It is important to answer question what 'Validate URL' button is checking ?
Only path to catalog? No.
Path to patch repository with valid patch metadata? Yes.
If the patch catalog e.g. E:\Data\ is empty you will get error 'Invalid repository' because the content of folder is empty, no patch metadata.
According to VMware Documentation 5.1: http://bit.ly/1iPaZsL
"UMDS 5.1 is compatible and can work with Update Manager 5.0, Update Manager 5.0 update releases and Update Manager 5.1."
According to VMware Documentation 5.5: http://bit.ly/1mqkw4c
"UMDS 5.5 is compatible and can work with Update Manager 5.0, Update Manager 5.1, Update Manager 5.5 and their respective update releases. "
What if my VUM server is in DMZ without internet access and I would like to have automated patch download?
We have 3 options:
1.) My DMZ is 'paranoid' DMZ with 'air gap' to hosts with internet access in this case you have to use portable media like USB drive or DVD/CDROM - it is not automated process :)
2.) My DMZ servers can have http/https access to UMDS server it means that security department is happy to open port 80 or 443 - in such case you can follow e.g. http://bit.ly/1vh66sy
3.) My DMZ servers can communicate via UNC shares with hosts with internet access.It means that your security department is happy to open SMB over TCP port 445 (for Windows 2008). You can follow VMware KB http://kb.vmware.com/kb/1000627 or you can follow procedure below.
I don't have to add that security department always loves option 1 :)
Prerequisites: VMware Update Manager was installed in DMZ Server A, VMware UMDS service was installed on Server B with internet access.
1.) Log in to Server A (with VUM)
2.) Setting up shared folder on VMware Update Manager Server A
a.) Log in to each VMware Update Manager server that you will be installing that does not have an Internet connection as an Administrator.
b.) Create a shared folder that will have the exported patches from the Update Manager Download Service server at the desired drive location by going to My Computer > <Drive Letter>. For example, E:\.
c.) Right-click the My Computer window and click New > Folder and name it Data.
d.) Right-click the newly create Data folder and click Properties.
e.) Click the Sharing tab, and then click Advanced Sharing.
f.) Click Share this folder.
g.) Change the default share name to Repository.
h.) Click Permissions > Add > Locations and change location to the local computer.
i.) Under Enter the object names to select, type Administrators and then click Check Names.
j.) Click OK to save changes.
k.) Click Administrators.
l.) Click the Allow check box to give Administrators Full Control.
m.) Click OK to save changes.
3.) Log in to Server B (with UMDS)
a.) Map to the network share(s) that were created by navigating to My Computer > Map Network Drive.
b.) Choose a drive letter. For example, U:\.
c.) Click Browse and navigate to the VMware Update Manager server.
d.) Choose the share Repository. Repeat this step for each VMware Update Manager server that does not have an Internet connection and assign it a unique drive letter.
e.) Click Reconnect at logon and then click Finish.
f.) Open CMD
g.) Run: "C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -G
We see that I setup only downloading host patches for esxi5.1 and esxi5.5 and I disabled downloading Virtual Appliances upgrades.
"C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -S --disable-host --disable-va
"C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -S -e embeddedEsx-5.1.0-INTL embeddedEsx-5.5.0-INTL
h.) Change patch store for UMDS:
"C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -S --patch-store U:\
i.) If we decided using default patch store (and our export store is U:\) we have to export patches:
"C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -E --export-store U:\
j.) The patch store and export store cannot be configured to the same path.
k.) We start downloading patches to our patch store.
"C:\Program Files (x86)\VMware\Infrastructure\Update Manager\vmware-umds.exe" -D
4.) As soon as metadata is downloaded to patch store on Server B (UMDS)we can validate successfully Shared repository on Server A (VUM)
the end.
No comments:
Post a Comment