Vi3 Vum 10u2 Admin Guide

8/14/2019 Vi3 Vum 10u2 Admin Guide

1/52


2/52

VMware, Inc.

3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

Update Manager Administration Guide

You can find the most up-to-date technical documentation on our Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

2008, 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectualproperty laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.

VMware, the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware,Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their

respective companies.


Revision: 20090213

Item: EN-000037-01
http://www.vmware.com/supportmailto:[email protected]:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/


3/52


4/52

Administration Guide

4 VMware, Inc.

ManagingVirtualAppliances 36

VirtualAppliancesDiscovery 36

ScanningVirtualAppliances 36

RemediatingVirtualAppliances 37

3 OperationsReference 39CommonProblemsandSolutions 39

GatheringLog

Files 39

NoBaselineUpdatesAvailable 39

AllUpdatesinComplianceReportsAreNotApplicable 40

AllUpdatesinComplianceReportsAreUnknown 40

RemediatedUpdatesContinuetoBeNotCompliant 40

RemediatingVirtualMachineswithAllUpdateorAllCriticalUpdatesFails 40

ESXServerScanningFails 41

Events 41

DatabaseViews 44

VUMV_VERSION 44

VUMV_UPDATES 44

VUMV_PATCHES 45

VUMV_BASELINES 45VUMV_PRODUCTS 45

VUMV_BASELINE_UPDATE_ASSIGNMENT 46

VUMV_BASELINE_ENTITY_ASSIGNMENT 46

VUMV_UPDATE_PATCHES 46

VUMV_UPDATE_PRODUCT 46

VUMV_ENTITY_SCAN_HISTORY 47

VUMV_ENTITY_UPDATE_SCAN_HISTORY 47

VUMV_ENTITY_REMEDIATION_HISTORY 47

VUMV_UPDATE_PRODUCT_DETAILS 48

VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS 48

VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS 48

Index 49


5/52

VMware, Inc. 5

Thismanual,theUpdateManagerAdministrationGuide,providesinformationonhowtoconfigureVMwareUpdateManager,includinghowtoinstalltheproductandconfigureitforuseinyourenvironment.

TheUpdateManagerworkswithVMwareESXServer3.5andlaterandVMwareESXServer3iversion3.5andlater.Foreaseofdiscussion,thisbookusesthefollowingproductnamingconventions:

Fortopics

specific

to

ESX

Server

3.5,

this

book

uses

the

term

ESX

Server

3.

FortopicsspecifictoESXServer3iversion3.5,thisbookusesthetermESXServer3i.

Fortopicscommontobothproducts,thisbookusesthetermESXServer.

Whentheidentificationofaspecificreleaseisimportanttoadiscussion,thisbookreferstotheproduct

byitsfull,versionedname.

WhenadiscussionappliestoallversionsofESXServerforVMwareInfrastructure3,thisbookusesthe

termESXServer3.x.

Intended Audience

TheinformationinthismanualiswrittenforexperiencedWindowsorLinuxsystemadministratorswhoare

familiarwithvirtualmachinetechnologyanddatacenteroperations.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour

feedbackto:

[email protected]

Update Manager Documentation

TheUpdateManagerdocumentationconsistsofthisadministrationguide,onlinehelpintegratedwiththe

UpdateManagerclientplugin,releasenotesandUpdateManagerPowerShellLibraryAdministratorsGuide,whichcontainsinformationaboutrunningtheUpdateManagercmdletsinToolkitforWindows.

Youcanaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:

http://www.vmware.com/support/pubs

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions

ofthisbookandotherbooks,goto:

http://www.vmware.com/support/pubs.

About This Book
mailto:[email protected]://www.vmware.com/support/pubshttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubsmailto:[email protected]


6/52

Administration Guide

6 VMware, Inc.

Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and

registeryourproducts.Goto:

http://www.vmware.com/support

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon

priority1issues.Goto:

http://www.vmware.com/support/phone_support.html

Support Offerings

FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto:

http://www.vmware.com/support/services

VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused

asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto:

http://mylearn1.vmware.com/mgrreg/index.cfm
http://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support


7/52

VMware, Inc. 7

1

Thischapterdiscussesthefollowingtopics:

UpdateManagerOverviewonpage 7

SecurityBestPracticesonpage 7

UpdateManagerProcessesonpage 8.

UpdateManagerSettingsonpage 10

Update Manager Overview

VMware Update Managercomparestheoperatingsystemsandapplicationsrunninginyour

VMware Infrastructuredeploymentagainstasetofstandardupdatesandpatches.Updatesyouspecifycan

beappliedtooperatingsystems,aswellasapplicationsonscannedESXServerhosts,virtualmachines,and

virtualappliances.UpdateManagerworkswithESXServerhosts,virtualmachines,andvirtualappliances

runningonESXServerhosts.Benefitsvarydependingontheversionsofapplicationsinyourenvironment.

BeginningwithVirtualCenter2.5andESXServerversion3.5,UpdateManagerletsyouscanforcompliance

andapplyupdatesforguests,appliances,andhosts.

UpdateManagercanscanandremediatepoweredon,suspended,andpoweredoffvirtualmachinesand

templates,inadditiontoscanningandremediatinghosts.Iftheupdatingorpatchingfails,youcanrevertthe

virtualmachinesandtemplatesbacktotheirpriorcondition,withoutlosingdata.

Security Best Practices

Maintainingaconsistentsetofoperatingsystemsandapplications,withparticularpatchinglevelshelps

reducethenumberofvulnerabilitiesinanenvironment,atthesametimereducingthepossiblerangeofissues

requiringsolutions.Allsystemsrequirepatching,reconfiguration,orothersolutions,butreducingthe

diversityofsystemsinanenvironmenteasesmanagementburdensandreducessecurityrisks.

Benefits of Compliance

Manyattackstakeadvantageofexisting,wellknownissues.Forexample,theNimdacomputerwormused

vulnerabilitiesthatwereidentifiedmonthsbeforetheactualspreadoftheworm.Apatchexistedatthetime

oftheoutbreak,andsystemstowhichthepatchwasappliedwerenotaffected.UpdateManagerprovidesa

waytohelpensurethattherequiredpatchesareappliedtothesystemsinyourenvironment.

Tomakeyourenvironmentmoresecure:

Beawareofwherevulnerabilitiesexistinyourenvironment.

Efficientlybringthesemachinesintocompliancewiththepatchingstandards.

Understanding Update Manager 1


8/52


8 VMware, Inc.

Inatypicallargeenvironment,manydifferentmachinesrunvariousoperatingsystems.Addingvirtual

machinestoanenvironmentincreasesthisdiversity.UpdateManagerautomatestheprocessofdetermining

thestateofyourenvironmentandprovidesawaytoefficientlyupdateVMwarevirtualmachinesandESX

Serverhostsinyourenvironment.

Compliance and Security Best Practices

Toachievethegoalofcompliance,withitsbenefitsofincreasedsecurityandstability,regularlyevaluatethe

following:

Operatingsystemsandapplicationspermittedinyourenvironment

Patchesrequiredforoperatingsystemsandapplications

Determinewhoisresponsibleformakingtheseevaluations,whentheseevaluationsaretobemade,andwhat

tacticstousetoimplementtheplanthatresultsfromtheinvestigation.

Update Manager Processes

UpdateManagerusesasetofoperationstoensureeffectivepatchmanagement.Thisprocessbeginsby

downloadinginformationaboutasetofsecurityupdates.Oneormoreoftheseupdatesareaggregatedtoform

abaseline.Acollectionofvirtualmachines,virtualappliances,andESXServerhostscanbescannedfor

compliancewithabaselineandremediated(updated).Theseprocessescanbeinitiatedmanuallyorthrough

scheduledtasks.

Patch Downloading

UpdateManagerusestheInternettogatherinformationaboutthelatestpatchesfromVMwareandShavlik.

VMwareprovidesinformationaboutupdatestoESXServer,andShavlikprovidesinformationforallmajor

applicationsandoperatingsystems.

Atregular,configurableintervals,UpdateManagercontactsShavlikandVMwaretogatherthelatest

informationonavailablepatches.Forinformationaboutconfiguringdownloadintervals,seeCheckingfor

Updatesonpage 21.Informationaboutallpatchesisdownloaded,regardlessofwhethertheapplicationor

operatingsystemtowhichthepatchappliesiscurrentlyinuseinyourenvironment.

Downloadinginformationaboutallpatchesisarelativelylowcostoperationintermsofdiskspaceand

networkbandwidth.Doingsoprovidestheflexibilitytoaddscanningandremediationofthoseapplications

oroperatingsystemsatanytime.SeeScanningVirtualMachinesandESXServerHostsonpage 9,

Remediationonpage 10,ScanningVirtualAppliancesonpage 36,andRemediatingVirtualAppliances

onpage 37.

WhenUpdateManagerexaminessystemsforpatchcompliance,itcheckswhetherthelatestpatchisapplied

basedoninformationonthatsystem.Patchinformationisusedforthisprocess;thepatchitselfisnotrequired.

Machinesthatarenotcompliantwithbaselinesareidentifiedusingthesecomparisons.Toimproveefficiency

andsavediskspace,patchesforvirtualmachinesareonlydownloadedafteraneedisidentified.

Thefirsttimeavirtualmachineistoberemediated,theapplicablepatchesaredownloadedtotheUpdate

Managerserverandthepatchesareapplied.Thedetailsofhowapatchisapplied,suchaswhetheritisapplied

immediatelyoratalatertime,aredeterminedbythecombinationofwhatispossibleundertheconditions,

andwhattheuserrequests.Forexample,ifUpdateManagerisconfiguredtoremediatemachines,butthose

machinesarenotinastateinwhichremediationispossible(suchasESXServerhostsbeingpoweredoff),the

processisdeferreduntiltheactionispossible.

Afterapatchisdownloaded,itiskeptindefinitelyinthepatchdownloaddirectory.Whenothermachinesare

remediated,thepatchresourceisalreadypresentontheserver.

UpdateManagermightbedeployedinsuchawaythatitcannotconvenientlydownloadpatches.Forexample,

UpdateManagermightbedeployedonaninternalnetworksegmentthatdoesnothavereliableInternet

access.UpdateManagerDownloadServicedownloadsandstorespatchesonthemachineonwhichitis

installed,sothatUpdateManagerserverscanusethemlater.


9/52

VMware, Inc. 9

Chapter 1 Understanding Update Manager

YoucanconfigureUpdateManagertouseanInternetproxytodownloadpatchinformationandpatches.See

ConfiguringUpdateManagerforUsewithanInternetProxyonpage 22.

Scanning Virtual Machines and ESX Server Hosts

Scanningistheprocessinwhichattributesofasetofhostsorvirtualmachinesareevaluatedagainsta

standard,whichiscalledabaseline.YoucanscanESXServer3.5andlater,ESXServer3iversion3.5andlater,

aswellasvirtualmachinesrunningWindowsorLinux.YoucanscananESXServerinstallationtodetermine

whetherthelatestpatchesareapplied,oryoucanscanavirtualmachinetodeterminewhetherthelatestpatchesareappliedtoitsoperatingsystem.

Scansforupdatesareoperatingsystemspecific.Forexample,UpdateManagerscansWindowsvirtual

machinestoensurethattheyhaveaparticularsetofpatches,butdoesnotscanthesamemachinesto

determinewhetherLinuxpatchesareinstalled.

Inthevirtualinfrastructure,allobjectsexceptresourcepoolscanbescanned.

Youcanperformscansonbothonlineaswellasofflinevirtualmachinesandtemplates.

Baselines

Scanningcomparesthestateofahostorvirtualmachineagainstabaseline.Abaselinedescribesacollection

ofone

or

more

updates

such

as

service

packs,

patches,

or

bug

fixes.

With

asingle

baseline,

checking

whether

alltheindividualupdatesthatmakeupthebaselinewereappliedtotheobjectsbeingscanned,becomesa

onestepprocedure.

Atregularintervals,UpdateManagerqueriesupdaterepositoriesthatvendorsprovidetofindavailable

patches.Theserverforpatchinformationandthecontentsofthepatchesareauthenticatedbyusinga

fullfeaturedpublickeyinfrastructure.Tohelpensuresecurity,patchesaretypicallycryptographicallysigned

byvendorsandaredownloadedoverasecureconnection.

UpdateManageroffersthefollowingtypesofbaselines:

DynamicThesignificanceofeachupdatedeterminesthecontentofthebaseline.ForWindows,updates

areeithercriticaloroptional.

Thecontentsofadynamicbaselinearedeterminedbasedonavailableupdatesthatmeetthespecified

criteria.Asthesetofavailableupdateschanges,dynamicbaselinesareupdatedaswell.Youcanexplicitly

includeorexcludeanyupdates,andtheseexceptionspersistindefinitely.

FixedTheusermanuallyspecifiesallupdatesincludedinthebaselinefromthetotalsetofpatches

availableinUpdateManager.Fixedupdatesaretypicallyusedtocheckwhethersystemsarepreparedto

dealwithparticularissues.Forexample,youmightusefixedbaselinestocheckforcompliancewith

patchestopreventawormsuchasBlaster.

UpdateManagerincludesfourpreestablisheddynamicbaselinesthatyoucanusetoscananyvirtualmachine,

virtualappliance(thebaselinesforvirtualmachinesandappliancesareoneandthesame),orhostto

determinewhethertheyhaveallpatchesappliedforthedifferentcategories:

CriticalVirtualMachineUpdatesChecksvirtualmachinesforcompliancewithallcritical

Windowsupdates.

NoncriticalVirtualMachineUpdatesChecksvirtualmachinesforcompliancewithalloptional

Windowsupdates.

CriticalHostUpdatesChecksESXServerhostsforcompliancewithallcriticalupdates.

NoncriticalHostUpdatesChecksESXServerhostsforcompliancewithalloptionalupdates.

Youcanalsocreateadynamicbaselinethatincludesbothcriticalandoptionalupdates.

SeveralbaselineattributesappearintheUpdateManageruserinterface:

NameIdentifiesdifferentbaselines.Thenamecanbemodified,asrequired.Itisestablishedwhen

abaselineiscreated.


10/52


10 VMware, Inc.

UpdatesSpecifiesthenumberofupdatesincludedinthebaseline.Someupdates,suchasservice

packs,includemanysmallerpatchesthatmighthavebeendistributedindividuallyinthepast.

Becausethenumberofupdatesdoesnotdirectlyindicatetheextentoftheupdatesincludedinthe

baseline,thisinformationshowsthequantity,ratherthanthequality.Thenumberofupdatesmight

indicatehowlongascanandremediationmighttaketocomplete.

LastModifiedSpecifiesthelasttimeupdateswereaddedtoorremovedfromthisbaseline.This

datereflectsthelasttimeupdateschangedeitherbecauseofautomaticchangesresultingfrom

dynamicupdates

or

from

manual

user

changes.

Reviewing

the

last

update

information

can

help

provideanideaofwhetherexpectedchangesweremadetobaselines.

BaselineTypeIdentifiesthetypeoftheparticularbaseline.PossiblevaluesincludeDynamic,Fixed,

orDynamic(modified).Dynamic(modified)baselinesaredynamicbaselinesthatusersmodifyto

includeorexcludespecificupdates,countertothebasiccriteriaofthedynamicbaseline.

Administratorscancreatenewbaselines,editexistingbaselines,detachbaselines,orremove(delete)baselines.

Forlargeorganizationswithdifferentgroupsordivisions,eachgroupcandefinetheirownbaselines.

Administratorscanfilterthelistofbaselinesbysearchingforaparticularstringorbyclickingontheheaders

foreachcolumntosortbythoseattributes.ThisfunctionalityusesthecapabilitiesthatallVirtualCenterviews

provides.

RemediationRemediationistheprocessinwhichUpdateManagerappliesupdatestoESXServerhosts,virtualmachines,or

virtualappliancesafterascaniscomplete.Remediationhelpsensurethatmachinesandappliancesare

securedagainstknownpotentialattacksandhavegreaterreliabilityresultingfromthelatestfixes.While

remediationprovidesbenefits,youmightnotremediatemachines.Forexample,yourorganizationmight

determinethatthefixisnotsignificantenoughtowarrantapplication,oramachinemightberunninglegacy

processesthatdonotfunctionifthelatestpatchesareapplied.

Youcanremediatemachinesandappliancesinmuchthesamewaysthatyoucanscanthem.Aswithscanning,

youcannotonlyremediateasinglevirtualmachineorvirtualappliance,butyoucanalsoinitiateremediation

scanonafolderofvirtualmachines,acluster,oradatacenter,orallobjectsinyourvirtualinfrastructure.As

withscanning,resourcepoolsaretheonlyVMwareInfrastructureobjecttypethatcanneverberemediated.

Remediationissupportedfor:

Poweredon,suspended,orpoweredoffWindowsvirtualmachinesandappliances.

TemplatesforWindowsvirtualmachines.

HostsrunningESXServer3.5.0orhigher.

Update Manager Settings

ThevirtualmachineandESXServerremediationprocessisconfigurable.Configurableoptionsinclude:

Whentocheckforupdatedpatchinformation.

WhentoscanorremediatevirtualmachinesorESXServerhosts.

Howtohandlepreremediationsnapshotsofvirtualmachines.UpdateManagercancreatesnapshotsofvirtualmachinesbeforeremediation.IfyouconfigureUpdateManagertocreatesnapshots,youcan

configurethesnapshotstobekeptindefinitelyortobedeletedafteraspecifiedperiod.

Whethertocreatesnapshotsofvirtualmachinesbeforeremediation,whethertostorethesnapshot,and

forhowlong.

HowtohandlefailurestoremediateESXServerhosts.

Formoreinformationonsecurityconfiguration,seeConfiguringUpdateManageronpage 20.


11/52


12/52


12 VMware, Inc.

BeforeyouinstallUpdateManager,gatherinformationabouttheenvironmentintowhichyouareinstalling

UpdateManager.Informationtocollectincludesthefollowing:

NetworkinginformationabouttheVirtualCenterServerthatUpdateManagerwillworkwith.Defaults

areprovidedinsomecases,butyoumightwanttoensurethatyouhavethecorrectinformation,

including:

IPaddress.

Portnumber.Inmostcases,theWebserviceports(80and443bydefault)areused.

Administrativecredentialsrequiredtocompletetheinstallation,including:

Theusernameforanaccountwithsufficientprivileges.ThisisoftenrootorAdministrator.

Thepasswordfortheaccountthatwillbeusedfortheinstallation.

To Install Update Manager

1 InserttheInstallerCDintotheCDROMdriveoftheserverthatwillhosttheUpdateManagerserver.

2 ClickNext.

3 ClickNext.

4 AcceptoneoftheoptionsandclickNext.

5 EnteryournameandorganizationalinformationandclickNext.

6 SelectVMwareVirtualCenterServer.

IfyouhavealreadyinstalledcomponentssuchasVMwareInfrastructureClient,VirtualCenterServer,or

VMwareConverterEnterpriseforVirtualCenter,amessageappearsinformingyouthatthesecomponents

areinstalled.YoucancontinuetheinstallationofothercomponentssuchasUpdateManager.

IfyouselecttheCustomoption,youcanconfigurewhatdatabaseVMwareUpdateManageruses,change

proxyserversettings,andcustomizewhereUpdateManagerisinstalledandwherepatchesarestored.

7 ClickNext.

The

VirtualCenter

Server

Authorization

page

appears.8 EnterinformationabouttheVirtualCenterServerandAdministratoraccountthatthisUpdateManager

serverwillworkwith.

a IntheVCServerIPtextbox,enteranIPaddressoracceptthedefault.

b IntheVCServerPorttextbox,enteraPortnumberoracceptthedefault.

c IntheAdministratortextbox,enterthenameoftheadministrativeaccountyouwillusetocomplete

thisinstallation.

Table 2-1. Supported Database Formats

Database Type Patch and Driver Requirements

SQLServer2000SP4 UseSQLServerdriverfortheclient.

SQLServer2005SP1 UseSQLNativeClientdriverfortheclient.

SQLServer2005Express UseSQLNativeClientdriverfortheclient.

Oracle9i Applypatch9.2.0.8.0toserverandclient.

Oracle10gRelease1(10.1.0.2) Applypatch10.1.0.3.0toserverandclient.

Oracle10gRelease2(10.2.0.1.0) Firstapplypatch10.2.0.3.0toserverandclientandthenapplypatch5699495totheclient.(SEEUPDATE)


13/52


14/52


15/52


16/52


16 VMware, Inc.

To identify the SQL Server authentication type

1 OpenSQLServerEnterpriseManager.

2 ClickthePropertiestab.

3 Checktheconnectiontype.TheconnectiontypeindicateseitherWindowsNTorSQLServer

authentication.

Configuring Microsoft SQL Server 2005 Express

TheMicrosoftSQLServer2005Expressdatabasepackageisinstalledandconfiguredwhenyouselect

MicrosoftSQLServer2005ExpressasyourdatabaseduringtheVMwareUpdateManagerinstallation.No

additionalconfigurationisrequired.

IfMicrosoftSQLServer2005Expressisinstalled,reviewtherequireddatabasepatchesspecifiedinTable 21.

Ifyoudonotprepareyourdatabasecorrectly,theUpdateManagerinstallermightdisplayerrorandwarning

messages.

Maintaining Your Update Manager Database

AfteryourUpdateManagerdatabaseinstanceandUpdateManagerareinstalledandoperational,perform

standarddatabasemaintenanceprocesses.Theseinclude:

Monitoringthegrowthofthelogfileandcompactingthedatabaselogfile,asneeded.Seethe

documentationforthedatabasetypeyouareusing.

Schedulingregularbackupsofthedatabase.

BackingupthedatabasebeforeanyUpdateManagerupgrade.

Seeyourdatabasedocumentationforinformationonbackingupyourdatabase.

Installing the Guest Agent

TheVMwareUpdateManagerGuestAgentfacilitatesUpdateManagerprocesses.ForbothLinuxand

Windowsoperatingsystems,theGuestAgentisinstalledthefirsttimearemediationisscheduledorwhena

scanisinitiatedonapoweredonvirtualmachine.Forbestresults,ensurethatthelatestversionoftheGuest

Agentisinstalled.

IftheGuestAgentinstallationdoesnotcompletesuccessfully,operationssuchasscanningandremediation

fail.Insuchacase,manuallyinstalltheGuestAgent.

TheGuestAgentinstallationpackagesforWindowsandLinuxguestsareinthedirectoryyouspecifiedduring

theUpdateManagerinstallation.Inthatdirectory,theGuestAgentinstallationpackagesarelocatedat

\docroot\vci\guestAgent\.Forexample,ifUpdateManagerisinstalledin

C:\Program Files\VMware\Infrastructure\Update Manager,theGuestAgentinstallersareat

C:\Program Files\VMware\Infrastructure\Update Manager\docroot\vci\guestAgent\.

TheGuestAgentrequiresnouserinput,andtheinstallationcompletessilently.ForWindows,startthe

installerbyrunningtheVMware-UMGuestAgent.exefile.ForLinux,installthe

VMware-VCIGuestAgent-Linux.rpmfile

by

running

the

rpm -ivh VMware-VCIGuestAgent-Linux.rpmcommand.

Installing the Update Manager Download Service

UpdateManagerDownloadServicedownloadsupdatesthatwouldnototherwisebeavailabletoUpdate

Managerservers.Forexample,forsecurityreasonsanddeploymentrestrictions,VMwareInfrastructure,

includingUpdateManager,isinstalledinanairgapnetworkasecurednetworkthatisdisconnectedfrom

otherlocalnetworksandtheInternet.UpdateManagerrequiresaccesstopatchinformationtofunction

properly.


17/52

VMware, Inc. 17

Chapter 2 Working with Update Manager

TheDownloadServiceprovidesasolutioninsuchsituations.DownloadServicedownloadsupdatesfor:

ESXServer3iorhigher,andESXServer3.5orhigher.

AllUpdateManagersupportedversionsofWindowsvirtualmachines.

TousetheUpdateManagerDownloadService,youmustsetupaservertobeyourUpdateManager

Downloadsystem.ThisservermusthaveInternetaccess.

AftertheDownloadServicedownloadsupdates,theupdatescanbeexportedbyCDorUSBkeydeviceaswell

asautomaticallytoaVirtualCenterServerrunningUpdateManager.

TheamountofspacerequiredtostoretheupdatesontheserveronwhichtheDownloadServiceisinstalled

variesbasedonthenumberofdifferentoperatingsystemsandapplicationsyouintendtopatch,aswellasthe

numberofyearsyouintendtogatherpatchesonthissystem.Allocate50GBforeachyearofESXServer

patching,and11GBforeachvirtualmachineoperatingsystemandlocalecombination.Forexample,touse

theserverfortwoyearstopatchhostsWindowsXPUSEnglishandWindowsServer2003requires100GBfor

thehostsand44GBforthevirtualmachinesforatotalof144GB.ToinstalltheDownloadServiceinsuchan

environment,installitonaserverwithatleast144GBofavailablespaceforpatchstorage.

TheDownloadServiceinstallerrequiresadatabase.Theinstallationprogramincludesanoptiontocreatea

SQLServer2005Expressdatabase,oryoucanuseanexistingMicrosoftSQLServerorOracledatabase.

To install the Update Manager Download Service

OpentheVMware-UMDS.exefilelocatedintheumdsfolderontheinstallationCD.Usethe

VMware Update Manager Download Serviceinstallationwizardtocompletetheinstallation.

Duringtheinstallation,youcanmodifytheSOAPport,Webport,andproxysettings.Ifyoukeepthedefault

settingsduringtheinstallationandwanttochangetheUpdateManagerDownloadServiceproxy

authenticationsettingslater,usetheTomanuallyupdateproxyauthenticationinformationonpage 22

procedure.

Upgrading VI Client to Support Update Manager

StartingwithVirtualCenterversion2.5,UpdateManagerclientsaredeliveredasapluginfortheVIClient.

TheUpdateManagerfunctionalityisanintegralpartofVirtualCenter,andthenewVIClientsupersedes

previousVIClientreleases.

AfterinstallingUpdateManager,updateatleastoneVIClient,soyoucanconfigureUpdateManager.You

mustinstalltheUpdateManagerpluginonanyVIClientthatyouwanttousetomanageUpdateManager,

butyoudonotneedtoupdateallclientsifyoudonotwantto.AnycombinationofVI ClientwithUpdate

ManagerpluginandVIClientwithsomeornootherpluginscanconnecttoagivenVirtualCenterServer

withoutaconflict.

To enable Update Manager on a VI Client

1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalled.

2 ChoosePlugins>ManagePlugins.

3 ClickDownload

and

installfor

the

Update

Manager

plug

in.

4 CompletetheUpdateManagerclientinstallationandclickOK.

5 ClicktheInstalledtabonthePluginManagerpage.

TheVMwareUpdateManagerclientpluginmightnotbeimmediatelyavailable.Youmightneedtowait

uptoaminutebeforetheUpdateManagerclientisshownontheInstalledtab.

6 SelectEnabled.

7 DismissanySecurityWarningdialogboxesthatappearbyclickingYesorIgnore,andthenclickOK.

TheUpdateManagerbuttonmightnotalwaysimmediatelyappearintheVIClient.Afterinstallingthe

VMwareUpdateManagerplugin,ifthebuttondoesnotappear,restarttheVIClient.


18/52


19/52

VMware, Inc. 19


Update Manager Network Port Requirements

AfteryouinstallUpdateManagerifthedefaultsettingsarekeptduringtheinstallation,theUpdateManager

Webserverlistenson9084TCPandtheUpdateManagerSOAPserverlistenson8084TCP.Bothareaccessed

throughareverseproxythatlistensonthestandardports80and443.Formoreinformation,seeFigure 21.

Figure 2-1. Update Manager Network Port Requirements

WhenUpdate

Manager

and

the

VirtualCenter

Server

are

installed

on

the

same

machine:

AllincomingconnectionstoUpdateManagerareaccessedthroughareverseproxyprovidedbythe

VirtualCenterServer.

ESXServerconnectstoport80,andtheVirtualCenterServerforwardstherequesttotheUpdateManager

Webserverlisteningonport9084forhostpatchdownloads.

TheVirtualCenterServerdirectlyconnectstoUpdateManageronport8084becausetheyareonthesame

machine.

UpdateManagerconnectstoESXServeronport902forpushingthevirtualmachinespatches.

WhenUpdateManagerandtheVirtualCenterServerareinstalledontwodifferentmachines:

UpdateManagerhasareverseproxylisteningonports80and443ifthedefaultisnotchangedduringthe

installation.

TheVirtualCenterServerconnectstoUpdateManagerthroughport443.Thereverseproxyforwardsthe

requestto8084.

ESXServerconnectstoUpdateManagerthroughport80.Thereverseproxyforwardstherequestto9084.

UpdateManagerconnectstoESXServeronport902forpushingthevirtualmachinespatches.

Toobtainmetadatafortheupdates,UpdateManagermustbeabletoconnecttohttp://www.vmware.comand

http://xml.shavlik.com,andrequiresoutboundports80and443.

Formoreinformationaboutconfiguringtheportsettingsaftertheinstallation,seeConfiguringtheUpdate

ManagerNetworkPortSettingsonpage 22.

ESX host

VirtualCenter

(Update Manager)

AKAMAI

(Patch Content Server)

Patch Metadata

Server

ESX host ESX host

80

HTTP

443 80

SSL/HTTP

80

9000-

9100

902 902 902

80

9000-

9100

80

9000-

9100

vmware.com

ISV

(Patch Content Server)

internet

80

HTTP 443 80

SSL/HTTP

shavlik.com

Patch Metadata

Server

network
http://www.vmware.com/http://xml.shavlik.com/http://xml.shavlik.com/http://www.vmware.com/


20/52


20 VMware, Inc.

Configuring Update Manager

YoucanmodifytheadministrativesettingsforUpdateManagerbeforeyoutouseit.Theadministrative

settingsdeterminethefollowing:

WhatactionUpdateManagertakesifaremediationfailsforeitheraguestvirtualmachineoranESX

Serverinstallation.

HowoftenUpdateManagerchecksfornewupdates.

HowUpdateManagerworkswithanInternetproxy.

HowUpdateManagercanbeconfiguredtoworkwithnewportsettings.

HowtochangethelocationinwhichUpdateManagerdownloadspatches.

Responding to Guest Remediation Failure

UpdateManagercantakesnapshotsofvirtualmachinesbeforeapplyingupdates.Thisensuresthatifapatch

cannotbeapplied,thestateofthevirtualmachinebeforetheupdateiseasilyreestablished.Youcanelectto

keepthesesnapshotsindefinitelyorforafixedperiod.

Keepingsnapshotsindefinitelymighteventuallyconsumealargeamountofdiskspaceanddegrade

virtualmachine

performance,

but

these

snapshots

provide

protection

against

problems

with

patching.

Keepingnosnapshotssavesspaceinyourenvironment,ensuresbestvirtualmachineperformance,and

mightreducetheamountoftimeittakestocompleteremediation.

Keepingsnapshotsforasetperiodisacompromisebetweentheothertwochoices.

Theconfigurationdescribedinthefollowingprocedure,determinesthedefaultsettingsforremediation

failures.Youcanspecifyalternativesettingstothesedefaultswhenyouconfigureindividualremediation

tasks.

To configure guest snapshot behavior

1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclickthe

UpdateManagerbutton.

2 ClicktheConfigurationtab.

TheGuestSettingslinkontheleftisselectedbydefault.

3 SelectSnapshotthevirtualmachinesbeforeapplyingupdatestoenablerollback.

4 Configuresnapshotstobekeptindefinitelyorforaperiodoftime.

5 ClickApply.

Responding to a Failure to Put ESX Server in Maintenance Mode

UpdateManagerputsESXServerinmaintenancemodebeforeapplyingupdates.Virtualmachinescannot

continuetorunwhenanESXServerisinmaintenancemode.Toensureaconsistentuserexperience,the

VirtualCenterServermigratesvirtualmachinestootherESXServerhostswithinaclusterbeforetheserverbeingremediatedisputinmaintenancemode.VirtualCenterServercanmigratethevirtualmachines,ifthe

clusterisconfiguredforVMotion.Forothercontainersorindividualhoststhatarenotinacluster,migration

cannotbeperformed.IfVirtualCenterservercannotmigratethevirtualmachinestoanalternativehost,

Update Managercantakeoneofthefollowingactions:

FailTaskLogthisfailureintheUpdateManagerlogsandtakenofurtheraction.

RetryWaitfortheretrydelayperiodandrepeattheattempttoputtheserverintomaintenancemodeas

manytimesasyouindicateintheNumberofretriesfield.


21/52


22/52


22 VMware, Inc.

9 (Optional)Specifyoneormoreaddressestoreceiveemailwithinformationabouttheresultsoftheupdate

downloadprocesswhenthenewupdatesaredownloaded.

Tohavethisoptionworking,themailsettingsfortheVirtualCenterServermustbeconfiguredcorrectly.

10 ClickNext.

11 ClickFinish.

Configuring Update Manager for Use with an Internet Proxy

AfterinstallingUpdateManager,youcanmodifytheconfigurationtoworkwithanInternetproxyserverby

usingtheCustomInstalloptionintheinstallationprogram.Todothis,restarttheinstallationprocessand

providenewproxyconfigurationinformation.TheinstallationprocessisdescribedinToInstallUpdate

Manageronpage 12.

YoucanmodifytheconfigurationbothmanuallyandthroughtheUpdateManagerplugin.

To manually update proxy authentication information

1 LogintotheUpdateManagerserverasanadministrator.

2 StoptheUpdateManagerservice.

a RightclickMyComputerandclickManage.

b Intheleftpane,expandServicesandApplicationsandclickServices.

c Intherightpane,rightclicktheVMwareUpdateManagerService,andclickStop.

3 Openthevum-proxyAuthCfg.exe fileintheUpdateManagerdirectory.

ThedefaultlocationisC:\Program Files\VMware\Infrastructure\Update Manager.

4 Provideupdatedproxyauthenticationinformation.

5 RestarttheUpdateManagerservice.

To modify the proxy configuration through the Update Manager plug-in

1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclicktheUpdateManagerbutton.

2 ClicktheConfigurationtab.

3 ClicktheInternetAccesslinkontheleft.

4 Changethedefaultproxyinformationasnecessary.

Iftheproxyrequiresauthentication,selecttheProxyrequiresauthenticationcheckboxandprovide

usernameandpassword.

5 (Optional)Testtheconnection.

TheTestConnectionbuttonallowsyoutoentertheInternetaccesssettings,andtesttheconnectivityof

theUpdate

Manager

server

with

the

Internet

before

actually

applying

the

new

settings.

6 ClickApply.

Configuring the Update Manager Network Port Settings

AfteryouinstallUpdateManager,youcanconfigureitsportsettingstoavoidconflictswithotherprograms

installedonthesamemachine.

IfVirtualCenterisinstalledonthesamemachine,youcannotchangetheHTTPandHTTPSports.Update

Managerdoesntopentheseports,butVirtualCenterdoes.IfVirtualCenterisnotinstalledonthesame

machine,UpdateManagerstartsitsownreverseproxy.Inthiscase,youareabletochangeboththeHTTPand

HTTPSports.


23/52


24/52


24 VMware, Inc.

Configuring Update Manager Patch Download Location

WhenyouinstallUpdateManager,theinstallationwizardallowsyoutochangethelocationfordownloading

patches.Ifyoukeepthedefaultlocationduringtheinstallation,andwanttochangeitlater,without

reinstallingUpdateManager,youhavetodoitmanually.

To configure the Update Manager patch download location

1 StoptheUpdateManagerservice.

2 Findthevci-integrity.xmlfileintheUpdateManagerinstallationdirectory.

ThedefaultlocationisC:\Program Files\VMware\Infrastructure\Update Manager.

3 Createabackupcopyofthisfileincaseyouneedtoreverttothepreviousconfiguration.

4 Editthefilebychangingthefollowingfields:

yournewlocation

Thedefaultpatchdownloadlocationis:

C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\

Data\

Thedirectorypathmustendwith\.

SavethefileinUTF8format,andreplacetheexistingfile.

5 Copythecontentsfromtheoldpatchstoredirectorytothenewfolder.

6 RestarttheUpdateManagerservice.

Using the Update Manager Download Service

UsetheUpdateManagerDownloadServicetoinitiatedownloadsofupdatesandtotransfertheupdatesto

UpdateManager.Establishadepotinwhichtoplacetheupdates.Aftertheupdatesareinthedepot,export

thenewlydownloadedupdatestosomeportablestoragedevicesuchasaCDorUSBkeyandimportthemto

theUpdateManagerserver.IfUpdateManagerisinstalledonamachinethatisnotconnectedtotheInternet,

thescheduledupdatechecksfail.Insuchacase,disablethescheduledupdatechecksandusetheUpdateManagerDownloadServiceastheonlymeanstodownloadandtransferupdatestoUpdateManager.

YoucanautomatetheUpdateManagerDownloadServiceinasemiairgapdeploymentadeploymentin

whichyoucantransferfilesfromthemachineonwhichUpdateManagerDownloadServiceisinstalledtoa

machineonwhichUpdateManagerserverisinstalledusingasharedfolder.Thissharedfoldercanbeonthe

samemachineonwhichUpdateManagerisinstalledoronaremoteserver.

ThebestpractiseistocreateascripttodownloadtheupdatesmanuallyandsetitupasaWindowsScheduled

Taskthatdownloadstheupdatesautomatically.

To use the Update Manager Download Service

1 LogintothemachineonwhichUpdateManagerDownloadServiceisinstalled.

2 ChooseStart>Run,typecmdandpressEnter.

3 ChangetothedirectorywhereDownloadServiceisinstalled.

ThedefaultfolderisC:\Program Files\VMware\Infrastructure\Update Manager.

4 Setupwhatupdatestodownload:

TosetupadownloadofallESXServerhostupdates,enterthefollowingcommand:

vmware-umds --set-config -enable-host 1 --enable-win 0 --enable-lin 0

TosetupadownloadofallWindowsupdates,enterthefollowingcommand:

vmware-umds --set-config -enable-host 0 --enable-win 1 --enable-lin 0


25/52


26/52


27/52

VMware, Inc. 27


To create a dynamic baseline using the New Baseline wizard



2 OntheBaselinestab,clickNewBaseline.

TheNewBaselinewizardappears.

3 Provideanameandadescriptionofthebaseline,andselectatarget.

UpdateManagerdoesnotsupportbaselinesthatapplytobothtargettypes.Baselinesmustapplytoeither

ESXServerhostsorvirtualmachines.

4 ClickNext.

5 SelectDynamicforthetypeofbaseline.

6 ClickNext.

TheDynamicBaselineCriteriapageappears.

7 Customizethebaselinebyenteringspecificcriteriatofiltertheupdates.

TextcontainsEntertexttorestricttheupdatesdisplayed.Textenteredinthisfieldissearched

forconformityinalltextfieldsoftheavailableupdates.

ProductSelectoperatingsystemsorproductsforwhichthisbaselineincludespatches.Youcan

selectmultipleproductsoroperatingsystems,butonlyupdatesapplicabletotheproductor

operatingsystemofthemachinebeingevaluatedarescanned.

SeveritySelecttheseverityofupdatestobeincludedinthisbaseline.

LanguageSelectwhichlanguageversionsofpatchestoinclude.

ReleasedDateProvideBeforeandAfterdatestospecifyarangeforthereleasedatesofthe

updates.

UpdateVendorSelectoneofthelistedupdatevendors.

Addorremovespecificupdatesto/fromthisbaselineSelectthecheckboxtoaddorremove

specificupdates.

8 ClickNext.

Dependingonthechoicesyoumake,oneofthefollowingpagesappears:

TheReadytoCompletepage,ifyoujustfilteredtheupdates

TheExclusionspage,ifyouselectedtoaddorremovespecificupdatesfromthebaseline.

9 IntheExclusionspage,selectindividualupdatestoexcludefromyourbaselineandclickthedownarrow.

10 ClickNext.

TheInclusionspageappears.

11 Selectindividual

updates

that

do

not

meet

the

filter

criteria

set

up

in

Step 7,

to

include

them

in

the

baseline,andclickNext.

12 ReviewtheReadytoCompletepage,andclickFinish.


28/52


28 VMware, Inc.

Editing Baselines

YoucaneditexistingbaselinesbyusingtheVIClient.

To edit an existing baseline



2 Onthe

Baselines

tab,

select

an

existing

baseline

and

click

Edit

Baseline.

TheEditBaselinewizarddisplays.

3 ClickBaselineNametomodifythenameanddescriptionofthebaseline.

4 ClickBaselineTypetochangethetypeofupdatesincludedinthebaseline.

5 Dependingonthetypeofbaseline,dooneofthefollowing:

Ifthebaselineisfixed,clickUpdatestoaddorremovespecificupdatesfromthebaseline.

Ifthebaselineisadynamicone,clickCriteriatochangethedynamicbaselinecriteria.

Additionally,ifsomeupdatesareexcludedfromorincludedinthebaseline,clickExclusions,or

Inclusionstochangetheexcludedorincludedupdates.

Attaching Baselines

YoucanattachexistingbaselinestoobjectsintheVirtualCenterinventory.Youcanattachbaselinesto

individualobjects,butamoreefficientapproachistoattachbaselinestocontainerobjects,suchasfolders,

hosts,clusters,anddatacenters,insteadofattachingthemtoindividualvirtualmachinesandhosts.Attaching

abaselinetoacontainerobjectsuchasafolder,host,clusterordatacentertransitivelyattachesthebaselineto

allobjectsinthecontainer.

To attach a baseline


2 Navigatetothevirtualinfrastructureobjecttoattachthebaselineto,clicktheUpdateManagertab,and

clicktheAttachBaselinelinkintheupperrightcorner.

3 SelectoneormorebaselinestobeattachedandclickOK.

Detaching Baselines

Youcandetachbaselinesfromcertainobjectsintheinventory.Theseareobjectstowhichthebaselineswere

directlyattachedinapreviousattachoperation.VMwareInfrastructureobjectsoftenhaveinherited

properties,includingbaselineassociations,sotodetachabaselinefromanobject,youmighthavetonavigate

totheparentobject,towhichthebaselineisattached,andremoveitfromthere.

To detach a baseline


2 Navigatetothevirtualinfrastructureobjecttoremovethebaselinefrom,andclicktheUpdateManager

tab.

3 Findthebaselinetoremove,andreviewwherethebaselineisattached.

ThisinformationiscontainedintheAttachedAtcolumn.

4 Rightclickthebaselinetoremove,andclickDetachBaseline(s).

ThebaselineisdetachedfromtheVMwareInfrastructureinventoryobject.


29/52

VMware, Inc. 29


Removing Baselines

YoucanremovebaselinesanddeletethemfromVIClient.

To remove a baseline


2 ClicktheUpdateManagerbutton.

3 OntheBaselinestab,selectthebaselinestoremove.

4 ClickRemoveBaseline.

5 Whenpromptedtoconfirmdeletionoftheselectedbaselines,clickYes.

Scanning Virtual Machines and ESX Server Hosts

YoucangetUpdateManagertoautomaticallyscanvirtualmachinesandESXServerhostsbyusing

preestablishedtasksoryoucanmanuallyinitiatescans,asrequiredbyusers.Toproducecompliance

information,youcanrunscansagainstobjectsthathavebaselinesattachedtothem.Whenyouscananobject,

thescanisperformedagainstallupdates,butcomplianceinformationisproducedonlyfortheupdates

includedinabaselineattachedtotheobject.SeeAttachingBaselinesonpage 28.

To manually initiate a scan


2 ClickInventoryinthenavigationbar.Forvirtualmachines,clickVirtualMachinesandTemplates.For

ESXServerhosts,clickHostsandClusters.

3 Intheleftpane,rightclickacontainerobjecttobescannedandclickScanforUpdates.

Allchildobjectsoftheobjectonwhichthescanisinitiatedarealsoscanned.Thelargerthevirtual

infrastructureandthehigherupintheobjecthierarchyyouinitiatethescan,thelongerthescantakes.

IftheESXServerhostswithinacontainerobjectaredisconnected,theyarenotscanned.EvenifallESX

Serverhostsaredisconnected,whenyourightclickthecontainer,theScanforUpdatesoptionis

available,but

actual

scanning

is

never

performed.

4 Whenpromptedtoconfirmthatyouwanttoscanalltheobjectsandchildobjects,clickYes.

Fortheresultsofthescan,seeViewingScanResultsonpage 30.

To schedule a scan

1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalled,andclick

ScheduledTasks.

2 ClickNewinthetoolbartoopentheSelectaTasktoScheduledialogbox.

3 Fromthedropdownmenu,selectScanforUpdatesandclickOK.

4 Selectthetypeofscantoschedule.ClickNext.

5 Selecttheobjectstobescanned.ClickNext.

Forallobjectsselected,allchildobjectsarescannedaswell.

6 ConfigurewhenthetaskwillrunbasedonthestateofthevirtualmachineorESXServer.ClickNext.

7 ReviewthesummaryinformationforthetasktobecompletedandclickFinish.


30/52


30 VMware, Inc.

Viewing Scan Results

UpdateManagerprovidesameanstoquicklycheckhowmachinescomplywithbaselines.Youcanreview

complianceeitherbyexaminingresultsforasinglevirtualmachineorESXServer,orbyreviewingtheresults

foragroupingofvirtualmachinesorESXServerhosts.ComplianceinformationisavailableontheUpdate

ManagertabintheVIClient.ForESXServerhosts,youcanviewcomplianceintheHostsandClustersview.

Forvirtualmachines,youcanviewcomplianceintheVirtualMachinesandTemplatesview.

Supported

groupings

include

virtual

infrastructure

container

objects

such

as

folders,

clusters

and

datacenters.Baselinesinteractwithvirtualmachinesinthefollowingways:

Ifauserdoesnothavepermissionstoviewanobject,anobjectscontents,oravirtualmachine,theresults

ofthosescansarenotdisplayed.

Compliancewithbaselinesisassessedatthetimeofviewing.Thismeansabriefpausemightoccurwhile

informationisgatheredaboutvirtualmachinescompliance,toensurethatallinformationiscurrent.

Onlyinformationaboutcompliancewithrelevantbaselinesisprovided.Forexample,ifabaselineisnot

attachedtothecontainerinquestion,complianceisnotassessed.Similarly,considerthecaseinwhicha

containerhasWindowsXPandWindowsVistavirtualmachines,andbaselinesforWindowsXPand

WindowsVistapatchesareattachedtothiscontainer.Insuchacase,theWindowsVistavirtualmachines

areassessedforcompliancewithWindowsVistabaselines,andtheresultsaredisplayed.Thesame

WindowsVistavirtualmachinesarenotassessedforcompliancewithWindowsXPpatches,andasaresult,thestatusoftheircomplianceisdisplayedasnotapplicable.

Compliancestatusisdisplayedbasedonpermissions.Userswithpermissiontoviewacontainerbutnot

allofthecontainerscontentsareshowntheaggregatecomplianceofallentitiesunderthatcontainer,but

theindividualcountsforcompliant,notcompliantandunknownentitiesonlyappearastheusers

permissionspermit.Toviewthecompliancestatus,useralsomusthavepermissionstoviewthebaseline

orsoftwareupdatecompliancestatusforanobjectintheinventory.

WhenyouscananESXServerhostagainstafixedbaselinecontainingonlyupdatesobsoletedbynewerones,

andthenewerupdatesarealreadyinstalledontheESXServerhost,thecompliancestatusoftheoldupdates

isnotapplicable.IfthenewerupdatesarenotinstalledontheESXServer,thecompliancestatusoftheold

updatesisnotcompliant.Youcaninstallthenoncompliantupdatesafterstartingaremediationprocess.

WhenyouscananESXServerhostagainstafixedbaseline,containingbothobsoleteandnewerupdates,the

oldupdatesaredisplayedasnotcompliant.Onlythenewerupdatesareinstalledafterstartingaremediation

process.

Reviewing Scan Results for Virtual Machines Contained in a Virtual Infrastructure Object

Whenscansarecompletedonallmachinescontainedwithinavirtualinfrastructureobject,theresultsare

displayedinasummary.Informationthatisdisplayedexplainsthedegreeofconformancewithbaselines,

ratherthanthedetails.Thefollowinginformationisincluded:

Whenthelastscanwascompletedatthislevel.

Thetotalnumberofcompliantandnoncompliantupdates.

Foreachbaseline,thenumberofvirtualmachinesorhoststhatarecompliantornotcompliant.

Foreachbaseline,thenumberofpatchesthatarenotapplicabletoparticularvirtualmachinesorhosts.


31/52

VMware, Inc. 31


To review scan results for virtual machines or ESX Server hosts


2 ClickInventoryinthenavigationbar.Forvirtualmachines,clickVirtualMachinesandTemplates.For

ESXServerhosts,clickHostsandClusters.

3 Clicktheobjectwhosescanresultsyouwanttoview.

4 ClicktheUpdateManagertab.

Theresultsforscanscompletedonvirtualmachinesinthatcontainerappearattheright.

Youcanreceivemoreinformationabouttheresultsofthescansofparticularbaselines.

To receive more information about baseline compliance of virtual machines in an object

Clickthehyperlinkindicatinghowmanyvirtualmachinesareinaparticularstateofcompliance.

TheBaselineDetailswindowappears.

Youcanreceivemoreinformationaboutaspecificmachinescompliancewiththeupdatescontainedina

baseline.

To receive more information about baseline compliance of a virtual machine with specific updates

Clickthehyperlinkindicatingthenumberofupdatesthatareorarenotincompliance.

TheVirtualMachineBaselineDetailswindowappears.

Reviewing Scan Results for Individual Virtual Machines and ESX Hosts

WhenscansarecompletedonspecificvirtualmachinesorESXServerhosts,detailedresultsareprovided.

Informationthatisdisplayedexplainsthedegreeofconformancewithbaselines,ratherthanthedetailsof

conformance.Someinformationincludedis:

Whenthelastscanwascompletedatthislevel.

Thetotalnumberofbaselinesandupdatesthatarecompliantornotcomplaint.

To review scan results for a virtual machines


2 ClickInventory,andclickVirtualMachinesandTemplates.

3 SelectanindividualvirtualmachineorselectaVMwareInfrastructureobjectsuchasadatacentertosee

thestatusforallvirtualmachinesinthatobject.


To review scan results for an ESX Server host


2 ClickInventory,andclickHostsandClusters.

3 SelectanindividualESXServerhostorselectaVMwareInfrastructureobjectsuchasadatacentertosee

thestatusforallhostsinthatobject.



32/52


32 VMware, Inc.

Remediating ESX Server Hosts and Virtual Machines

Youcanremediatemachineseitherthroughuserinitiatedremediationorthroughregularlyscheduled

remediation.

FortheESXServerhostsinacluster,theremediationprocessissequential.Whenyouremediateaclusterof

ESXServerhostsandoneofthehostsfailstoentermaintenancemode,theUpdateManagerreportsanerror

andtheprocessfails.TheremainingESXServerhostsinthesameclusterthatdidgetremediatedstayatthe

updatedlevel.

The

ones

that

were

to

be

remediated

after

this

host

are

not

updated.

Formultipleclustersunderadatacenter,theremediationprocessesareparallel.Iftheremediationprocessfails

foroneoftheclusterswithinadatacenter,theremainingclustersarestillremediated.

Templatesareatypeofvirtualmachine,sotheycanberemediated.VMwarerecommendstakingsnapshots

oftemplatesbeforeremediation,especiallyifthetemplatesaresealed.Atemplatethatissealedisstopped

beforeoperatingsysteminstallationiscompleted,andspecialregistrykeysareusedsothatvirtualmachines

createdfromthistemplatestartinsetupmode.Whensuchavirtualmachinestarts,theusercompletesthefinal

stepsinthesetupprocess,allowingforfinalcustomization.

Tocompleteremediationofasealedtemplate,thetemplatemustbestartedasavirtualmachine.Forthisto

happen,thespecialregistrykeysthatstartthevirtualmachineinsetupmodearenotedandremoved.Aftera

templateisstartedandremediated,theregistrykeysarerestoredandthemachineisshutdown,returningthe

templateto

its

sealed

state.

Iferrorsoccur,atemplatemightnotbereturnedtoitssealedstate.Forexample,ifUpdateManagerlosesits

connectionwiththeVirtualCenterServerduringremediation,thetemplatecannotbereturnedtoitssealed

state.Creatingasnapshotbeforeremediationprovidesforeasyrecoveryfromsuchissues.

Afterremediationiscompleted,butthebaselineisstillnotcompliant,repeattheremediation.

Guest Shutdown

Machinesarerebootedattheendoftheremediationprocess,ifarebootisrequired.Adialogboxtellstheusers

loggedintotheremediatedmachinesoftheupcomingshutdown.

Userscanpostponetheshutdownforuptoamaximumof60minutes.AfterclickingOK,arebootreminder

dialogbox

appears

in

the

task

bar.

After

the

specified

time

elapses,

afinal

timer

before

shutdown

appears.

Manual Virtual Machine Remediation

Youcanmanuallyremediatevirtualmachinesonacasebycasebasis.

To manually initiate a remediation


2 ClickInventoryandclickVirtualMachinesandTemplates.


4 Rightclicktheobjecttoberemediated,andclickRemediate.

Allchildobjectsoftheobjectonwhichtheremediationisinitiatedarealsoremediated.Thelargerthe

virtualinfrastructureandthehigherintheobjecthierarchyyouinitiatetheremediation,thelongerthe

processtakes.

5 Selectthebaselinesyouwanttoapply,andclickNext.

6 Allupdatesareincludedbydefault.Toexcludeindividualupdatesfromtheremediationprocess,deselect

theircheckboxesandclickNext.

7 (Optional)ReviewtheexcludedupdatesandclickNext.

8 IntheSchedulepage,selectthetimetoinitiatetheremediationactionsbasedonthestateofthevirtual

machineandclickNext.


33/52

VMware, Inc. 33


9 Specifywhetheryouwouldliketoenablerollbackbeforeperformingtheupdate.Ifyouenablerollback,

asnapshotofthevirtualmachineiscreated.

Selectthesnapshotoptions,includinganameanddescriptionforthesnapshot,aswellaswhethertotake

asnapshotofthevirtualmachinesmemory.ClickNext.


Manual ESX Server RemediationYoucanmanuallyremediateESXServerhostsonacasebycasebasis.



2 ClickInventoryandclickHostsandClusters.


4 RightclicktheobjecttoberemediatedandclickRemediate.

Allchildobjectsoftheobjectonwhichtheremediationisinitiatedarealsoremediated.Thelargerthe

virtualinfrastructureandthefurtherupintheobjecthierarchyyouinitiatetheremediation,thelonger

theprocesstakes.

IftheESXServerhostswithinacontainerobjectaredisconnected,theyarenotremediated.EvenifallESX

Serverhostsaredisconnected,whenyourightclickthecontainer,theRemediateoptionisavailable,but

actualremediationisnotperformed.

5 SelectthebaselinestoapplyandclickNext.

6 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesandclickNext.

7 (Optional)Reviewthelistofupdatestobeexcluded,andclickNext.

8 Selectthehostremediationoptions,includingthetimetoinitiatetheremediationactionsaswellasthe

remediationfailureresponseoptions,andclickNext.

9 Reviewthe

summary

information

for

the

task

to

be

completed,

and

click

Finish.

Scheduled Virtual Machine Remediation

Youcanremediatevirtualmachinesatpredeterminedtimesbyusingscheduledtasks.

To schedule virtual machine remediation


2 ClicktheScheduledTasksbutton.

3 RightclicktheScheduledTaskspaneandclickNewScheduledTask.

4 SelectRemediateandclickOK.

5 SelectVirtualMachines/GuestOperatingSystemsandclickNext.

6 Selecttheobjectstowhichthisremediationapplies,andclickNext.

Allvirtualmachinesundertheselectedobjectareremediatedaswell.

7 IntheBaselinespage,selectthebaselinestoapply,andclickNext.

8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesintheUpdates

pageandclickNext.

9 (Optional)Reviewthelistofupdatesthatareexcluded,andclickNext.

10 IntheSchedulepage,selectthetimetoinitiatetheremediationactionsbasedonthestateofthevirtual

machine,andclickNext.


34/52


34 VMware, Inc.


asnapshotofthevirtualmachineiscreated.

Selectthesnapshotoptions,includinganameanddescriptionforthesnapshot,aswellaswhethertotake

asnapshotofthevirtualmachinesmemory,andclickNext.

12 Reviewthesummaryinformationforthetasktobecompleted,andclickFinish.

Scheduled ESX Server RemediationYoucanremediateESXServerhostsatpredeterminedtimesbyusingscheduledtasks.

To schedule ESX Server remediation



3 RightclicktheScheduledTaskpaneandclickNewScheduledTask.

4 SelectRemediate,andclickOK.

5 SelectESXServers,andclickNext.

6 Selectthe

objects

to

which

this

remediation

are

applied,

and

click

Next.

AllESXServerhostsundertheselectedobjectareremediatedaswell.

TheBaselinespageappears.

7 Selectthebaselinestoapply,andclickNext.

8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesandclickNext.

9 (Optional)Reviewthelistofupdatestobeexcluded,andclickNext.

10 Selectthehostremediationoptions,includingwhentheremediationtakesplaceaswellashow

remediationfailuresishandled,andclickNext.


Working with Update Manager Events

UpdateManagerstoresdataaboutevents.Youcanreviewthiseventdatatogatherinformationaboutthe

UpdateManageroperationsthatareinprogressorhavefinished.Forreferenceinformationaboutallevents,

seeEventsonpage 41.

To review events



2 ClicktheEventstab.

Informationabout

the

recent

events

appears.

To export events



2 ClicktheEventstab,andclickExportEvents.


35/52


36/52


36 VMware, Inc.

LanguageSelectwhichlanguageversionsofpatchestoinclude.

ReleasedDateProvideBeforeandAfterdatestospecifyadaterangeforupdates.

UpdateVendorSelectoneofthelistedupdatevendors.

3 ClickFind.

Managing Virtual Appliances

Avirtualapplianceisasoftwaresolutionthatiscomposedofoneormorevirtualmachines,ispackagedasa

unitbyanappliancevendor,andisdeployed,managed,andmaintainedasaunit.

TheUpdateManagersupportforonlineVMwareVirtualAppliancesDevelopmentToolkit(VADK)based

virtualapplianceisanexperimentalfeature.Offlineandsuspendedvirtualappliancescannotbescannedand

remediated.IfavirtualapplianceisnotVADKcompatible,itistreatedasaregularvirtualmachineforguest

patchingandthesamelimitations(suchasnoremediationforLinuxvirtualmachines)stillapply.

AllvirtualappliancesarerequiredtohaveInternetconnectionfordiscovery,scan,andremediation

operations.IfthevirtualapplianceneedstoaccessInternetthroughaproxy,theproxyserversettingscanbe

configuredviatheappliancesownWebUI.

Virtual Appliances DiscoveryAfteryouimportaVADKbasedvirtualapplianceintheVIClient,andpoweritonforthefirsttime,itis

discoveredasavirtualappliance.

To view the information about a virtual appliance


2 ClickInventoryandclickVirtualMachinesandTemplatestoviewthevirtualmachines.

3 SelectavirtualapplianceandclicktheUpdateManagertab.

Youcanseevirtualapplianceinformationsuchasvendor,product,andversion.

Scanning Virtual AppliancesYoucanenableUpdateManagertoautomaticallyscanvirtualappliancesusingpreestablishedtasks,oryou

canmanuallyinitiatescans.Bestpracticeistoputthevirtualappliancesinaseparatefoldersothattheyare

managedeasilyandcheckedforcompliance.

To scan a virtual appliance


2 ClickInventoryandclickVirtualMachinesandTemplatestoviewthevirtualmachines.

3 Intheleftpane,rightclickavirtualapplianceobjecttobescannedandclickScanforUpdates.

To schedule a scan

1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclick

ScheduledTasks.

2 ClickNewinthetoolbartoopentheSelectaTasktoScheduledialogbox.

3 Fromthedropdownmenu,selectScanforUpdatesandclickOK.

4 Selectthetypeofscantoschedule,andclickNext.

5 Selectthevirtualappliancetobescanned,andclickNext.

6 Enterthetasknameaswellasthetaskdescription,configurewhenthetaskwillrun,andclickNext.



37/52

VMware, Inc. 37


Viewingthescanresultsforvirtualappliancesisthesameastheoneforvirtualmachines.Formore

information,seeViewingScanResultsonpage 30.

Remediating Virtual Appliances

Updatesforavirtualappliancearedownloadedbythevirtualapplianceitselfduringtheremediationprocess.

UpdateManageronlycontrolswhenandwhattodownload.ThedownloadURLissetbytheindependent

softwarevendorprovidingthevirtualappliance.

Todownloadtheupdatesforvirtualappliances,UpdateManagerusesthefollowingapproach:

1 UpdateManagerscansthevirtualappliancestoreturnproductandvendorinformation,information

aboutthecurrentversion,andthemissingupdates.

2 UpdateManagerdirectsthevirtualappliancestodownloadthemissingupdates.UpdateManager

controlstheremediationprocesslikewhenandhowtoremediate,butthevirtualapplianceremediates

itself.

Afterremediation,thevirtualappliancecanberebootediftheupdatepackagerequiresthat.

VirtualapplianceshavetheirownWebUIforselfmanagedupdatemode.Iftheautoinstallupdatesoptionis

turnedoninacertainvirtualappliance,UpdateManageronlyrunsreportingmodeagainstit.Thismeansthat

UpdateManagerscansthevirtualappliance,butskipsremediationandtheremediationoperationfailswith

aneventindicatingthereason.

Youcaneitherremediatevirtualappliancesmanually,orcanschedulearemediationprocess.



2 ClickInventoryandclickVirtualMachinesandTemplates.


4 Rightclickthevirtualappliancetoberemediated,andclickRemediate.

5 Selectthebaselinesyouwanttoapply,andclickNext.

6 Allupdatesareincludedbydefault.Toexcludeindividualupdatesfromtheremediationprocess,deselect

theircheckboxesandclickNext.

7 (Optional)ReviewtheexcludedupdatesandclickNext.

8 IntheSchedulepage,selectthetimeatwhichtoinitiatetheremediationactions,andclickNext.


asnapshotofthevirtualapplianceiscreated.

Selectthesnapshotoptionsincludinganameanddescriptionforthesnapshot,andclickNext.

10 Reviewthesummaryinformationforthetasktobeinitiated,andclickFinish.

To schedule virtual appliance remediation



3 RightclicktheScheduledTaskspaneandclickNewScheduledTask.

4 SelectRemediateandclickOK.

5 SelectVirtualMachines/GuestOperatingSystemsandclickNext.

6 Selectthevirtualappliancestowhichthisremediationwillapply,andclickNext.

7 IntheBaselinespage,selectthebaselinestoapplyandclickNext.


38/52


38 VMware, Inc.

8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesintheUpdates

pageandclickNext.

9 (Optional)ReviewthelistofupdatesthatwillbeexcludedandclickNext.

10 IntheSchedulepage,selectthetimetocompletetheremediationactions,andclickNext.


asnapshotofthevirtualappliancewillbecreated.

Selectthesnapshotoptionsincludinganameanddescriptionforthesnapshot.ClickNext.



39/52

VMware, Inc. 39

3s

YoucanleaveestablisheddeploymentsofUpdateManagertoautomaticallyrunwithminimaladministrative

intervention.If,however,UpdateManagerrequiresfurtheroptimization,thischapterincludesinformation

thatmighthelpachievethatgoal.

Thischapterdiscussesthefollowingtopics:

CommonProblems

and

Solutions

on

page 39.

Eventsonpage 41.

DatabaseViewsonpage 44.

Common Problems and Solutions

Thissectionincludesinformationaboutthemorecommonproblematicconditionsthatmightoccurwith

UpdateManager.

Gathering Log Files

TogatherinformationaboutrecenteventsontheUpdateManagerserverfordiagnosticpurposes,usethe

GenerateUpdate

Manager

log

bundlefunctionalitythatthesupportscriptvum-support.wsfprovided.

To generate a Update Manager log bundle

1 LogintotheVirtualCenterServeronwhichUpdateManagerisinstalled.

2 ChooseStart>AllPrograms>VMware>GenerateUpdateManagerlogbundle.

LogfilesaregeneratedasaZIPpackage,whichisstoredonthecurrentusersdesktop.

No Baseline Updates Available

BaselinesarebasedonmetadatathatUpdateManagerdownloadsfromtheShavlikandVMwareWebsites.

Shavlikprovidesmetadataforvirtualmachinesandapplications,whileVMwareprovidesmetadataforESX

Serverhosts.

A

common

reason

having

no

updates

available

for

baselines

might

be

that

Update

Manager

cannotcontacttheShavlikservers.TheconnectionbetweenUpdateManagerandtheWebsiteincludesseveral

links,thefailureofanyofwhichmightcauseupdatesinbaselinestobeunavailable.Somepossiblecausesand

solutionsinclude:

Webserverproxymisconfiguration.SeeConfiguringUpdateManagerforUsewithanInternetProxy

onpage 22.

Shavlikserversbeingunavailable.ChecktheShavlikWebsite(http://www.shavlik.com)todetermine

whetheritisavailable.

Operations Reference 3
http://www.shavlik.com/http://www.shavlik.com/


40/52


41/52

VMware, Inc. 41

Chapter 3 Operations Reference

RemediationfailsforsomepatchesPatchesmightnotbereadilyavailable.Forexample,testing

indicatesthatversionsofWindowslocalizedforlanguagesotherthanEnglishorpatchesfor64bit

applicationsmightbeunavailable.ReviewtheTasksandEventstabstodetermineifpatchesthatwere

notappliedwerenotdownloaded.

Remediationiscompleted,butthebaselineisstillnotcompliantThisconditionmightoccurwhen

applyingpatchesthatsubsequentlymakeotherpatchesapplicable.Forexample,apatchmightbe

applicableonlyafteraservicepackisapplied,soapplyingthatservicepackmightaddressallknown

issuesfrom

when

the

remediation

started,

but

the

act

of

applying

the

service

pack

made

other

patches

applicable.

Insuchacase,repeattheremediation.

ESX Server Scanning Fails

ESXServerscanningtypicallyfailsasaresultofinsufficientpermissionsorproblemswithSSLconfiguration.

Checktomakesurethattheaccountbeingusedtodothescanninghassufficientpermissionsandthatyour

SSLconnectionsareproperlyconfigured.FormoreinformationaboutUpdateManagernetworkportsettings

andhowtoconfigurethem,seeUpdateManagerNetworkPortRequirementsonpage 19andConfiguring

theUpdateManagerNetworkPortSettingsonpage 22.

EventsUpdateManagerproduceseventsthathelpyoumonitortheprocessesthatthesystemiscompleting.

Table 3-1. Update Manager Events

Type Message Text Action

Info Successfullydownloadedguestupdatemetadata.Newupdates:.

Error Failedtodownloadguestupdatemetadata. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.

Info SuccessfullydownloadedguestupdatemetadataforUNIX.

Newupdates:

.

Error FailedtodownloadguestupdatemetadataforUNIX. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.

Info Successfullydownloadedhostupdatemetadata.Newupdates:.

Error Failedtodownloadhostupdatemetadata. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.

Info Successfullydownloadedguestupdatepackages.Newpackages:.

Error Failedtodownloadguestupdatepackages. Checkyournetworkconnectionsto

makesurethatyourupdatesourceisreachable.

Info SuccessfullydownloadedguestupdatepackagesforUNIX.Newpackages:.

Error FailedtodownloadguestupdatepackagesforUNIX. Checkyournetworkconnectionstomakesurethatyourupdatesourceisreachable.

Info Successfullydownloadedhostupdatepackages.Newpackages:.

Error Failedtodownloadhostupdatepackages. Checkyournetworkconnectionstomakesurethatyourupdatesourceisreachable.


42/52


42 VMware, Inc.

Info Successfullyscannedforupdates.

Error Scanninghasbeencancelledbyauser.

Error Failedtoscanforupdates.

Warning Warningduringscanning,foundmissingupdate:.Redownloadingupdatesmightresolvethisproblem.

Error Failedtoscanforupdatesbecauseofaninvalidstate:.

Checkthestateofthevirtualmachine.Rebootthevirtualmachinetofacilitatescanning.

Error Failedtoscanforupdatesbecauseofaninvalidstate:

CheckthestateoftheESXServer.Rebootthehosttofacilitatescanning.

Info Remediationsucceededfor.

Error Remediationfailedforwith.

Checkthetargetsstate.Restartthetargettofacilitateremediation.

Error Failedtoremediateforupdatesbecauseofaninvalidstate:.

Checkthevirtualmachinesstate.Restartthevirtualmachinetofacilitateremediation.

Error Failedtoremediateforupdatesbecauseofaninvalidstate:.

CheckthestateoftheESXServer.Restartthehosttofacilitateremediation.

Error FailedtoscanorremediatebecauseofunsupportedorunknownOS:.

Error Cantremediate:Remediationof

Linuxvirtualmachinesisnotsupported.

Info VMwareUpdateManagerdownloadalert(critical/total):ESXdata.esxCritical/data.esxTotal;Windowsdata.windowsCritical/data.windowsTotal;Linuxdata.linuxCritical/data.linuxTotal.

Providesinformationaboutthenumberofupdatesdownloaded.

Error Failedtoscanforupdatesbecausehostisofunsupportedversion.

Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.

Error Failedtoremediateforupdatesbecausehostisofunsupportedversion.

Forthelatestinformationonwhichhostscanbescanned,seethereleasenotes.

Error Failedtoscanforupdatesbecauseit

isof

unsupported

version

.

HostswithESXServerversionslater

thanESX

Server

3.5

and

ESX

Server

3i

canbescanned.Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.

Error Failedtoremediateforupdatesbecauseitisofunsupportedversion.

HostswithESXServerversionslaterthanESXServer3.5andESXServer3icanbescanned.Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.

Info VMwareUpdateManagerGuestAgentsuccessfullyinstalledon.

Table 3-1. Update Manager Events (Continued)



43/52

VMware, Inc. 43


Error FailedtoinstallVMwareUpdateManagerGuestAgenton.

UpdateManagerGuestAgentisrequiredforremediatingvirtualmachines.FormoreinformationoninstallingUpdateManagerGuestAgent,seeInstallingtheGuestAgentonpage 16.

Error FailedtoinstallVMwareUpdateManagerGuestAgentonbecauseVMwareToolsisnotinstalledorisofanincompatibleVMwareToolsversion.Therequiredversionisandtheinstalledversionis.

Error ThereisnoVMwareUpdateManagerlicenseforfortherequiredoperation.

Obtaintherequiredlicensestocompletethedesiredtask.

Warning VMwareUpdateManagerisrunningoutofstoragespace.Location:. Availablespace:.

Addmorestorage.

Warning VMwareUpdateManageriscriticallylowonstoragespace!Location:. Availablespace:.

Addmorestorage.

Error VMwareUpdateManagerGuestAgentfailedtorespondintimeon.PleasecheckifthevirtualmachineispoweredonandGuestAgentisrunning.

Error AninternalerroroccurredincommunicationwithUpdateManagerGuestAgenton.Pleasecheckifthevirtualmachineispoweredonandretrytheoperation.

Error VMwareUpdateManagerGuestAgentfailedtoaccessDVDdriveon.PleasecheckifaDVDdriveisavailableandretrytheoperation.

Error Anunknowninternalerroroccurredduringtherequiredoperationon.Pleasecheckthelogsformoredetailsandretrytheoperation.

Error Failedtoinstallupdateon.

Info Installofupdateon.

Info Sysprepsettingsarerestored.

Info Sysprepisdisabledduringtheremediation.

Info Failedtoscanorphanedvirtualmachine.

Info Failedtoremediateorphanedvirtualmachine.

Error Failurein

downloading

patches

for

following

updates:

. Checkyour

network

connections

to

makesurethatyourpatchsourceisreachable.

Warning containsanunsupportedvolume.Scanresultsforthisvirtualmachinemaybeincomplete.

Info Initiatingthetaskcancellationon

Warning Therearerunningtasksfortheentitythatcannotfinishwithinaspecifictime.Theoperationwillbeaborted.




44/52


44 VMware, Inc.

Database Views

UpdateManagerusesSQLServerandOracledatabasestostoreinformation.ThedatabaseviewsforMicrosoft

SQLServerandOracledatabasesarethesame.DuetolimitationsinthelengthofthenamesforOracle

database,some

of

the

database

views

in

Oracle

are

with

shorter

names.

VUMV_VERSION

UpdateManagerversioninformation.

VUMV_UPDATES

Softwareupdatemetadata.

Warning Actionisnotsupportedforofflineorsuspendedvirtualappliance.

Ascanorremediationprocessisnotsupportedforofflinevirtualappliance.

Info Successfullydiscoveredvirtualappliance.

Info Failedtodiscovervirtualappliance. Anerroroccurredduringthediscoveryofthevirtualappliance.

Error AutoupdateissettoONforvirtualappliance.

IfautoupdateissettoONinvirtualappliance,UpdateManagercannotperformremediation.

Error Repositoryaddressnotsetforvirtualappliance,itdoesntsupportupdatesbyVirtualCenter.

Info Openfirewallports.

Info Closefirewallports.

Info Patchmetadataformissing.Pleasedownloadupdatesmetadatafirst.

Info Patchmetadataforcorrupted.Pleasecheckthelogsformoredetails.Redownloadingupdatemetadatamayresolvethisproblem.



Table 3-2. VUMV_VERSION

Field Notes

VERSION TheUpdateManagerversioninx.y.zformat,forexample1.0.0

DATABASE_SCHEMA_VERSION TheUpdateManagerdatabaseschemaversion(anincreasingintegervalue),forexample1

Table 3-3. VUMV_UPDATES

Field Notes

UPDATE_ID SoftwareupdateuniqueIDgeneratedbytheUpdateManager

TYPE Theentitytype:avirtualmachineorESXServerhost

TITLE Title


45/52

VMware, Inc. 45


VUMV_PATCHES

Patchbinarymetadata.

VUMV_BASELINES

TheUpdateManagerbaselinedetails.

VUMV_PRODUCTS

Productmetadata,includingoperatingsystemsandapplications.

DESCRIPTION Description

META_UID AuniqueIDprovidedbythevendorforthisupdate(forexample,MS12444forMicrosoftupdates)

SEVERITY Updateseverityinformation.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.

RELEASE_DATE Thedateonwhichthisupdatewasreleasedbythevendor

DOWNLOAD_TIME ThedateandtimethisupdatewasdownloadedbytheUpdateManagerserverintotheUpdateManagerdatabase

SPECIAL_ATTRIBUTE Anyspecialattributeassociatedwiththisupdate(forexample,allMicrosoftServicepackswillbemarkedasServicePack)

Table 3-3. VUMV_UPDATES (Continued)

Field Notes

Table 3-4. VUMV_PATCHES

Field Notes

PATCH_ID UniqueIDforthecurrentpatch,generatedbytheUpdateManagerserver

TYPE Theentitytype:avirtualmachineoranESXServerhost

NAME Nameofthepatch

DOWNLOAD_TIME AURLforthepatchbinary

PATCH_SIZE SizeofthepatchinKB

Table 3-5. VUMV_BASELINES

Field Notes

UPDATE_ID UniqueIDgeneratedforthisbaselinebytheUpdateManagerserver

NAME Nameofthebaseline

TYPE Thebaselinetype:FixedorDynamic

TARGET_TYPE Typeoftargetsthatthisbaselineappliesto:avirtualmachineoranESXServerhost

Table 3-6. VUMV_PRODUCTS

Field Notes

PRODUCT_ID UniqueIDfortheproductgeneratedbytheUpdateManagerserver

NAME Nameoftheproduct


46/52


47/52

VMware, Inc. 47


VUMV_ENTITY_SCAN_HISTORY

Historyofthescanoperations

VUMV_ENTITY_UPDATE_SCAN_HISTORY

Historyofthestatusofagivenentityforanupdate.

ForOracle,thenameofthisdatabaseviewisVUMV_ENTITY_UPDATE_SCAN_HIST.

VUMV_ENTITY_REMEDIATION_HISTORY

Historyof

remediation

operations.

ForOracle,thenameofthisdatabaseviewisVUMV_ENTITY_REMEDIATION_HIST.

Table 3-11. VUMV_ENTITY_SCAN_HISTORY

Field Notes

SCAN_ID UniqueIDgeneratedbytheUpdateManagerserver

ENTITY_UID UniqueID

of

the

entity

the

scan

was

initiated

on

START_TIME Starttimeofthescanoperation

END_TIME Endtimeofthescanoperation

SCAN_STATUS Resultofthescanoperation(forexampleSuccess,Failure,orCancelled)

FAILURE_REASON Anerrormessagedescribingthefailurereason

Table 3-12. VUMV_ENTITY_UPDATE_SCAN_HISTORY

Field Notes

SCAN_ID UniqueID(foreignkeyVUMV_SCAN_HISTORY)

UPDATE_ID UniqueID(foreignkeyVUMV_UPDATES)

ENTITY_UID UniqueIDoftheentitythescanwasinitiatedon

ENTITY_STATUS Statusofthisentityforthisupdate(forexample,MissingInstalled,UnknownorNotApplicable)

Table 3-13. VUMV_ENTITY_REMEDIATION_HISTORY

Field Notes

REMEDIATION_ID UniqueID,generatedbytheUpdateManagerserver

ENTITY_UID UniqueIDoftheentitythattheremediationwasinitiatedon

START_TIME Starttimeoftheremediation

END_TIME Endtimeoftheremediation

REMEDIATION_STATUS Resultoftheremediationoperation(forexample,Success,Failure,orCancelled)

IS_SNAPSHOT_TAKEN Indicateswhethersnapshotiscreatedpriortotheremediation


48/52


48 VMware, Inc.

VUMV_UPDATE_PRODUCT_DETAILS

Aconvenientviewoftheproducts(operatingsystemsandapplications)thatacertainsoftwareupdateapplies

to.

VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS

Aconvenientviewofthesoftwareupdatesthatarepartofabaseline.

ForOracle,thenameofthisdatabaseviewisVUMV_BASELINE_UPDATE_DET.

VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS

Aconvenientviewofthestatushistoryofagivenentityforanupdate.

ThenameofthisdatabaseviewforOracleisVUMV_ENTITY_UPD_SCANHIST_DET.

Table 3-14. VUMV_UPDATE_PRODUCT_DETAILS

Field Notes

UPDATE_METAUID SoftwareUpdateID(foreignkey,VUMV_UPDATES)

UPDATE_TITLE UpdateTitle

UPDATE_SEVERITY Updateimpactinformation.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.

PRODUCT_NAME Productname

PRODUCT_VERSION Productversion

Table 3-15. VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS

Field Notes

BASELINE_NAME Baselinename

BASELINE_TYPE Baselinetype:FixedorDynamic

BASELINE_TARGET_TYPE Baselinetargettype,forexample,avirtualmachineoranESXServerhost

UPDATE_METAUID UpdatemetaID

UPDATE_TITLE Updatetitle

UPDATE_SEVERITY Updateseverity.ThevaluesofthisfieldareNot

Applicable,Low,

Moderate,

Important,

Critical,

HostGeneral,andHostSecurity.

Table 3-16. VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS

Field Notes

ENTITY_UID EntityuniqueID(amanagedobjectIDassignedbytheVirtualCenterServer)

SCAN_START_TIME Starttimeofthescanprocess

SCAN_END_TIME Endtimeofthescanprocess

UPDATE_METAUID UpdatemetauniqueID

UPDATE_TITLE Updatetitle

UPDATE_SEVERITY Updateseverity.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.

ENTITY_STATUS Statusoftheentitywithregardtotheupdate.ThisfieldhasvaluesMissing,Installed,Unknown,andNotApplicable.


49/52


50/52


51/52

VMware, Inc. Update1

Updates for the Update Manager Administration

Guide

LastUpdated:February13,2009

ThisdocumentprovidesupdatestotheUpdate2ReleaseforUpdateManager1.0versionoftheUpdateManagerAdministrationGuide.Updateddescriptions,procedures,andgraphicsareorganizedbypagenumbersothatyoucaneasilylocatetheareasoftheguidethathavechanges.Ifthechangespansmultiplesequential

pages,thisdocumentprovidesthestartingpagenumberonly.

ThefollowingisanupdatetotheUpdateManagerAdministrationGuide:UpdatesfortheTableofSupportedDatabaseFormatsonPage 12

Updates for the Table of Supported Database Formats on Page 12

Table 21doesnotmentionsupportforversionslaterthan10.2.0.3.0ofOracle 10gEnterpriseRelease 2.The

rowshouldappearasfollows:

OracleDatabase10gRelease2(10.2.0.1.0) Applypatch10.2.0.3.0totheclientandserverandthenapplypatch5699495totheclient.

Note:VMwaresupports10.2.0.3.0andlaterversionsofOracleDatabase 10gRelease2.


52/52

Updates for the Update Manager Administration Guide