VMware Update Manager | TheSaffaGeek

August 7, 2012
by Gregg Robertson 4 Comments

Deploying an Isolated Update Manager Download Service Architecture

During a recent customer engagement for a Virtual Infrastructure build out I was tasked with deploying an Isolated/Air Gap Update Manager Download Service architecture. If you do not know what an isolated Update Manager Download Service is then read this article first before carrying on. I came across a few hurdles during this deployment and so i waned to create a quick reference of what I followed for my future reference and to hopefully help anyone who gets the problems I was getting during the setup

For this setup, I got a service account created that would be used for the installation of VUM and the UMDS.
For my setup I setup VUM and UMDs on their own dedicated servers as you obviously have to do as the UMDS has to be in the DMZ.
For the installation of UMDS I followed the following steps from the vSphere 5 Documentation Center.
Next I installed VUM following the steps detailed from this vSphere 5 Documentation Center article.
1. Note: The first hurdle I hit in this installation was that the SQL Client for SQL 2012 doesn’t work for the ODBC connections so I had to install the SQL 2008 Client from here for it to show the ODBC configuration when I went through each of the installations.
Next was the configuration of UMDS and I followed this vSphere 5 Documentation Center article.
Next was the creation of the IIS server for the UMDS so that VUM can contact and download the patches. I followed this vSphere 5 Documentation Center article.
Next was the exporting of the downloaded patches to the UMDS folder under the IIS website (for mine I did a virtual directory to a folder on my data drive so that the c drive was not filled up with patches.)
1. Note: For the exporting, I kept getting an error as detailed in this VMware Communities discussion I created. As detailed in the discussion the problem was I had to set the folder location as my default export store by running vmware-umds -S –default-export-store <your path to the UMDS folder>.
2. Then you can export the patches to the folder location by running: vmware-umds –E <your path to the UMDS folder>.
Now you can go into your vCenter and setup the UMDS as your shared repository location by pointing to the IIS website you created for the UMDS folder

Note: For the downloading of the patches I kept getting a failure where the downloading patches task would get stuck at 50% for a few minutes and then fail stating “Cannot download patch definitions” as shown below.

2. The problem here was that the service account running the VUM service on the VUM server did not have full permissions to the folder. After reapplying the patches the downloading of the patches worked

After going through all of the above steps, my air gap Update Manager Download Service was now setup

I hope that this saves someone the headaches I had along the way

Gregg

June 11, 2010
by Gregg Robertson Leave a comment

All things virtual XII

The whole community has been buzzing with the news of the vExpert’s for 2010. As I said in the last all things virtual I didn’t think I was going to become one and I wasn’t surprised when I didn’t become one. I wrote a blog posting about the reasons I feel I didn’t get it and how I think if I keep trying hopefully I will be selected as one. One encouraging part from this past week was a twitter message from John Troyer the leader/owner of the vExpert community saying he thinks I’m off to a great start on my way to becoming one. Thanks John it really means a lot to me 🙂

Scott Lowe whose book Mastering VMware vSphere 4 was a massive help for my in my preparation for my VCP4 posted a very thought provoking posting all about blogging for the right reasons. This isn’t virtualisation per se but it does relate well to people blogging just for the sake of possibly becoming a vExpert or for getting a new job/role. Speaking of Scott’s book his book is now available as an Ebook.

Maish Saidel-Keesing alerted to the fact that in the latest workstation 7.1 build the icon for the VMware tools has changed. It is now obviously due to the release of vSphere Update 2 and vCentre 4 Update 2 and with this the new version of VMware Tools (Build 261974).

Arnim van Lieshout posted all about the latest release of the vEcoShell and the new features it has. The vEcoShell is a brilliant tool and is one I’m trying to strengthen my knowledge on due to the great customisations you can do with it and the power it has for running scripts via PowerCli in your virtual environment.

VMware have also released the latest version of the VCP on vSphere 4 Exam Blueprint Guide. These blueprints are amazing and are the best way I feel in making sure you know and have the required knowledge and skills to pass the VCP4 exam.

VMware have also announced that there is now support for VMware SDK’s via the support team tasked with this support. Mike DiPetrillo has written a blog posting all about this release and what it means for people like himself helping people prepare their applications and services for the cloud.

Rick Scherer has posted a blog posting all about EMC’s new technology EMC VPLEX. This was released at EMC world and allows the infamous long distance vmotion. I won’t try describe it capabilities as Rick has explained it great in his posting and the video from EMC world in which Nick Weaver (@lynxbat) had a major role in setting up and making sure it ran smoothly. The video is below

Jason Boche has posted up how to win yourself a free pass to this years VMworld.I’m sure a staggering amount of people are going to be entering as most companies are still weary of spending money on these kinds of conventions so this is a great way for someone to make it. I’ve been given the nod to make it to this years one which I’m extremely excited about and hopefully I can generate some really good blog postings while there like the ones I read so much for last years one.

While catching up on my VMware Communities Roundtable podcasts I was listening to the podcast from a few weeks back about the VCAP exams and was very pleased to hear that live labs are going to be a large part of the exams to stem the tide of people using “braindump” materials.

Colin Steele was the first person I saw to have posted a blog on an error is saw pour in at the VMware communities about a Microsoft patch that was preventing vSphere client logins. VMware have also created an official knowledgebase article on the problem and how to fix it.

Lastly a friend of mine who also works in virtualisation Kivian Johnson of First Rand Bank alerted me to a very helpful and possibly integral free tool by Foundstone a division of McAfee’s VIDigger. The tool is “designed to help administrators check the configuration of ESX server and the virtual machines hosted on ESX server against the VMware Infrastructure Hardening guide and other best practices.” I am yet to fully try it out in my lab environment but if it really does do all the things they say it will be a brilliant tool for any virtual infrastructure administrator.

Gregg Robertson

June 11, 2010
by Gregg Robertson 3 Comments

vCentre 4 and vSphere Update 2 Released

As of last night VMware have released VMware vCentre 4.0 Update 2 & VMware vSphere Update 2

All the patches that were released and their build numbers are:
vCentre Server 4.0 Update 2 (Build 258672)
vSphere Client 4.0 Update 2 (Build 258672)
ESX 4.0 Update 2 (Build 261974)
VMware Tools (Build 261974)

The new features with the latest release of vSphere are:

Enablement of Fault Tolerance Functionality for Intel Xeon 56xx Series processors— vSphere 4.0 Update 1 supports the Intel Xeon 56xx Series processors without Fault Tolerance. vSphere 4.0 Update 2 enables Fault Tolerance functionality for the Intel Xeon 56xx Series processors.
Enablement of Fault Tolerance Functionality for Intel i3/i5 Clarkdale Series and Intel Xeon 34xx Clarkdale Series processors— vSphere 4.0 Update 1 supports the Intel i3/i5 Clarkdale Series and Intel Xeon 34xx Clarkdale Series processors without Fault Tolerance. vSphere 4.0 Update 2 enables Fault Tolerance functionality for the Intel i3/i5 Clarkdale Series and Intel Xeon 34xx Clarkdale Series processors.
Enablement of IOMMU Functionality for AMD Opteron 61xx and 41xx Series processors— vSphere 4.0 Update 1 supports the AMD Opteron 61xx and 41xx Series processors without input/output memory management unit (IOMMU). vSphere 4.0 Update 2 enables IOMMU functionality for the AMD Opteron 61xx and 41xx Series processors.
Enhancement of the esxtop/resxtop utility— vSphere 4.0 Update 2 includes an enhancement of the performance monitoring utilities, esxtop and resxtop. The esxtop/resxtop utilities now provide visibility into the performance of NFS datastores in that they display the following statistics for NFS datastores: Reads/s, writes/s, MBreads/s,MBwrtn/s, cmds/s, GAVG/s(guest latency).
Additional Guest Operating System Support— ESX/ESXi 4.0 Update 2 adds support for Ubuntu 10.04. For a complete list of supported guest operating systems with this release, see the VMware Compatibility Guide.

The new features with the latest release of vCentre are:

Guest Operating System Customization Improvements: vCenter Server now supports customization of the following guest operating systems:

Windows XP Professional SP2 (x64) serviced by Windows Server 2003 SP2
SLES 11 (x32 and x64)
SLES 10 SP3 (x32 and x64)
RHEL 5.5 Server Platform (x32 and x64)
RHEL 5.4 Server Platform (x32 and x64)
RHEL 4.8 Server Platform (x32 and 64)
Debian 5.0 (x32 and x64)
Debian 5.0 R1 (x32 and x64)
Debian 5.0 R2 (x32 and x64)

Check out the VMware vCentre 4 Update 2 Release Notes here and VMware vSphere Update 2 Release Notes here for all the resolved issues and all the fixes from previous bundles and how to update your environment.

You can download the latest update from the VMware download page here.

Gregg Robertson

April 13, 2010
by Gregg Robertson 2 Comments

Host cannot download files from VMware vCenter Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.

This error has been haunting me for quite some time now. When I tried to setup and get VMware update manager working late last year I came across the above problem. I did some fixes but none seemed to work and due to there being a very large amount of work happening I put it on the back burner. Now if you have read my blog posting about the distributed virtual switches you would have seen the need to keep your servers up to date on the latest patches as well as the obvious reasons of security and bug fixes.

So early March this year I decided I was going to get VMware Update Manager working so I didn’t have to use esxupdate to patch my vm’s. My previous problem I believed were down to me using an older version of VUM and possibly because I had it installed on a highly utilised Virtual Centre Server I decided to build a dedicated server for VUM and do it all to the exact specifications VMware tell you to and install the latest version.

Seeing as I have spent some time trying to get this problem fixed I have found some brilliant blog postings and tips for fixing this problem as well as others that stem from this error.

Jason Nash’s (@nash_j) blog posting was probably my first port of call when I tried to fix the problems I was having last year and I still checked the DNS settings this time to make sure everything was as it should be.
The next one was from a VMware communities posting someone had put up with problems sounding very close to the problem I was having. One of the replies recommended checking that the update manager port is open on the esx hosts firewall which is a very important part to check as by default this isn’t open and so can cause you problems with Update manager.
Next is the one I kept coming across and is the one I felt was causing my problems when I installed it previously. This is the problem where the port information in the vci-integrity.xml file is incorrect. For me this wasn’t the problem as it has now been fixed in Update Manager 4.0 Update 1 but if you are using the previous versions of update manager this is more than likely your problem and the steps should fix your problem. Personally I installed Update Manager 4.0 update 1 Patch 1 to make sure all the bugs I could possibly avoid I would.

There are also so many great resources of how to setup and manage VUM I decided it would be helpful to list the links I used to to set it all up as VMware have done some brilliant videos detailing the processes.

First set of steps I used was the video demo by VMware of how to install vCenter Update Manager 4 Update1. (Warning these are videos that need to be downloaded and you will need Adobe Flash player to view them). I would also recommend using the VUM sizing estimator to make sure you allocate the correct amount of space for the database and patches repository. The first bit I had to/chose to do differently was inserting the ip address of the Update Manager server in the server name filed in the installation to make sure that if there are any problems with DNS the server is obviously still accessible. The next bit was for the creation of the ODBC DSN when creating the SQL server instance for the update manager database. Due to me installing it on a x64 machine I had to create the ODBC via the odbcad32.exe application as in the ESX and vCenter Server Installation Guide , on page 72 it is tells you this which I noticed when installing my Virtual Centre server on a x64 server and this “fix” also applies to the database setup for Update Manager even though it doesn’t seem to be included in the latest documentation :

Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit system is 64 bit.

Next I used the steps detailed in the video demo by VMware of how to setup baselines and baseline groups to setup my baselines and baseline groups.
Then finally I used the guided tour demo to scanning and remediating with VUM. to do my scans and obviously remediate my esx hosts.

Thankfully now it’s all working correctly and I can finally use Update Manager.

Gregg Robertson