Each time you
update an ESXi host, a copy of the previous ESXi build is saved on your host.
If an update fails and the ESXi 6.0 host cannot boot from the new build, the host reverts to booting from the
original boot build. ESXi permits only one level of rollback. Only one previous build can be saved at a time.
In eect, each ESXi 6.0 host stores up to two builds, one boot build and one standby build.
Remediation of ESXi 5.5 and 6.0 hosts to their respective ESXi update releases is a patching process, while
the remediation of ESXi hosts from version 5.5 or 6.0 to 6.5 is an upgrade process.
Remediating Hosts That Contain Third-Party Software
Hosts might contain third-party software, such as Cisco Nexus 1000V VEMs or EMC PowerPath modules.
When you upgrade an ESXi 5.5 or ESXi 6.0 host to ESXi 6.5, all supported custom VIBs are migrated,
regardless of whether the VIBs are included in the installer ISO.
If the host or the installer ISO image contains a VIB that creates a conict and prevents the upgrade, an error
message identies the VIB that created the conict.
vSphere Update Manager Installation and Administration Guide
122 VMware, Inc.
To discover potential problems with third-party software before an upgrade operation, scan the hosts
against an upgrade baseline and review the scan messages in the Update Manager Compliance view. See
“Host Upgrade Scan Messages in Update Manager,” on page 115 and “Host Upgrade Scan Messages When
Cisco Nexus 1000V Is Present,” on page 117.
For information about upgrading with third-party customization, see the vSphere Upgrade documentation.
For information about using vSphere ESXi Image Builder to make a custom ISO, see the vSphere Installation
and Setup documentation.
Remediating ESXi 5.5 or ESXi 6.0 Hosts Against ESXi 6.5 Image
When you upgrade an ESXi 5.5 or ESXi 6.0 host to ESXi 6.5, all supported custom VIBs remain intact on the
host after the upgrade, regardless of whether the VIBs are included in the installer ISO.
When you perform a host scan, the target host is scanned against a set of VIBs from the upgrade image. If
you scan hosts against an upgrade baseline that contains an ISO image of the same version as the target
host, Update Manager displays Compliant or Non-compliant scan result. If the upgrade image is the basic
one distributed by VMware, or is a custom ISO image that contains the same set of VIBs as the ones already
installed on the target host, the scan result is Compliant. If the upgrade ISO contains VIBs that are of
dierent kind or version than the target host, the scan result is Non-compliant.
The remediation process of ESXi 5.5 or ESXi 6.0 host to ESXi 6.5 image is an upgrade process.
You can also use an ISO 6.5 image in an upgrade operation of an ESXi 6.5 host. The remediation process of
ESXi 6.5 host by using ESXi 6.5 image with additional VIBs is equivalent to a patching process. Because the
upgrade image is of the same version as the target host, with completing the upgrade operation the
additional VIBs are added to the target host.
Table 121. Scan and Remediation Situations for ESXi 5.5 and ESXi 6.0 Hosts Against ESXi 6.5 Images
Action Description
Scan and remediation of ESXi 5.5 or ESXi 6.0 hosts against
ESXi 6.5 image that contains additional non-conicting and
non-obsoleting VIBs with the target host.
Update Manager displays Non-Compliant scan result.
Remediation succeeds. All VIBs on the target host before
remediation remain on the host. All VIBs from the upgrade
image that are not present on the target host before
remediation are added to the host.
Scan and remediation of ESXi 5.5 or ESXi 6.0 hosts against
ESXi 6.5 image that contains VIBs of later version than the
same VIBs on the target host.
Update Manager displays Non-Compliant scan result.
Remediation succeeds. VIBs on the target host are updated
to the later version.
Scan and remediation of ESXi 5.5 or ESXi 6.0 hosts against
ESXi 6.5 image that contains conicting VIBs with the
target host.
Update Manager displays Incompatible scan result.
Remediation fails. The host remains intact.
Scan and remediation of ESXi 5.5 or ESXi 6.0 hosts against
ESXi 6.5 image that contains vendor-tagged VIBs.
nIf the vendor-tagged VIBs do not match the host
hardware, Update Manager displays Incompatible scan
result. Remediation fails.
nIf the vendor-tagged VIBs match the host hardware,
Update Manager displays Non-Compliant scan result
and remediation succeeds.
Scan and remediation of ESXi 5.5 or ESXi 6.0 hosts against
an ESXi 6.5 image that contains VIBs that obsolete the VIBs
installed on the host.
Remediation succeeds. All VIBs that have been installed on
the target host before remediation are replaced by the
newer VIBs from the ESXi image.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 123
Remediation Specifics of Hosts That Are Part of a vSAN Cluster
There are some specics about remediating hosts that are part of a vSAN cluster.
By design only one host from a vSAN cluster can be in a maintenance mode at any time. Because of that the
host remediation process might take extensive amount of time to complete since Update Manager must
handle the remediation of the hosts sequentially. Update Manager remediates hosts that are part of a vSAN
cluster sequentially even if you select the option to remediate them in parallel.
If the vSAN cluster has a system managed baseline aached by default, you can remediate the cluster
against the baseline to bring all the ESXi hosts in a compliant state, and to install the latest software
recommended by vSAN.
You have several ways to remediate a host that is part of a vSAN cluster, depending on how you want the
virtual machines handled on the host:
nYou can put the host in maintenance mode from the vSphere Web Client, and remediate the host by
using Update Manager.
nYou can have a host entering maintenance mode during the Update Manager remediation process.
From the vSphere Web Client you can select between multiple options when puing a host from a vSAN
cluster in maintenance mode: Ensure accessibility, Full data evacuation, and No data evacuation. The Ensure
accessibility option is the default option, and means that when you put a host in maintenance mode, the
vSAN ensures that all accessible virtual machines on this host remain accessible. To learn more about each
of the options, see the Place a Member of vSAN Cluster in Maintenance Mode topic from vSphere Storage guide.
When you put a host from a vSAN cluster into maintenance mode, you must conrm a maintenance mode
warning message. Before conrming the message, you can select to move powered o and suspended
virtual machines to other hosts in the cluster, but you have no options on how to handle the powered on
virtual machines on the host. The powered on virtual machines are automatically handled equivalently to
the default Ensure accessibility option.
When you use the Update Manager, the remediation process might put the host from the vSAN cluster in
maintenance mode, which would handle the virtual machines on the host in the manner of the default
Ensure accessibility option.
If a host is a member of a vSAN cluster, and any virtual machine on the host uses a VM storage policy with a
seing for "Number of failures to tolerate=0", the host might experience unusual delays when entering
maintenance mode. The delay occurs because vSAN has to migrate the virtual machine data from one disk
to another in the vSAN datastore cluster. Delays might take up to hours. You can work around this by
seing the "Number of failures to tolerate=1" for the VM storage policy, which results in creating two copies
of the virtual machine les in the vSAN datastore.
Remediating vSAN Clusters Against System Managed Baselines
vSAN creates system managed baselines that you can use with Update Manager to upgrade the hosts in
vSAN clusters to the latest supported ESXi version, patch the hosts with critical patches, and install drivers.
The system managed baselines appear automatically in Update Manager Compliance view if you are using
vSAN clusters that contain hosts of ESXi version 6.0 Update 2 and later. If your vSphere environment does
not contain any vSAN clusters, no system managed baselines are generated.
System baselines can be any of the following types:
nUpgrade baseline that consists of the latest supported ESXi upgrade image for your vSAN cluster.
nPatch baseline that consists of recommended critical patches for the ESXi hosts in your vSAN cluster.
nDriver baseline that consists of recommended drivers for the ESXi hosts in your vSAN cluster.
You cannot edit or delete a system managed baseline. You also cannot add it to custom baseline groups.
vSphere Update Manager Installation and Administration Guide
124 VMware, Inc.
A combination between a patch, a driver, or an upgrade system managed baseline is automatically bundled
in a vSAN system baseline group. For each vSAN cluster in the vSphere inventory, Update Manager
displays a single system baseline group.
Update Manager runs automatic check once every 24 hours and downloads any new critical patches,
drivers, or upgrade images related to vSAN that are available on VMware Cloud. VMware Cloud stores the
Hardware Compatibility List for vSAN and the vSAN release catalog. After refreshing the baselines,
Update Manager automatically performs a scan operation on the vSAN clusters against the updated system
baselines.
Operations such as adding and removing hosts from an existing vSAN cluster also trigger refresh of the
aached system baseline, followed by a scan operation of the cluster.
If the vSAN cluster is in compliant state, no further actions are needed.
If the vSAN cluster is in non-compliant state against the system baseline, Update Manager does not
automatically initiate remediation. You decide when to remediate the cluster, and can start the process
manually.
System Requirements for Using vSAN System Managed Baselines
nvCenter Server 6.5 Update 1 that runs on Windows.
nUpdate Manager 6.5 Update 1 that runs Windows and is connected to vCenter Server 6.5 Update 1.
nvSAN cluster that contains hosts of ESXi version 6.0 Update 2 and later.
nConstant access of the Update Manager host machine to the Internet.
nAccount in the My VMware portal (my.vmware.com) to access VMware Cloud.
Stage Patches and Extensions to ESXi Hosts
Staging allows you to download the patches and extensions from the Update Manager server to the ESXi
hosts, without applying the patches and extensions immediately. Staging patches and extensions speeds up
the remediation process because the patches and extensions are already available locally on the hosts.
You can reduce the downtime during remediation, by staging patches and extensions whose installation
requires that a host enters maintenance mode. Staging patches and extensions itself does not require that the
hosts enter maintenance mode.
Patches cannot be staged if they are obsoleted by patches in the baselines or baseline groups for the same
stage operation. Update Manager stages only patches that it can install in a subsequent remediation process,
based on the present scan results of the host. If a patch is obsoleted by patches in the same selected patch set,
the obsoleted patch is not staged.
If a patch is in conict with the patches in the Update Manager patch repository and is not in conict with
the host, after a scan, Update Manager reports this patch as a conicting one. You can stage the patch to the
host and after the stage operation, Update Manager reports this patch as staged.
During the stage operation, Update Manager performs prescan and postscan operations, and updates the
compliance state of the baseline.
After you stage patches or extensions to hosts, you should remediate the hosts against all staged patches or
extensions.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 125
After a successful remediation of hosts, the host deletes all staged patches or extensions from its cache
regardless of whether they were applied during the remediation. The compliance state of patches or
extensions that were staged but not applied to the to the hosts reverts from Staged to its previous value.
I Staging patches and extensions is supported for hosts that are running ESXi 5.0 and later. You
can stage patches to PXE booted ESXi hosts, but if the host is restarted prior to remediation, the staged
patches will be lost and you will have to stage them again.
Prerequisites
To stage patches or extensions to hosts, rst aach a patch or extension baseline or a baseline group
containing patches and extensions to the host.
To stage patches or extensions to ESXi hosts, you need the Stage Patches and Extensions privilege. For more
information about managing users, groups, roles, and permissions, see vCenter Server and Host Management.
For a list of Update Manager privileges and their descriptions, see “Update Manager Privileges,” on
page 84.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 From the inventory object navigator, select a data center, a cluster, or a host, and click the Update
Manager tab.
3 Click Stage.
The Stage Patches wizard opens.
4 On the Baseline Selection page of the Stage wizard, select the patch and extension baselines to stage.
5 Select the hosts where patches and extensions will be applied and click Next.
If you select to stage patches and extensions to a single host, it is selected by default.
6 (Optional) Deselect the patches and extensions to exclude from the stage operation.
7 (Optional) To search within the list of patches and extensions, enter text in the text box in the upper-
right corner.
8 Click Next.
9 Review the Ready to Complete page and click Finish.
The number of the staged patches and extensions for the specic host is displayed in the Patches and
Extensions columns in the boom pane of the Update Manager tab.
After a remediation is successfully completed, all staged patches and extensions, whether installed or not
during the remediation, are deleted from the host.
Remediate Hosts Against Patch or Extension Baselines
You can remediate hosts against aached patch or extension baselines.
The remediation process for host extension baselines is similar to the remediation process for host patch
baselines. You can remediate a host against a single baseline or multiple baselines of the same type. To
remediate against baselines of dierent types, you must create a baseline group. For more information about
remediating hosts against baseline groups containing host upgrade, patch, and extension baselines, see
“Remediate Hosts Against Baseline Groups,” on page 132.
vSphere Update Manager Installation and Administration Guide
126 VMware, Inc.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 Select Home > Hosts and Clusters.
3 From the inventory object navigator, select a data center, a cluster, or a host, and click the Update
Manager tab.
4 Click Remediate.
If you selected a container object, all hosts under the selected object are remediated.
The Remediate wizard opens.
5 Select Patch Baselines or Extension Baselines depending on what type of update you want to perform
on the host.
6 On the Select baseline page of the Remediate wizard, select the baseline group and baselines to apply.
7 Select the target hosts that you want to remediate and click Next.
If you have chosen to remediate a single host and not a container object, the host is selected by default.
8 (Optional) On the Patches and Extensions page, deselect specic patches or extensions to exclude them
from the remediation process, and click Next.
9 (Optional) On the Advanced options page, select the option to schedule the remediation to run later,
and specify a unique name and an optional description for the task.
The time you set for the scheduled task is the time of the vCenter Server instance to which
Update Manager is connected.
10 (Optional) On the Advanced options page, select the option to ignore warnings about unsupported
devices on the host, or no longer supported VMFS datastore to continue with the remediation.
11 Click Next.
12 On the Host Remediation Options page, from the Power state drop-down menu, you can select the
change in the power state of the virtual machines and virtual appliances that are running on the hosts to
be remediated.
Option Description
Power Off virtual machines Power o all virtual machines and virtual appliances before remediation.
Suspend virtual machines Suspend all running virtual machines and virtual appliances before
remediation.
Do Not Change VM Power State Leave virtual machines and virtual appliances in their current power state.
A host cannot enter maintenance mode until virtual machines on the host
are powered o, suspended, or migrated with vMotion to other hosts in a
DRS cluster.
Some updates require that a host enters maintenance mode before remediation. Virtual machines and
appliances cannot run when a host is in maintenance mode.
To reduce the host remediation downtime at the expense of virtual machine availability, you can choose
to shut down or suspend virtual machines and virtual appliances before remediation. In a DRS cluster,
if you do not power o the virtual machines, the remediation takes longer but the virtual machines are
available during the entire remediation process, because they are migrated with vMotion to other hosts.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 127
13 (Optional) Select Disable any removable media devices connected to the virtual machine on the host.
Update Manager does not remediate hosts on which virtual machines have connected CD, DVD, or
oppy drives. In cluster environments, connected media devices might prevent vMotion if the
destination host does not have an identical device or mounted ISO image, which in turn prevents the
source host from entering maintenance mode.
After remediation, Update Manager reconnects the removable media devices if they are still available.
14 (Optional) Select Retry entering maintenance mode in case of failure, specify the number of retries,
and specify the time to wait between retries.
Update Manager waits for the retry delay period and retries puing the host into maintenance mode as
many times as you indicate in Number of retries eld.
15 (Optional) Select the check box under ESXi Patch Seings to enable Update Manager to patch powered
on PXE booted ESXi hosts.
This option appears only when you remediate hosts against patch or extension baselines.
16 Click Next.
17 If you remediate hosts in a cluster, edit the cluster remediation options, and click Next.
The Cluster remediation options page is available only when you remediate clusters.
Option Details
Disable Distributed Power
Management (DPM) if it is enabled
for any of the selected clusters.
Update Manager does not remediate clusters with active DPM.
DPM monitors the resource use of the running virtual machines in the
cluster. If sucient excess capacity exists, DPM recommends moving
virtual machines to other hosts in the cluster and placing the original host
into standby mode to conserve power. Puing hosts into standby mode
might interrupt remediation.
Disable High Availability admission
control if it is enabled for any of the
selected clusters.
Update Manager does not remediate clusters with active HA admission
control.
Admission control is a policy used by VMware HA to ensure failover
capacity within a cluster. If HA admission control is enabled during
remediation, the virtual machines within a cluster might not migrate with
vMotion.
Disable Fault Tolerance (FT) if it is
enabled. This affects all fault
tolerant virtual machines in the
selected clusters.
If FT is turned on for any of the virtual machines on a host,
Update Manager does not remediate that host.
For FT to be enabled, the hosts on which the Primary and Secondary
virtual machines run must be of the same version and must have the same
patches installed. If you apply dierent patches to these hosts, FT cannot
be re-enabled.
vSphere Update Manager Installation and Administration Guide
128 VMware, Inc.
Option Details
Enable parallel remediation for the
hosts in the selected clusters.
Remediate hosts in clusters in a parallel manner. If the seing is not
selected, Update Manager remediates the hosts in a cluster sequentially.
You can select one of the following options for parallel remediation:
nYou can let Update Manager continuously evaluate the maximum
number of hosts it can remediate concurrently without disrupting DRS
seings.
nYou can specify a limit of the number of concurrently remediated hosts
in each cluster you remediate.
N Update Manager remediates concurrently only the hosts on which
virtual machines are powered o or suspended. You can choose to power
o or suspend virtual machines from the VM Power State menu in the
Maintenance Mode Options pane on the Host Remediation Options page.
By design only one host from a vSAN cluster can be in a maintenance
mode at any time. Update Manager remediates hosts that are part of a
vSAN cluster sequentially even if you select the option to remediate them
in parallel.
Migrate powered off and suspended
virtual machines to other hosts in
the cluster, if a host must enter
maintenance mode.
Update Manager migrates the suspended and powered o virtual
machines from hosts that must enter maintenance mode to other hosts in
the cluster. You can choose to power o or suspend virtual machines
before remediation in the Maintenance Mode Seings pane.
18 (Optional) On the Ready to complete page, click Pre-check Remediation to generate a cluster
remediation options report, and click OK.
A Cluster Remediation Options Report dialog box opens. You can export this report, or copy the entries
for your own record.
19 Review the Ready to Complete page, and click Finish.
Remediate Hosts Against an Upgrade Baseline
You can remediate ESXi hosts against a single aached upgrade baseline at a time. You can upgrade all hosts
in your vSphere inventory by using a single upgrade baseline containing an ESXi 6.5 image .
Update Manager 6.5 supports upgrade from ESXi 5.5.x and ESXi 6.0.x to ESXi 6.5.
To upgrade hosts, use the ESXi installer image distributed by VMware with the name format VMware-
VMvisor-Installer-6.5.0-build_number.x86_64.iso or a custom image created by using vSphere ESXi
Image Builder.
Any third-party software modules on a ESXi 6.5 host will remain intact after upgrade to ESXi 6.5.
N In case of an unsuccessful upgrade from ESXi 5.5 or ESXi 6.0 to ESXi 6.5, you cannot roll back to your
previous ESXi 5.5 or ESXi 6.0 instance.
Prerequisites
To remediate a host against an upgrade baseline, aach the baseline to the host.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 Select Home > Hosts and Clusters.
3 From the inventory object navigator, select a data center, a cluster, or a host, and click the Update
Manager tab.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 129
4 Click Remediate.
If you selected a container object, all hosts under the selected object are remediated.
The Remediate wizard opens.
5 Select Upgrade Baselines.
6 On the Select baselines page of the Remediate wizard, select the upgrade baseline to apply.
7 Select the target hosts that you want to remediate and click Next.
If you have chosen to remediate a single host and not a container object, the host is selected by default.
8 On the End User License Agreement page, accept the terms, and click Next.
9 (Optional) On the Advanced options page, select the option to schedule the remediation to run later,
and specify a unique name and an optional description for the task.
The time you set for the scheduled task is the time of the vCenter Server instance to which
Update Manager is connected.
10 (Optional) On the Advanced options page, select the option to ignore warnings about unsupported
devices on the host, or no longer supported VMFS datastore to continue with the remediation.
11 Click Next.
12 On the Host Remediation Options page, from the Power state drop-down menu, you can select the
change in the power state of the virtual machines and virtual appliances that are running on the hosts to
be remediated.
Option Description
Power Off virtual machines Power o all virtual machines and virtual appliances before remediation.
Suspend virtual machines Suspend all running virtual machines and virtual appliances before
remediation.
Do Not Change VM Power State Leave virtual machines and virtual appliances in their current power state.
A host cannot enter maintenance mode until virtual machines on the host
are powered o, suspended, or migrated with vMotion to other hosts in a
DRS cluster.
Some updates require that a host enters maintenance mode before remediation. Virtual machines and
appliances cannot run when a host is in maintenance mode.
To reduce the host remediation downtime at the expense of virtual machine availability, you can choose
to shut down or suspend virtual machines and virtual appliances before remediation. In a DRS cluster,
if you do not power o the virtual machines, the remediation takes longer but the virtual machines are
available during the entire remediation process, because they are migrated with vMotion to other hosts.
13 (Optional) Select Disable any removable media devices connected to the virtual machine on the host.
Update Manager does not remediate hosts on which virtual machines have connected CD, DVD, or
oppy drives. In cluster environments, connected media devices might prevent vMotion if the
destination host does not have an identical device or mounted ISO image, which in turn prevents the
source host from entering maintenance mode.
After remediation, Update Manager reconnects the removable media devices if they are still available.
14 (Optional) Select Retry entering maintenance mode in case of failure, specify the number of retries,
and specify the time to wait between retries.
Update Manager waits for the retry delay period and retries puing the host into maintenance mode as
many times as you indicate in Number of retries eld.
vSphere Update Manager Installation and Administration Guide
130 VMware, Inc.
15 (Optional) Select the check box under ESXi Patch Seings to enable Update Manager to patch powered
on PXE booted ESXi hosts.
This option appears only when you remediate hosts against patch or extension baselines.
16 Click Next.
17 If you remediate hosts in a cluster, edit the cluster remediation options, and click Next.
The Cluster remediation options page is available only when you remediate clusters.
Option Details
Disable Distributed Power
Management (DPM) if it is enabled
for any of the selected clusters.
Update Manager does not remediate clusters with active DPM.
DPM monitors the resource use of the running virtual machines in the
cluster. If sucient excess capacity exists, DPM recommends moving
virtual machines to other hosts in the cluster and placing the original host
into standby mode to conserve power. Puing hosts into standby mode
might interrupt remediation.
Disable High Availability admission
control if it is enabled for any of the
selected clusters.
Update Manager does not remediate clusters with active HA admission
control.
Admission control is a policy used by VMware HA to ensure failover
capacity within a cluster. If HA admission control is enabled during
remediation, the virtual machines within a cluster might not migrate with
vMotion.
Disable Fault Tolerance (FT) if it is
enabled. This affects all fault
tolerant virtual machines in the
selected clusters.
If FT is turned on for any of the virtual machines on a host,
Update Manager does not remediate that host.
For FT to be enabled, the hosts on which the Primary and Secondary
virtual machines run must be of the same version and must have the same
patches installed. If you apply dierent patches to these hosts, FT cannot
be re-enabled.
Enable parallel remediation for the
hosts in the selected clusters.
Remediate hosts in clusters in a parallel manner. If the seing is not
selected, Update Manager remediates the hosts in a cluster sequentially.
You can select one of the following options for parallel remediation:
nYou can let Update Manager continuously evaluate the maximum
number of hosts it can remediate concurrently without disrupting DRS
seings.
nYou can specify a limit of the number of concurrently remediated hosts
in each cluster you remediate.
N Update Manager remediates concurrently only the hosts on which
virtual machines are powered o or suspended. You can choose to power
o or suspend virtual machines from the VM Power State menu in the
Maintenance Mode Options pane on the Host Remediation Options page.
By design only one host from a vSAN cluster can be in a maintenance
mode at any time. Update Manager remediates hosts that are part of a
vSAN cluster sequentially even if you select the option to remediate them
in parallel.
Migrate powered off and suspended
virtual machines to other hosts in
the cluster, if a host must enter
maintenance mode.
Update Manager migrates the suspended and powered o virtual
machines from hosts that must enter maintenance mode to other hosts in
the cluster. You can choose to power o or suspend virtual machines
before remediation in the Maintenance Mode Seings pane.
18 (Optional) On the Ready to complete page, click Pre-check Remediation to generate a cluster
remediation options report, and click OK.
A Cluster Remediation Options Report dialog box opens. You can export this report, or copy the entries
for your own record.
19 Review the Ready to Complete page, and click Finish.
N In the Recent Tasks pane, the remediation task is displayed and will remain at about 22 percent for
most of the process. The process is still running and will take approximately 15 minutes to complete.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 131
Remediate Hosts Against Baseline Groups
You can remediate hosts against aached groups of upgrade, patch, and extension baselines. Baseline
groups might contain multiple patch and extension baselines, or an upgrade baseline combined with
multiple patch and extension baselines.
You can perform an orchestrated upgrade by using a host baseline group. The upgrade baseline in the
baseline group runs rst, followed by patch and extension baselines.
Prerequisites
Ensure that at least one baseline group is aached to the host.
Procedure
1 Use the vSphere Web Client to log in to a vCenter Server Appliance, or to a vCenter Server system with
which Update Manager is registered.
2 Select Home > Hosts and Clusters.
3 From the inventory object navigator, select a data center, a cluster, or a host, and click the Update
Manager tab.
4 Click Remediate.
If you selected a container object, all hosts under the selected object are remediated.
The Remediate wizard opens.
5 On the Select baseline page of the Remediate wizard, select the baseline group and baselines to apply.
6 Select the target hosts that you want to remediate and click Next.
If you have chosen to remediate a single host and not a container object, the host is selected by default.
7 On the End User License Agreement page, accept the terms, and click Next.
8 (Optional) On the Patches and Extensions page, deselect specic patches or extensions to exclude them
from the remediation process, and click Next.
9 (Optional) On the Advanced options page, select the option to schedule the remediation to run later,
and specify a unique name and an optional description for the task.
The time you set for the scheduled task is the time of the vCenter Server instance to which
Update Manager is connected.
10 (Optional) On the Advanced options page, select the option to ignore warnings about unsupported
devices on the host, or no longer supported VMFS datastore to continue with the remediation.
11 Click Next.
vSphere Update Manager Installation and Administration Guide
132 VMware, Inc.
12 On the Host Remediation Options page, from the Power state drop-down menu, you can select the
change in the power state of the virtual machines and virtual appliances that are running on the hosts to
be remediated.
Option Description
Power Off virtual machines Power o all virtual machines and virtual appliances before remediation.
Suspend virtual machines Suspend all running virtual machines and virtual appliances before
remediation.
Do Not Change VM Power State Leave virtual machines and virtual appliances in their current power state.
A host cannot enter maintenance mode until virtual machines on the host
are powered o, suspended, or migrated with vMotion to other hosts in a
DRS cluster.
Some updates require that a host enters maintenance mode before remediation. Virtual machines and
appliances cannot run when a host is in maintenance mode.
To reduce the host remediation downtime at the expense of virtual machine availability, you can choose
to shut down or suspend virtual machines and virtual appliances before remediation. In a DRS cluster,
if you do not power o the virtual machines, the remediation takes longer but the virtual machines are
available during the entire remediation process, because they are migrated with vMotion to other hosts.
13 (Optional) Select Retry entering maintenance mode in case of failure, specify the number of retries,
and specify the time to wait between retries.
Update Manager waits for the retry delay period and retries puing the host into maintenance mode as
many times as you indicate in Number of retries eld.
14 (Optional) Select Disable any removable media devices connected to the virtual machine on the host.
Update Manager does not remediate hosts on which virtual machines have connected CD, DVD, or
oppy drives. In cluster environments, connected media devices might prevent vMotion if the
destination host does not have an identical device or mounted ISO image, which in turn prevents the
source host from entering maintenance mode.
After remediation, Update Manager reconnects the removable media devices if they are still available.
15 (Optional) Select the check box under ESXi Patch Seings to enable Update Manager to patch powered
on PXE booted ESXi hosts.
This option appears only when you remediate hosts against patch or extension baselines.
16 Click Next.
17 If you remediate hosts in a cluster, edit the cluster remediation options, and click Next.
The Cluster remediation options page is available only when you remediate clusters.
Option Details
Disable Distributed Power
Management (DPM) if it is enabled
for any of the selected clusters.
Update Manager does not remediate clusters with active DPM.
DPM monitors the resource use of the running virtual machines in the
cluster. If sucient excess capacity exists, DPM recommends moving
virtual machines to other hosts in the cluster and placing the original host
into standby mode to conserve power. Puing hosts into standby mode
might interrupt remediation.
Disable High Availability admission
control if it is enabled for any of the
selected clusters.
Update Manager does not remediate clusters with active HA admission
control.
Admission control is a policy used by VMware HA to ensure failover
capacity within a cluster. If HA admission control is enabled during
remediation, the virtual machines within a cluster might not migrate with
vMotion.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 133
Option Details
Disable Fault Tolerance (FT) if it is
enabled. This affects all fault
tolerant virtual machines in the
selected clusters.
If FT is turned on for any of the virtual machines on a host,
Update Manager does not remediate that host.
For FT to be enabled, the hosts on which the Primary and Secondary
virtual machines run must be of the same version and must have the same
patches installed. If you apply dierent patches to these hosts, FT cannot
be re-enabled.
Enable parallel remediation for the
hosts in the selected clusters.
Remediate hosts in clusters in a parallel manner. If the seing is not
selected, Update Manager remediates the hosts in a cluster sequentially.
You can select one of the following options for parallel remediation:
nYou can let Update Manager continuously evaluate the maximum
number of hosts it can remediate concurrently without disrupting DRS
seings.
nYou can specify a limit of the number of concurrently remediated hosts
in each cluster you remediate.
N Update Manager remediates concurrently only the hosts on which
virtual machines are powered o or suspended. You can choose to power
o or suspend virtual machines from the VM Power State menu in the
Maintenance Mode Options pane on the Host Remediation Options page.
By design only one host from a vSAN cluster can be in a maintenance
mode at any time. Update Manager remediates hosts that are part of a
vSAN cluster sequentially even if you select the option to remediate them
in parallel.
Migrate powered off and suspended
virtual machines to other hosts in
the cluster, if a host must enter
maintenance mode.
Update Manager migrates the suspended and powered o virtual
machines from hosts that must enter maintenance mode to other hosts in
the cluster. You can choose to power o or suspend virtual machines
before remediation in the Maintenance Mode Seings pane.
18 (Optional) On the Ready to complete page, click Pre-check Remediation to generate a cluster
remediation options report, and click OK.
A Cluster Remediation Options Report dialog box opens. You can export this report, or copy the entries
for your own record.
19 Review the Ready to Complete page, and click Finish.
N In the Recent Tasks pane, the remediation task is displayed and will remain at about 22 percent for
most of the process. The process is still running and will take approximately 15 minutes to complete.
Cluster Remediation Options Report
The Cluster Remediation Options Report window contains a table with name of the cluster, host, or virtual
machine on which an issue is reported, as well as recommendations on how to x the issue.
You can generate a cluster remediation report when you create a remediation task for hosts that are
contained in a cluster. You generate the report from the Cluster Remediation Options page of the Remediate
wizard.
vSphere Update Manager Installation and Administration Guide
134 VMware, Inc.
Table 122. Cluster Remediation Options Report
Current Configuration/Issue
Changes applied for
remediation Details
A CD/DVD drive is aached. Disconnect the CD/DVD drive. Any CD/DVD drives or removable devices
connected to the virtual machines on a host might
prevent the host from entering maintenance
mode. When you start a remediation operation,
the hosts with virtual machines to which
removable devices are connected are not
remediated.
A oppy drive is aached. Disconnect the oppy drive. Any oppy drives or removable devices
connected to the virtual machines on a host might
prevent the host from entering maintenance
mode. When you start a remediation operation,
the hosts with virtual machines to which
removable devices are connected are not
remediated.
HA admission control
prevents migration of the
virtual machine.
Disable HA admission control. HA admission control prevents migration of the
virtual machines with vMotion and the hosts
cannot enter maintenance mode. Disable HA
admission control on a cluster to make sure that
remediation is successful.
DPM is enabled on the cluster. Disable DPM on the cluster. DPM might put hosts into standby mode before
or during remediation and Update Manager
cannot remediate them. Disable DPM on a cluster
to ensure that the remediation process is
successful.
EVC is disabled on the cluster. Enable EVC on the cluster. EVC helps ensure vMotion compatibility between
hosts in a cluster. When enabled on compatible
hosts, EVC ensures that all hosts in a cluster
present a common set of CPU features to virtual
machines. EVC must be enabled so that the
virtual machines are migrated successfully within
the cluster during remediation.
DRS is disabled on the cluster.
This prevents migration of the
virtual machines.
Enable DRS on the cluster. DRS enables vCenter Server to automatically
place and migrate virtual machines on hosts to
aain the best use of cluster resources.
FT is enabled for a VM on a
host in the cluster. FT prevents
successful remediation.
Disable FT on the virtual machine. If FT is enabled on for any of the virtual machines
on a host, Update Manager does not remediate
that host.
Remediating Virtual Machines and Virtual Appliances
You can manually remediate virtual machines and virtual appliances at the same time against baseline
groups containing upgrade baselines. You can also schedule a remediation operation at a time that is
convenient for you.
N Update Manager supports remediation of virtual appliances and vApps created with
VMware Studio 2.0 and later.
To remediate virtual machines and virtual appliances together, they must be in one container, such as a
folder, vApp, or a datacenter. You must then aach a baseline group or a set of individual virtual appliance
or virtual machine baselines to the container. If you aach a baseline group, it can contain both virtual
machine and virtual appliance baselines. The virtual machine baselines apply to virtual machines only, and
the virtual appliance baselines apply to virtual appliances only.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 135
During remediation, virtual appliances must be able to connect to the Update Manager server. Ensure that
the proxy conguration of virtual appliances lets them connect to the Update Manager server.
With Update Manager you can remediate templates. A template is a master copy of a virtual machine that
can be used to create and provision new virtual machines.
You can set up automatic upgrades of VMware Tools on power cycle for virtual machines. For more
information, see “Upgrade VMware Tools on Power Cycle,” on page 137.
N Update Manager does not support virtual machine patch baselines.
If a host is connected to vCenter Server by using an IPv6 address, you cannot scan and remediate virtual
machines and virtual appliances that run on the host.
Remediation of VMware vCenter Server Appliance is not supported. For more information about upgrading
the virtual appliance, see the vCenter Server upgrade documentation.
Rolling Back to a Previous Version
If remediation fails, you can roll back virtual machines and appliances to their previous state.
You can congure Update Manager to take snapshots of virtual machines and appliances and to keep them
indenitely or for a specic period of time. After the remediation is completed, you can validate the
remediation and delete the snapshots if you do not need them.
N When you upgrade VMware Tools on power cycle in selected virtual machines, Update Manager
does not take a snapshot of the virtual machines before remediation and you cannot roll back. Update
Manager does not take snapshots of fault tolerant virtual machines.
Remediate Virtual Machines and Virtual Appliances
You can manually remediate virtual machines and virtual appliances immediately, or can schedule a
remediation at a time that is convenient for you.
You can perform an orchestrated upgrade by using a virtual machine baseline group. The VMware Tools
upgrade baseline runs rst, followed by the virtual machine hardware upgrade baseline.
Procedure
1 Connect the vSphere Web Client to a vCenter Server Appliance, or a vCenter Server system with which
Update Manager is registered, and select Home > vCenter Inventory Lists.
2 Select Home > VMs and Templates.
3 From the inventory object navigator, select a virtual machine, and click the Update Manager tab.
4 Click Remediate.
If you selected a container object, all virtual machines and appliances in the container are also
remediated.
5 On the Select baselines page of the Remediate wizard, select the baseline group and upgrade baselines
to apply.
6 Select the virtual machines and appliances that you want to remediate, and click Next.
7 On the Schedule page, specify a name and an optional description for the task.
The time you set for the scheduled task is the time of the vCenter Server instance to which
Update Manager is connected.
8 Enter specic times for powered on, powered o, or suspended virtual machines, or keep the selected
option to Run this action now to begin the process immediately after you complete the wizard.
vSphere Update Manager Installation and Administration Guide
136 VMware, Inc.
9 (Optional) Choose whether to upgrade VMware Tools on power cycle.
This option is active only when you perform an upgrade against a single Upgrade VMware Tools to
Match Host baseline. You can only enable VMware Tools upgrade on power cycle from the Remediate
wizard, but you cannot disable it. You can disable the seing by clicking the VMware Tools upgrade
 buon in the Update Manager Compliance view and deselecting the check box of a virtual
machine in the Edit VMware Tools upgrade seings window.
10 (Optional) Specify the rollback options.
This option is not available if you selected to upgrade VMware Tools on power cycle.
a On the Rollback Options page of the Remediate wizard, select Take a snapshot of the virtual
machines before remediation to enable rollback.
A snapshot of the virtual machine (or virtual appliance) is taken before remediation. If the virtual
machine (or virtual appliance) needs to roll back, you can revert to this snapshot.
Update Manager does not take snapshots of fault tolerant virtual machines.
If you perform a VMware Tools upgrade and select to upgrade VMware Tools on power cycle,
Update Manager takes no snapshots of the selected virtual machines before remediation.
b Specify when the snapshot should be deleted or select Don’t delete snapshots.
c Enter a name and optionally a description for the snapshot.
d (Optional) Select the Take a snapshot of the memory for the virtual machine check box.
11 Click Next.
12 Review the Ready to Complete page, and click Finish.
Upgrade VMware Tools on Power Cycle
You can automate the process to upgrade VMware Tools for the virtual machines in your inventory.
You can set up Update Manager to perform a check of the VMware Tools version when a machine is
powered on or restarted. If necessary, Update Manager upgrades VMware Tools to the latest version
supported by the host that is running the virtual machine.
When you perform a VMware Tools upgrade on power cycle, Update Manager does not take a snapshot of
the virtual machine, and you cannot roll back to the previous version.
Procedure
1 In the vSphere Web Client, select Home > VMs and Templates, and select a virtual machine, a folder, or
a virtual appliance.
2 Right-click a virtual machine, a folder, or a virtual appliance, and select Update Manager > VMware
Tools Upgrade 
The Edit VMware Tools upgrade seings wizard opens.
3 Select the virtual machines for which you want to enable VMware Tools upgrade on power cycle, and
click OK.
The next time the virtual machines are restarted or powered on, Update Manager checks the version of
VMware Tools installed in the machines and performs an upgrade, if necessary.
Chapter 12 Remediating vSphere Objects
VMware, Inc. 137
Scheduling Remediation for Hosts, Virtual Machines, and Virtual
Appliances
You can schedule the remediation process of hosts, virtual machines, and virtual appliances by using the
Remediate wizard.
You can schedule remediation for all hosts or all virtual machines in a container object from the vSphere
inventory. You can perform scheduled orchestrated upgrades of the hosts or virtual machines in a selected
container object.
To schedule remediation, you must specify a time for the remediation process on the Schedule page of the
Remediate wizard.
vCenter Server uses the clock of the vCenter Server host machine for the tasks that you schedule. If you
schedule to remediate an ESXi host that is in a dierent time zone from the vCenter Server instance, the
scheduled time you see in the Scheduled Tasks, is the time of the vCenter Server time zone, and not time
zone of the ESXi host. You can navigate to the Scheduled Tasks from the Monitor tab, under Task & Events
tab.
You cannot edit existing scheduled remediation tasks. You can remove a scheduled remediation task and
create a new one in its place.
If your vCenter Server system is connected to other vCenter Server by a common vCenter Single Sign-On
domain, and you have installed and registered more than one Update Manager instance, you can create
scheduled tasks for each vCenter Server instance. Scheduled tasks you create are specic only to the
Update Manager instance you specify and are not propagated to the other instances in the group. From the
navigation bar, you can specify an Update Manager instance by selecting the name of the vCenter Server
system with which the Update Manager instance is registered.
vSphere Update Manager Installation and Administration Guide
138 VMware, Inc.
View Update Manager Events 13
Update Manager stores data about events. You can review this event data to gather information about
operations that are in progress or are completed.
Prerequisites
Connect thevSphere Web Client to a vCenter Server system with which Update Manager is registered, and
on the Home page, click Update Manager icon.
Procedure
uIn the Update Manager Administration view, click the Events tab to get information about recent
events.
VMware, Inc. 139
vSphere Update Manager Installation and Administration Guide
140 VMware, Inc.
Patch Repository and Virtual
Appliance Upgrades 14
Update Manager stores patch and extension metadata, as well as downloaded virtual appliance upgrades in
the Update Manager repository.
You can use the patch repository to manage patches and extensions, check on new patches and extensions,
view patch and extension details, view which baseline a patch or an extension is included in, view recalled
patches, import patches, and so on.
You can use the virtual appliance repository to view change log information about the virtual appliance
upgrades and accept EULAs for the available upgrades.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single
Sign-On domain, and you have at least one Update Manager instance, you can select the Update Manager
repository that you want to view.
The patch repository and the virtual appliance upgrades are displayed in the Update Manager
Administration view.
Add or Remove Patches From a Baseline
You can edit the content of a custom patch baselines from the Update Manager Admin view.
Prerequisites
Required privileges: VMware vSphere Update Manager.Manage Baselines
Procedure
1 In the Home view of the vSphere Web Client, select the Update Manager icon.
2 From the Objects tab, select an Update Manager instance.
The Objects tab also displays all the vCenter Server system to which an Update Manager instance is
connected.
3 Click the Manage tab, and click Patch Repository.
4 Select a patch from the list, and click Add to baseline.
The Edit containing baselines dialog box opens.
5 Select the baselines in which you want to include the patch.
nTo add the patch to a baseline, select that baseline from the list.
nTo remove the patch from a baseline, deselect the baseline from the list.
N Do not deselect an already selected baseline, unless you want to remove the patch from that
baseline.
VMware, Inc. 141
6 Click OK.
vSphere Update Manager Installation and Administration Guide
142 VMware, Inc.
Troubleshooting 15
If you encounter problems when running or using Update Manager, you can use a troubleshooting topic to
understand and solve the problem, if there is a workaround.
This chapter includes the following topics:
n“Update Manager Web Client Remains Visible in the vSphere Web Client After Uninstalling Update
Manager Server,” on page 143
n“Connection Loss with Update Manager Server or vCenter Server in a Single vCenter Server System,”
on page 144
n“Gather Update Manager Log Bundles,” on page 144
n“Gather Update Manager and vCenter Server Log Bundles,” on page 145
n“Log Bundle Is Not Generated,” on page 145
n“Host Extension Remediation or Staging Fails Due to Missing Prerequisites,” on page 146
n“No Baseline Updates Available,” on page 146
nAll Updates in Compliance Reports Are Displayed as Not Applicable,” on page 147
nAll Updates in Compliance Reports Are Unknown,” on page 147
n“VMware Tools Upgrade Fails if VMware Tools Is Not Installed,” on page 147
n“ESXi Host Scanning Fails,” on page 148
n“ESXi Host Upgrade Fails,” on page 148
n“The Update Manager Repository Cannot Be Deleted,” on page 148
n“Incompatible Compliance State,” on page 149
Update Manager Web Client Remains Visible in the
vSphere Web Client After Uninstalling Update Manager Server
After you uninstall Update Manager server, the Update Manager tab might remain visible under the
Monitor tab in the vSphere Web Client.
Problem
The Scan and  buons appear active, but if you click them, the following error message appears:
There was an error connecting to VMware vSphere Update Manager.
Also after uninstallation of Update Manager server, the Update Manager installation directory might still
contain les. This does not aect future installations of Update Manager.
VMware, Inc. 143
Solution
uLog out and log in to the vSphere Web Client.
The Update Manager tab disappears from the Monitor tab in the vSphere Web Client.
Connection Loss with Update Manager Server or vCenter Server in a
Single vCenter Server System
Because of loss of network connectivity or the restart of the servers, the connection between the
Update Manager plug-in and the Update Manager server or vCenter Server system might get interrupted.
Problem
The connection between the Update Manager Client plug-in and the Update Manager server or
vCenter Server system is interrupted, when the servers are restarting or are stopped. In such a case various
symptoms are observed.
nUpdate Manager Client plug-in displays a reconnection dialog, and after 15-20 seconds, a failure
message appears. The plug-in is disabled.
nUpdate Manager Client plug-in displays a reconnection dialog. Within 15-20 seconds, the dialog
disappears, and the Client plug-in can be used.
nvSphere Client displays a reconnection dialog. After an interval, it displays the login form.
Cause
nThe Update Manager server stops and is not available for more than 15-20 seconds.
nThe Update Manager server restarts, and the service becomes available within 15-20 seconds.
nvCenter Server stops.
Solution
nIf the Update Manager server has stopped, start the Update Manager service and re-enable the
Update Manager Client plug-in.
nIf the Update Manager server has restarted, wait for it to become available.
nIf the vCenter Server service has stopped, start the vCenter Server service and enable the
Update Manager Client plug-in.
Gather Update Manager Log Bundles
You can gather information about recent events on the Update Manager server for diagnostic purposes.
Procedure
1 Log in to the machine on which Update Manager is installed.
To obtain the complete set of the logs, log in with the user name and password used for installing
Update Manager.
2 Generate the Update Manager log bundle.
nFor Microsoft Windows Server 2008, select Start > All Programs > VMware > Generate Update
Manager log bundle.
nFor Microsoft Windows Server 2012, click Start, enter Generate Update Manager log bundle, and
press Enter.
Log les are generated as a ZIP package, which is stored on the current users desktop.
vSphere Update Manager Installation and Administration Guide
144 VMware, Inc.
Gather Update Manager and vCenter Server Log Bundles
When the Update Manager server and vCenter Server are installed on the same computer, you can gather
information about recent events on the Update Manager server and vCenter Server system for diagnostic
purposes.
Procedure
1 Log in as an administrator to the computer on which vCenter Server and Update Manager are installed.
2 Generate the vCenter Server log bundle.
nFor Microsoft Windows Server 2008, select Start > All Programs > VMware > Generate vCenter
Server log bundle.
nFor Microsoft Windows Server 2012, click Start, enter Generate vCenter Server log bundle, and
click Entrer.
3 Generate the Update Manager log bundle.
nFor Microsoft Windows Server 2008, select Start > All Programs > VMware > Generate Update
Manager log bundle.
nFor Microsoft Windows Server 2012, click Start, enter Generate Update Manager log bundle, and
press Enter.
Log les for vCenter Server and Update Manager are generated as a ZIP package, which is stored on the
current users desktop.
Log Bundle Is Not Generated
Although the script seems to complete successfully, an Update Manager log bundle might not be generated.
Because of limitations in the ZIP utility that Update Manager uses, the cumulative log bundle size cannot
exceed 2 GB. If the log exceeds 2 GB, the operation might fail.
Problem
Update Manager does not generate log bundle after you run the script.
Solution
1 Log in to the machine where Update Manager runs, and open a Command Prompt window.
2 Change to the directory where Update Manager is installed.
The default location is C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
3 To run the script, and exclude the vCenter Server logs, enter the following command:
cscript vum-support.wsf /n
The /n option lets the script to skip the vCenter Server support bundle and collect only the
Update Manager log bundle.
4 Press Enter.
The Update Manager log bundle is generated as a ZIP package successfully.
Chapter 15 Troubleshooting
VMware, Inc. 145
Host Extension Remediation or Staging Fails Due to Missing
Prerequisites
Some host extension remediation or staging operations fail because Update Manager does not automatically
download and install missing prerequisites.
Problem
Host extension remediation or staging might fail.
Cause
Update Manager skips the extensions with missing prerequisites and lists the missing prerequisites as
events when it detects them during the staging and remediation operations. To proceed with staging and
remediation, you must install the prerequisites.
Solution
1 To see which prerequisites are missing, in Compliance View select Tasks & Events > Events.
2 Add the missing prerequisites manually to either an extension or a patch baseline, depending on the
type of the missing prerequisites.
3 (Optional) Create a baseline group that contains the new baseline as well as the original baseline.
4 Remediate the host against the two baselines.
No Baseline Updates Available
Baselines are based on metadata that Update Manager downloads from the VMware and third-party Web
sites.
Problem
Updates for virtual appliances and ESXi hosts might be unavailable.
Cause
nMiscongured Web server proxy.
nThird-party servers are unavailable.
nVMware update service is unavailable.
nPoor network connectivity.
Solution
nCheck the connectivity seings. For more information, see “Change the Update Manager Network
Seings,” on page 67.
nCheck the third-party Web sites to determine whether they are available.
nCheck the VMware Web site (hp://www.vmware.com) to determine whether it is available.
nCheck whether other applications that use networking are functioning as expected. Consult your
network administrator to best assess whether the network is working as expected.
vSphere Update Manager Installation and Administration Guide
146 VMware, Inc.
All Updates in Compliance Reports Are Displayed as Not Applicable
Scan results usually consist of a mix of installed, missing, and not applicable results. Not applicable entries
are only a concern when this is the universal result or when you know that the patches should be applicable.
Problem
A scan might result in all baselines being marked as Not Applicable.
Cause
This condition typically indicates an error in scanning.
Solution
1 Examine the server logs for scan tasks that are marked as failed.
2 Retry the scan operation.
All Updates in Compliance Reports Are Unknown
Scanning is the process in which you generate compliance information about vSphere objects against
aached baselines and baseline groups. The compliance statuses of objects can be All Applicable, Non
Compliant, Incompatible, Unknown, and Compliant.
Problem
All results of a scan might be listed as Unknown.
Cause
Such a condition typically indicates an error at the start of the scanning process. This might also indicate
that no scan occurred or that the object is not supported for scan.
Solution
Schedule a scan or manually start a scan.
VMware Tools Upgrade Fails if VMware Tools Is Not Installed
Update Manager upgrades only an existing installation of VMware Tools in a virtual machine running on a
host of version ESXi 5.x or later.
Problem
You cannot upgrade VMware Tools because a virtual machine in incompatible compliance state cannot be
remediated.
Cause
If no VMware Tools installation is detected on a virtual machine, a scan of the virtual machine against the
VMware Tools Upgrade to Match Host baseline or a baseline group containing this baseline results in an
incompatible compliance state of the virtual machine.
Solution
Install VMware Tools manually, or right-click the virtual machine, and select Guest > Install/Upgrade
VMware Tools.
Chapter 15 Troubleshooting
VMware, Inc. 147
ESXi Host Scanning Fails
Scanning is the process in which you generate compliance information about the vSphere objects against
aached baselines and baseline groups. In some cases, the scan of ESXi hosts might fail.
Problem
The scan process of ESXi hosts might fail.
Cause
If the VMware vSphere Update Manager Update Download task is not completed successfully after you add
a host to the vSphere inventory, no host patch metadata is downloaded.
Solution
After you add a host or a virtual machine to the vSphere inventory, run the VMware vSphere Update
Manager Update Download task before performing the scan. For more information, see “Run the VMware
vSphere Update Manager Update Download Task,” on page 83.
ESXi Host Upgrade Fails
The remediation process of an ESXi host against an upgrade baseline or a baseline group containing an
upgrade baseline might fail.
Problem
An ESXi host might fail to upgrade.
Cause
When you upgrade an ESXi host with less than 10MB of free space in its /tmp directory, although
Update Manager indicates that the remediation process completed successfully, the ESXi host is not
upgraded.
Solution
1 If you see an Agent Deploy failure, make sure that the /tmp directory has at least 10MB of free space.
2 Repeat the remediation process to upgrade the host.
The Update Manager Repository Cannot Be Deleted
When you uninstall the Update Manager server, you might want to delete the Update Manager repository.
Problem
You might not be able to delete the Update Manager repository.
Cause
The maximum number of characters that a lename (including the path) can contain on the operating
system is set to 255 by default.
As part of the patch and upgrade download process, the les that Update Manager downloads in the
Update Manager repository, might have paths that are deeper than the Windows MAX_PATH. You cannot
open, edit, or delete such les, by using Windows Explorer, for example.
vSphere Update Manager Installation and Administration Guide
148 VMware, Inc.
Map a network drive to a folder that is as deep in the folder tree of the Update Manager repository as
possible. This shortens the virtual path.
I Ensure that you have the necessary permissions on the network drive and the Update Manager
repository. Otherwise, you might not be able to delete the les from the Update Manager repository.
Solution
uMap the local folder to a network drive, in a command prompt run the following command.
subst Z: C:\Documents And Settings\All Users\Application Data\VMware\VMware Update
Manager\data\vaupgrade\
For example, if the path to the folder of the Update Manager repository where Update Manager stores
virtual appliance upgrades is the following: C:\Documents And Settings\All Users\Application
Data\VMware\VMware Update Manager\data\vaupgrade\... , and the total length of this path exceeds 255
characters, you should map a network drive to the vaupgrade directory (inclusive) or a directory deeper.
Incompatible Compliance State
After you perform a scan, the compliance state of the aached baseline might be incompatible. The
incompatible compliance state requires more aention and further action to be resolved.
Incompatibility might be caused by an update in the baseline for a number of reasons.
Conflict The update conicts with either an existing update on the host or another
update in the Update Manager patch repository. Update Manager reports the
type of conict. A conict does not indicate any problem on the target object.
It just means that the current baseline selection is in conict. You can perform
scan, remediation, and staging operations. In most cases, you can take action
to resolve the conict.
Conflicting New Module The host update is a new module that provides software for the rst time,
but is in conict with either an existing update on the host or another update
in the Update Manager repository. Update Manager reports the type of
conict. A conict does not indicate any problem on the target object. It just
means that the current baseline selection is in conict. You can perform scan,
remediation, and staging operations. In most cases, you must take action to
resolve the conict.
Missing Package This state occurs when metadata for the update is in the depot but the
corresponding binary payload is missing. The reasons can be that the
product might not have an update for a given locale; the Update Manager
patch repository is deleted or corrupt, and Update Manager no longer has
Internet access to download updates; or you have manually deleted an
upgrade package from the Update Manager repository.
Not Installable The update cannot be installed. The scan operation might succeed on the
target object, but remediation cannot be performed.
Incompatible Hardware The hardware of the selected object is incompatible or has insucient
resources to support the update. For example, when you perform a host
upgrade scan against a 32-bit host or if a host has insucient RAM.
Unsupported Upgrade The upgrade path is not possible. For example, the current hardware version
of the virtual machine is greater than the highest version supported on the
host.
Chapter 15 Troubleshooting
VMware, Inc. 149
Updates Are in Conflict or Conflicting New Module State
After you perform a successful scan, the compliance state of the aached baseline might be incompatible
because of conicting updates. The status of the update will be Conict if the update is a patch, and
Conicting New Module, if the update is a new module.
Problem
The state of the aached baseline is incompatible because an update in the baseline is in conict with either
other updates in the Update Manager patch repository or an existing update on the host.
Cause
nThe baseline contains a host update that conicts with another update already installed on the host.
nThe baseline contains a host update that conicts with other updates in the Update Manager repository.
nThe dynamic baseline criteria results in a conicting set.
nThe baseline is aached to a container object and conicts with one or more inventory objects in the
folder. This is an indirect conict.
Solution
nDetach or remove the baseline containing the update that conicts with another update already
installed on the host.
If Update Manager suggests a resolution for the conicting update, add the resolution update into the
baseline and retry the scan operation.
nOpen the Patch Details or the Extension Details window to see details about the conict and the other
updates with which the selected update is in conict.
nIf the conicting updates are in the same baseline, remove the conicting updates from the baseline
and perform the scan again.
nIf the conicting updates are not in the same baseline, ignore the conict and proceed to install the
updates by starting a remediation.
nEdit the dynamic baseline criteria or exclude the conicting patches and scan again.
If Update Manager suggests a resolution for the conicting patch, add the resolution patches into the
baseline and retry the scan operation.
nIf the conict is indirect, you can remediate the container object, but only the objects that are not in
conict are remediated. You should resolve the conicts or move the inventory objects that are in
conict, and then remediate.
Updates Are in Missing Package State
The compliance state of the aached baseline might be incompatible because packages might be missing
from updates.
Problem
When you perform a host upgrade scan, if the binary package for the host is missing or not uploaded, or if
you upload the wrong binary package, the scan fails.
Solution
1 Edit the host upgrade baseline and import the required package.
2 Repeat the scan.
vSphere Update Manager Installation and Administration Guide
150 VMware, Inc.
Updates Are in Not Installable State
After you perform a scan, the compliance state of the aached baseline might be displayed as incompatible
because of updates that cannot be installed on the object.
Problem
The state of the aached baseline is incompatible because it contains updates that cannot be installed.
Cause
nA VMware Tools Upgrade to Match Host baseline is aached to a virtual machine on which VMware
Tools is not installed. The Upgrade Details window shows the actual reason for the Incompatible state.
nA VMware Tools Upgrade to Match Host baseline is aached to a virtual machine with VMware Tools
not managed by the VMware vSphere platform. The Upgrade Details window shows the actual reason
for the Incompatible state.
Solution
nIf VMware Tools is not installed on the virtual machine, install a version of VMware Tools and retry the
scan operation.
nIf VMware Tools on the virtual machine is not managed by the VMware vSphere platform, you should
detach the baseline and perform the upgrade manually. For more information about upgrading
VMware Tools when it is packaged and distributed as OSPs, see VMware Tools Installation Guide for
Operating System Specic Packages.
Updates Are in Unsupported Upgrade State
After you perform a successful scan, the compliance state of the aached baseline might be incompatible
because of unsupported upgrade.
Problem
The state of the aached baseline is incompatible because of an unsupported upgrade.
Cause
The upgrade path for the virtual hardware of the virtual machine is not possible, because the current
hardware version is higher than the latest version supported on the host. The Upgrade Details window
shows the actual hardware version.
Solution
No workaround is available. See the upgrade details to check the current hardware version.
Chapter 15 Troubleshooting
VMware, Inc. 151
vSphere Update Manager Installation and Administration Guide
152 VMware, Inc.
Database Views 16
Update Manager uses Microsoft SQL Server and Oracle databases to store information. The database views
for Microsoft SQL Server and Oracle databases are the same.
This chapter includes the following topics:
n“VUMV_VERSION,” on page 154
n“VUMV_UPDATES,” on page 154
n“VUMV_HOST_UPGRADES,” on page 154
n“VUMV_VA_UPGRADES,” on page 155
n“VUMV_PATCHES,” on page 155
n“VUMV_BASELINES,” on page 155
n“VUMV_BASELINE_GROUPS,” on page 156
n“VUMV_BASELINE_GROUP_MEMBERS,” on page 156
n“VUMV_PRODUCTS,” on page 156
n“VUMV_BASELINE_ENTITY,” on page 157
n“VUMV_UPDATE_PATCHES,” on page 157
n“VUMV_UPDATE_PRODUCT,” on page 157
n“VUMV_ENTITY_SCAN_HISTORY,” on page 157
n“VUMV_ENTITY_REMEDIATION_HIST,” on page 158
n“VUMV_UPDATE_PRODUCT_DETAILS,” on page 158
n“VUMV_BASELINE_UPDATE_DETAILS,” on page 158
n“VUMV_ENTITY_SCAN_RESULTS,” on page 159
n“VUMV_VMTOOLS_SCAN_RESULTS,” on page 159
n“VUMV_VMHW_SCAN_RESULTS,” on page 159
n“VUMV_VA_APPLIANCE,” on page 160
n“VUMV_VA_PRODUCTS,” on page 160
VMware, Inc. 153
VUMV_VERSION
This database view contains Update Manager version information.
Table 161. VUMV_VERSION
Field Notes
VERSION Update Manager version in x.y.z format, for example 1.0.0
DATABASE_SCHEMA_VERSION Update Manager database schema version (an increasing integer
value), for example 1
VUMV_UPDATES
This database view contains software update metadata.
Table 162. VUMV_UPDATES
Field Notes
UPDATE_ID Unique ID generated by Update Manager
TYPE Entity type: virtual machine, virtual appliance, or host
TITLE Title
DESCRIPTION Description
META_UID Unique ID provided by the vendor for this update (for example,
MS12444 for Microsoft updates)
SEVERITY Update severity information: Not Applicable, Low, Moderate,
Important, Critical, HostGeneral, and HostSecurity
RELEASE_DATE Date on which this update was released by the vendor
DOWNLOAD_TIME Date and time this update was downloaded by the Update
Manager server into the Update Manager database
SPECIAL_ATTRIBUTE Any special aribute associated with this update (for example, all
Microsoft Service packs are marked as Service Pack)
COMPONENT Target component, such as HOST_GENERAL, VM_GENERAL,
VM_TOOLS, VM_HARDWAREVERSION or VA_GENERAL
UPDATECATEGORY Species whether the update is a patch or an upgrade.
VUMV_HOST_UPGRADES
This database view provides detailed information about the host upgrade packages.
Table 163. VUMV_HOST_UPGRADES
Field Notes
RELEASE_ID Database-generated ID, which refers to VUMV_UPDATES
and UPDATE_ID
PRODUCT ESXi host
VERSION Version number represented in x.y.z format
BUILD_NUMBER Build number of the ESXi host version
DISPLAY_NAME Name displayed to the user
FILE_NAME Name of the upgrade le
vSphere Update Manager Installation and Administration Guide
154 VMware, Inc.
VUMV_VA_UPGRADES
This database view represents detailed information about the virtual appliance upgrade packages.
Table 164. VUMV_VA_UPGRADES
Field Notes
UPGRADE_ID Upgrade ID used as a primary key
TITLE Short description used in the user interface
VENDOR_NAME Vendor name
VENDOR_UID Unique ID of the vendor
PRODUCT_NAME Product name
PRODUCT_RID Unique ID of the product
SEVERITY Security impact
LOCALE Locale information, if any
RELEASEDATE Release date of the upgrade
VUMV_PATCHES
This database view contains patch binary metadata.
Table 165. VUMV_PATCHES
Field Notes
DOWNLOAD_URL URL for the patch binary
PATCH_ID Unique ID for the current patch, generated by the Update Manager
server
TYPE Patch type: virtual machine or host
NAME Name of the patch
DOWNLOAD_TIME Date and time the patch was downloaded by the Update Manager
server into the Update Manager database
PATCH_SIZE Size of the patch in KB
VUMV_BASELINES
This database view contains the details for a particular Update Manager baseline.
Table 166. VUMV_BASELINES
Field Notes
BASELINE_ID Unique ID generated for this baseline by the Update Manager server
NAME Name of the baseline
BASELINE_VERSION History of when the baseline has been changed (old version remains
in the database)
TYPE Baseline type: virtual machine, virtual appliance, or host
BASELINE_UPDATE_TYPE Baseline type: xed or dynamic
Chapter 16 Database Views
VMware, Inc. 155
Table 166. VUMV_BASELINES (Continued)
Field Notes
TARGET_COMPONENT Target component, such as HOST_GENERAL, VM_GENERAL,
VM_TOOLS, VM_HARDWAREVERSION, or VA_GENERAL
BASELINE_CATEGORY Baseline category, such as patch or upgrade
VUMV_BASELINE_GROUPS
This database view contains the details for a particular Update Manager baseline group.
Table 167. VUMV_BASELINE_GROUPS
Field Notes
BASELINE_GROUP_ID Unique ID generated for this baseline group by the Update Manager
server
VERSION Version of the baseline group
NAME Name of the baseline group
TYPE Type of targets that this baseline applies to: virtual machine, virtual
appliance, or ESXi host
DESCRIPTION Description of the baseline group
DELETED Information about the baseline group deletion, if it is deleted
LASTUPDATED Information about the last time that the baseline group was updated
VUMV_BASELINE_GROUP_MEMBERS
This database view contains information about the relationship between the baseline and the baseline group
in which it is included.
Table 168. VUMV_BASELINE_GROUP_MEMBERS
Field Notes
BASELINE_GROUP_ID Unique ID generated for this baseline group by the Update Manager
server
BASELINE_GROUP_VERSION Version of the baseline group
BASELINE_ID Name of the baseline included in the baseline group
VUMV_PRODUCTS
This database view contains product metadata, including that for operating systems and applications.
Table 169. VUMV_PRODUCTS
Field Notes
PRODUCT_ID Unique ID for the product, generated by the Update Manager server
NAME Name of the product
VERSION Product version
FAMILY Windows, Linux, ESX host, or Embedded ESXi host, Installable ESXi
host
vSphere Update Manager Installation and Administration Guide
156 VMware, Inc.
VUMV_BASELINE_ENTITY
This database view contains the objects to which a particular baseline is aached.
Table 1610. VUMV_BASELINE_ENTITY
Field Notes
BASELINE_ID Baseline ID (foreign key, VUMV_BASELINES)
ENTITY_UID Unique ID of the entity (managed object ID generated by vCenter
Server)
VUMV_UPDATE_PATCHES
This database view contains patch binaries that correspond to a software update.
Table 1611. VUMV_UPDATE_PATCHES
Field Notes
UPDATE_ID Software update ID (foreign key, VUMV_UPDATES)
PATCH_ID Patch ID (foreign key, VUMV_PATCHES)
VUMV_UPDATE_PRODUCT
This database view contains products (operating systems and applications) to which a particular software
update is applicable.
Table 1612. VUMV_UPDATE_PRODUCT
Field Notes
UPDATE_ID Software update ID (foreign key, VUMV_UPDATES)
PRODUCT_ID Product ID (foreign key, VUMV_PRODUCTS)
VUMV_ENTITY_SCAN_HISTORY
This database view contains the history of scan operations.
Table 1613. VUMV_ENTITY_SCAN_HISTORY
Field Notes
SCAN_ID Unique ID generated by the Update Manager server
ENTITY_UID Unique ID of the entity the scan was initiated on
START_TIME Start time of the scan operation
END_TIME End time of the scan operation
SCAN_STATUS Result of the scan operation (for example, Success, Failure, or
Canceled)
FAILURE_REASON Error message describing the reason for failure
SCAN_TYPE Type of scan: patch or upgrade
TARGET_COMPONENT Target component, such as HOST_GENERAL, VM_GENERAL,
VM_TOOLS, VM_HARDWAREVERSION or VA_GENERAL
Chapter 16 Database Views
VMware, Inc. 157
VUMV_ENTITY_REMEDIATION_HIST
This database view contains the history of remediation operations.
Table 1614. VUMV_ENTITY_REMEDIATION_HIST
Field Notes
REMEDIATION_ID Unique ID generated by the Update Manager server
ENTITY_UID Unique ID of the entity that the remediation was initiated on
START_TIME Start time of the remediation
END_TIME End time of the remediation
REMEDIATION_STATUS Result of the remediation operation (for example, Success, Failure, or
Canceled)
IS_SNAPSHOT_TAKEN Indicates whether a snapshot was created before the remediation
VUMV_UPDATE_PRODUCT_DETAILS
This database view contains information about the products (operating systems and applications) to which a
particular software update is applicable.
Table 1615. VUMV_UPDATE_PRODUCT_DETAILS
Field Notes
UPDATE_METAUID Software update ID (foreign key, VUMV_UPDATES)
UPDATE_TITLE Update title
UPDATE_SEVERITY Update impact information: Not Applicable, Low, Moderate,
Important, Critical, HostGeneral, and HostSecurity
PRODUCT_NAME Product name
PRODUCT_VERSION Product version
VUMV_BASELINE_UPDATE_DETAILS
This database view contains information about the software updates that are part of a baseline.
Table 1616. VUMV_BASELINE_UPDATE_DETAILS
Field Notes
BASELINE_NAME Baseline name
BASELINE_ID Unique ID generated for this baseline by the Update Manager server
BASELINE_VERSION History about when the baseline was changed (old version remains in
the database)
TYPE Baseline type: virtual machine, virtual appliance, or host
TARGET_COMPONENT Type of targets this baseline applies to: virtual machine, virtual
appliance, or host
BASELINE_UPDATE_TYPE Baseline type: xed or dynamic
UPDATE_METAUID Update meta ID
TITLE Update title
vSphere Update Manager Installation and Administration Guide
158 VMware, Inc.
Table 1616. VUMV_BASELINE_UPDATE_DETAILS (Continued)
Field Notes
SEVERITY Update severity: Not Applicable, Low, Moderate, Important, Critical,
HostGeneral, and HostSecurity
ID Unique ID generated by the database: UPDATE_ID for updates and
patches; RELEASE_ID for host upgrades; UPGRADE_ID for virtual
appliance upgrades
VUMV_ENTITY_SCAN_RESULTS
This database view contains status history of a particular entity for an update.
Table 1617. VUMV_ENTITY_SCAN_RESULTS
Field Notes
SCANH_ID Unique ID of the scan, generated by the database
ENTITY_UID Entity unique ID (a managed object ID assigned by vCenter Server)
SCAN_START_TIME Start time of the scan process
SCAN_END_TIME End time of the scan process
UPDATE_METAUID Update meta unique ID
UPDATE_TITLE Update title
UPDATE_SEVERITY Update severity: Not Applicable, Low, Moderate, Important, Critical,
HostGeneral, and HostSecurity
ENTITY_STATUS Status of the entity regarding the update: Missing, Installed, Not
Applicable, Unknown, Staged, Conict, ObsoletedByHost,
MissingPackage, NotInstallable, NewModule, UnsupportedUpgrade,
and IncompatibleHardware
VUMV_VMTOOLS_SCAN_RESULTS
This database view contains information about the latest results for VMware Tools scan.
Table 1618. VUMV_VMTOOLS_SCAN_RESULTS
Field Notes
SCANH_ID Unique ID of the scan, generated by the database
ENTITY_UID Entity unique ID (a managed object ID assigned by vCenter Server)
SCAN_START_TIME Start time of the scan process
SCAN_END_TIME End time of the scan process
ENTITY_STATUS Status of the entity against the latest VMware Tools version
VUMV_VMHW_SCAN_RESULTS
This database view contains information about the latest results for virtual machine hardware scan.
Table 1619. VUMV_VMHW_SCAN_RESULTS
Field Notes
SCANH_ID Unique ID of the scan, generated by the database
ENTITY_UID Entity unique ID (a managed object ID assigned by vCenter Server)
Chapter 16 Database Views
VMware, Inc. 159
Table 1619. VUMV_VMHW_SCAN_RESULTS (Continued)
Field Notes
SCAN_START_TIME Start time of the scan process
SCAN_END_TIME End time of the scan process
VM_HW_VERSION Virtual machine hardware version
HOST_HW_VERSION Hardware version recommended on the host
VUMV_VA_APPLIANCE
This database view contains information about virtual appliances.
Table 1620. VUMV_VA_APPLIANCE
Field Notes
VAID Managed object ID of the virtual appliance, used as the primary key
MGMTPORT Port through which the virtual appliance is contacted or managed
MGMTPROTOCOL Management protocol
SUPPORTEDFEATURES Free-form string for API feature compatibility
LASTGOODIP Last known IP address that the virtual appliance had (can be IPv6 or
IPv4)
VADKVERSION VMware Studio version
PRODUCTID ID in VUMV_VA_PRODUCTS
UPDATEVERSION Current patch version of the virtual appliance
DISPLAYVERSION Current patch display version of the virtual appliance
SERIALNUMBER Serial number of the virtual appliance
UPDATEURL Current software update URL of the virtual appliance
ORIGUPDATEURL Default software update URL of the virtual appliance
VUMV_VA_PRODUCTS
This database view contains information about the virtual appliance vendor.
Table 1621. VUM_VA_PRODUCTS
Field Notes
ID Unique ID, a generated sequence number
VENDORNAME Vendor name
VENDORUUID Unique ID of the vendor
PRODUCTNAME Product name (without the release, for example, Database)
PRODUCTRID Product release ID (for example, 10gr2)
VENDORURL Vendor URL (this eld is optional)
PRODUCTURL Product URL (this eld is optional)
SUPPORTURL Support URL (this eld is optional)
vSphere Update Manager Installation and Administration Guide
160 VMware, Inc.
Index
Numerics
64-bit DSN requirement 29
A
add third-party URL, Update Manager 70
adding
baseline to baseline group 100
third-party patch source in UMDS 61
third-party URL in Update Manager 70
alert notifications 76
attaching
baseline group in Update Manager Web
Client 101
baseline in Update Manager Web Client 101
overview 20
B
baseline
attaching in Update Manager Web Client 101
compliance with vSphere objects 107
creating 87
deleting 97
detaching in Update Manager Web Client 102
overview 18
working with 85
baseline group
add baselines 100
attaching in Update Manager Web Client 101
compliance with vSphere objects 107
creating 97
deleting 101
detaching in Update Manager Web Client 102
editing 99
overview 18
remove baselines 100
working with 85
baseline groups, overview 20
baselines
default baselines 19
no updates available 146
system managed 124
types 18
C
checking for notifications 75
cluster, configure settings 79
cluster settings 77
compatibility
Database Formats for Update Manager 26
Operating Systems for Update Manager 26
Update Manager and vCenter Server 27
Update Manager and vSphere Web Client 27
compliance information, viewing 106
compliance state
compliant 111
incompatible 111
non-compliant 111
of baselines 111
of updates 110
compliance view, overview 107
compliance, unknown 147
configuring
cluster settings 79
download sources 68
host settings 78
local Oracle connection 32
Microsoft SQL Server 2012 Express 29
Microsoft SQL Server database 29
network connectivity settings 67
notification checks 75
Oracle database 31
proxy settings 73
remote Oracle connection 32
smart rebooting 82
snapshots 81
UMDS 59
UMDS patch download location 60
update download schedule 73
Update Manager 65
Update Manager download source 16
Update Manager patch download location 82
URL for downloading VA upgrades 61
conflict updates 150
connection loss with Update Manager 144
connection loss with vCenter Server 144
creating
baseline 87
baseline group 97
dynamic patch baseline 88
extension baseline 87
VMware, Inc. 161
extension baselines 89
fixed patch baseline 88
host baseline group 98
host upgrade baseline 92, 93
new data source (ODBC) 30
patch baseline 87
virtual appliance upgrade baseline 95
virtual machine and virtual appliance baseline
group 98
D
data source name 29
database
privileges 27
setup 28
database views
VUMV_BASELINE_ENTITY 157
VUMV_BASELINE_GROUP_MEMBERS 156
VUMV_BASELINE_GROUPS 156
VUMV_BASELINE_UPDATE_DETAILS 158
VUMV_BASELINES 155
VUMV_ENTITY_REMEDIATION_HIST 158
VUMV_ENTITY_SCAN_HISTORY 157
VUMV_ENTITY_SCAN_RESULTS 159
VUMV_HOST_UPGRADES 154
VUMV_PATCHES 155
VUMV_PRODUCTS 156
VUMV_UPDATE_PATCHES 157
VUMV_UPDATE_PRODUCT 157
VUMV_UPDATE_PRODUCT_DETAILS 158
VUMV_UPDATES 154
VUMV_VA_APPLIANCE 160
VUMV_VA_PRODUCTS 160
VUMV_VA_UPGRADES 155
VUMV_VERSION 154
VUMV_VMHW_SCAN_RESULTS 159
VUMV_VMTOOLS_SCAN_RESULTS 159
datacenter
scan 104
scanning 104
delete the repository 148
deleting
baseline 97
baseline group 101
ESXi images 94
Update Manager repository 148
detaching
baseline group 102
baseline in Update Manager Web Client 102
Distributed Power Management (DPM) 77
Distributed Resource Scheduler (DRS) 77
download, Update Manager 34
download patches, UMDS 61
download sources, configuring 68
download the Update Manager installer 34
download virtual appliance upgrades with
UMDS 61
downloading metadata 16
DSN, 64-bit requirement 29
E
editing
baseline group 99
host extension baseline 91
host upgrade baseline 94
patch baseline 91
virtual appliance upgrade baseline 96
enable
Update Manager Web Client 37
Update Manager Web Client plug-in 37
ESXi images
delete 94
importing 92
overview 18
events, viewing 139
extension baseline, creating 87
extension details, overview 113
extensions, filtering 90
F
Fault Tolerance (FT) 77
filtering
extensions 90
patches 90
fixed patch baseline, creating 88
G
generating
Update Manager and vCenter Server log
files 145
Update Manager log bundles 144
Update Manager log files 144
H
High Availability (HA) 77
host, scanning failure 147
host baseline group, creating 98
host extension baseline, editing 91
host extension baseline, creating 89
host extension remediation or staging fails 146
host from a vSAN cluster, maintenance
mode 124
host settings 77
host upgrade baseline
creating 92, 93
editing 94
host upgrade scan messages, virtual switch 117
vSphere Update Manager Installation and Administration Guide
162 VMware, Inc.
host upgrade, third-party software 122
hosts
download third-party patches 70
download third-party patches using UMDS 61
manually scanning in Update Manager Web
Client 103
remediation 126
remediation against baseline groups 132
remediation against upgrade baseline 129
remediation failure response 78
scanning failure 148
schedule scan 105
upgrade failure 148
I
identify the SQL Server authentication type 31
import
ESXi image 92
ESXi images 18
patches 72
incompatible compliance state resolution 149
information notifications 76
install
Update Manager Web Client plug-in 37
Update Manager Web Client 37
installation, database privileges 27
installation requirements 33
installing
UMDS 54, 56, 58
Update Manager 25, 33
Update Manager server 35
L
log bundles, generating for Update
Manager 144
log bundles, generating for Update Manager and
vCenter Server 145
log files, generating for Update Manager 144
log files, generating for Update Manager and
vCenter Server 145
M
maintaining Update Manager database 29
migration, Update Manager 47
Migration Assistant 48
missing package 150
N
network connectivity settings, configuring 67
not installable status 151
notifications
overview 74
view 76
O
offline bundles
import 72
overview 68
Oracle database, configuring 31
overview of
attaching 20
baseline groups 20
compliance view 107
configuring Update Manager 65
ESXi host remediation 122
extension details 113
hosts remediation 120
offline bundles 68
orchestrated upgrades 119
patch details 112
remediation 22, 119
scanning 20, 103
staging patches 21
UMDS 53
Update Manager Client 14
Update Manager process 15
upgrade details 113
P
patch baseline
creating 87
editing 91
patch details, overview 112
patch download task, running 83
patch download location
configuring for UMDS 60
configuring for Update Manager 82
patch fix notifications 74
patch recall notifications 74
patches
add to baseline 141
configure UMDS 59
conflicting 150
deleting 148
download using UMDS 61
filtering 90
import 72
remove from baseline 141
staging 125
pre-remediation check report 134
prerequisites, for the database 27
privileges 84
proxy settings, configuring 73
PXE booted ESXi hosts, enable remediation 80
Index
VMware, Inc. 163
R
remediation
of hosts 126, 129, 132
of virtual appliances 136
of virtual machines 136
overview 22
remediation of vSAN host 124
remediation specifics of ESXi hosts 123
remediation, overview 119
removing, Update Manager 39
removing, baselines from baseline groups 100
restart Update Manager 83
roll back 136
running, patch download task 83
S
scan
datacenter folder 104
vCenter instance 104
scanning
datacenter 104
hosts in Update Manager Web Client 103
overview 20, 103
schedule 105
vCenter instance 104
viewing results 105
virtual appliance 104
virtual machine 104
schedule, scanning 105
scheduled remediation
for hosts 138
for virtual machines and virtual
appliances 138
setting up and using UMDS 59
shared repository, using 71
smart rebooting, configuring 82
snapshot, configuring 81
staging, overview 21
staging patches 125
supported database formats 26
Supported Linux-Based Operating Systems and
Databases for Installing UMDS 56
system managed baselines 124
system requirements for Update Manager 26
T
third-party URL, adding in UMDS 61
troubleshooting
baselines 146
compliance 147
conflicting updates 150
connection loss 144
ESX host applicable 147
ESXi host scanning failure 148
ESXi host upgrade failure 148
extension remediation or staging failure 146
generating Update Manager and vCenter
Server log bundles 145
generating Update Manager log bundles 144
incompatible compliance state 149
log files are not generated 145
missing package 150
not installable status 151
scanning 147
unsupported upgrade 151
Update Manager tab 143
Update Manager Web Client 143
VMware Tools upgrade fails 147
U
UMDS
add third-party URL 61
compatibility matrix 54
configuring 59
download data 59
download host updates 59
download patches 61
download VA upgrades 61
download virtual appliance upgrades 59
export downloaded patches 62
installing 54
installing on Windows 54
installing on Linux 56, 58
overview 53
setting up and using 59
upgrading 54
UMDS on Linux, configure PostgreSQL
database 56
understanding, Update Manager 13
uninstall, UMDS on Linux 59
uninstalling, Update Manager server 39
uninstalling Update Manager 39
unsupported upgrade 151
Update Manager
add third-party URL 70
best practices 51
database 28
database views 153
deployment models usage 52
hardware requirements 26
installing 25
network connectivity settings 66
patch repository 141
process 15
recommendations 51
vSphere Update Manager Installation and Administration Guide
164 VMware, Inc.
restart the service 83
roll back after migration 48
supported Operating Systems 26
system requirements 26
understanding 13
uninstalling 39
upgrading 41
update download schedule, modify 73
update download, overview 16
Update Manager service 45
Update Manager in vCenter Server Appliance,
start service 45
Update Manager tab remains visible after
Update Manager server
uninstallation 143
updated information 11
updates, deleting 148
upgrade details, overview 113
upgrade hosts 129
upgrade VMware Tools 137
upgrading
Java components 43
JRE 43
UMDS 54
Update Manager 41
Update Manager server 42
using
Internet as a download source 69
shared repository as a patch download
source 71
V
VA upgrades, download with UMDS 61
vCenter instance, scanning 104
vCenter Server Appliance, Migration
Assistant 48
viewing
compliance information 106
events 139
notifications 76
scan results 21, 105
virtual machine
manually scan 104
remediation failure 81
scanning 104
schedule scan 105
snapshot 81
virtual appliance
manually scan 104
scanning 104
schedule scan 105
virtual appliance remediation, overview 135
virtual appliance upgrade baseline
creating 95
editing 96
virtual machine remediation, overview 135
virtual machine and virtual appliance baseline
group, creating 98
VMware Tools 137
VMware Tools upgrade fails,
troubleshooting 147
VMware Tools upgrade on power cycle 137
VMware Tools, status 118
vSAN, system managed baselines 124
vSAN baselines 124
vSAN host remediation 124
W
warning notifications 76
Index
VMware, Inc. 165
vSphere Update Manager Installation and Administration Guide
166 VMware, Inc.

Navigation menu