Vi3 Vum 10u2 Admin Guide

8/14/2019 Vi3 Vum 10u2 Admin Guide
1/52

2/52
VMware, Inc.
3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
Update Manager Administration Guide
You can find the most up-to-date technical documentation on our Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
2008, 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectualproperty laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware,Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
Revision: 20090213
Item: EN-000037-01
http://www.vmware.com/supportmailto:docfeedback@vmware.commailto:docfeedback@vmware.comhttp://www.vmware.com/supporthttp://www.vmware.com/support/

3/52

4/52
Administration Guide
4 VMware, Inc.
ManagingVirtualAppliances 36
VirtualAppliancesDiscovery 36
ScanningVirtualAppliances 36
RemediatingVirtualAppliances 37
3 OperationsReference 39CommonProblemsandSolutions 39
GatheringLog
Files 39
NoBaselineUpdatesAvailable 39
AllUpdatesinComplianceReportsAreNotApplicable 40
AllUpdatesinComplianceReportsAreUnknown 40
RemediatedUpdatesContinuetoBeNotCompliant 40
RemediatingVirtualMachineswithAllUpdateorAllCriticalUpdatesFails 40
ESXServerScanningFails 41
Events 41
DatabaseViews 44
VUMV_VERSION 44
VUMV_UPDATES 44
VUMV_PATCHES 45
VUMV_BASELINES 45VUMV_PRODUCTS 45
VUMV_BASELINE_UPDATE_ASSIGNMENT 46
VUMV_BASELINE_ENTITY_ASSIGNMENT 46
VUMV_UPDATE_PATCHES 46
VUMV_UPDATE_PRODUCT 46
VUMV_ENTITY_SCAN_HISTORY 47
VUMV_ENTITY_UPDATE_SCAN_HISTORY 47
VUMV_ENTITY_REMEDIATION_HISTORY 47
VUMV_UPDATE_PRODUCT_DETAILS 48
VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS 48
VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS 48
Index 49

5/52
VMware, Inc. 5
Thismanual,theUpdateManagerAdministrationGuide,providesinformationonhowtoconfigureVMwareUpdateManager,includinghowtoinstalltheproductandconfigureitforuseinyourenvironment.
TheUpdateManagerworkswithVMwareESXServer3.5andlaterandVMwareESXServer3iversion3.5andlater.Foreaseofdiscussion,thisbookusesthefollowingproductnamingconventions:
Fortopics
specific
to
ESX
Server
3.5,
this
book
uses
the
term
ESX
Server
3.
FortopicsspecifictoESXServer3iversion3.5,thisbookusesthetermESXServer3i.
Fortopicscommontobothproducts,thisbookusesthetermESXServer.
Whentheidentificationofaspecificreleaseisimportanttoadiscussion,thisbookreferstotheproduct
byitsfull,versionedname.
WhenadiscussionappliestoallversionsofESXServerforVMwareInfrastructure3,thisbookusesthe
termESXServer3.x.
Intended Audience
TheinformationinthismanualiswrittenforexperiencedWindowsorLinuxsystemadministratorswhoare
familiarwithvirtualmachinetechnologyanddatacenteroperations.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour
feedbackto:
docfeedback@vmware.com
Update Manager Documentation
TheUpdateManagerdocumentationconsistsofthisadministrationguide,onlinehelpintegratedwiththe
UpdateManagerclientplugin,releasenotesandUpdateManagerPowerShellLibraryAdministratorsGuide,whichcontainsinformationaboutrunningtheUpdateManagercmdletsinToolkitforWindows.
Youcanaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:
http://www.vmware.com/support/pubs
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions
ofthisbookandotherbooks,goto:
http://www.vmware.com/support/pubs.
About This Book
mailto:docfeedback@vmware.comhttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubsmailto:docfeedback@vmware.com

6/52
Administration Guide
6 VMware, Inc.
Online and Telephone Support
Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts.Goto:
http://www.vmware.com/support
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon
priority1issues.Goto:
http://www.vmware.com/support/phone_support.html
Support Offerings
FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto:
http://www.vmware.com/support/services
VMware Education Services
VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerialsdesignedtobeused
asonthejobreferencetools.FormoreinformationaboutVMwareEducationServices,goto:
http://mylearn1.vmware.com/mgrreg/index.cfm
http://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support

7/52
VMware, Inc. 7
1
Thischapterdiscussesthefollowingtopics:
UpdateManagerOverviewonpage 7
SecurityBestPracticesonpage 7
UpdateManagerProcessesonpage 8.
UpdateManagerSettingsonpage 10
Update Manager Overview
VMware Update Managercomparestheoperatingsystemsandapplicationsrunninginyour
VMware Infrastructuredeploymentagainstasetofstandardupdatesandpatches.Updatesyouspecifycan
beappliedtooperatingsystems,aswellasapplicationsonscannedESXServerhosts,virtualmachines,and
virtualappliances.UpdateManagerworkswithESXServerhosts,virtualmachines,andvirtualappliances
runningonESXServerhosts.Benefitsvarydependingontheversionsofapplicationsinyourenvironment.
BeginningwithVirtualCenter2.5andESXServerversion3.5,UpdateManagerletsyouscanforcompliance
andapplyupdatesforguests,appliances,andhosts.
UpdateManagercanscanandremediatepoweredon,suspended,andpoweredoffvirtualmachinesand
templates,inadditiontoscanningandremediatinghosts.Iftheupdatingorpatchingfails,youcanrevertthe
virtualmachinesandtemplatesbacktotheirpriorcondition,withoutlosingdata.
Security Best Practices
Maintainingaconsistentsetofoperatingsystemsandapplications,withparticularpatchinglevelshelps
reducethenumberofvulnerabilitiesinanenvironment,atthesametimereducingthepossiblerangeofissues
requiringsolutions.Allsystemsrequirepatching,reconfiguration,orothersolutions,butreducingthe
diversityofsystemsinanenvironmenteasesmanagementburdensandreducessecurityrisks.
Benefits of Compliance
Manyattackstakeadvantageofexisting,wellknownissues.Forexample,theNimdacomputerwormused
vulnerabilitiesthatwereidentifiedmonthsbeforetheactualspreadoftheworm.Apatchexistedatthetime
oftheoutbreak,andsystemstowhichthepatchwasappliedwerenotaffected.UpdateManagerprovidesa
waytohelpensurethattherequiredpatchesareappliedtothesystemsinyourenvironment.
Tomakeyourenvironmentmoresecure:
Beawareofwherevulnerabilitiesexistinyourenvironment.
Efficientlybringthesemachinesintocompliancewiththepatchingstandards.
Understanding Update Manager 1

8/52
8 VMware, Inc.
Inatypicallargeenvironment,manydifferentmachinesrunvariousoperatingsystems.Addingvirtual
machinestoanenvironmentincreasesthisdiversity.UpdateManagerautomatestheprocessofdetermining
thestateofyourenvironmentandprovidesawaytoefficientlyupdateVMwarevirtualmachinesandESX
Serverhostsinyourenvironment.
Compliance and Security Best Practices
Toachievethegoalofcompliance,withitsbenefitsofincreasedsecurityandstability,regularlyevaluatethe
following:
Operatingsystemsandapplicationspermittedinyourenvironment
Patchesrequiredforoperatingsystemsandapplications
Determinewhoisresponsibleformakingtheseevaluations,whentheseevaluationsaretobemade,andwhat
tacticstousetoimplementtheplanthatresultsfromtheinvestigation.
Update Manager Processes
UpdateManagerusesasetofoperationstoensureeffectivepatchmanagement.Thisprocessbeginsby
downloadinginformationaboutasetofsecurityupdates.Oneormoreoftheseupdatesareaggregatedtoform
abaseline.Acollectionofvirtualmachines,virtualappliances,andESXServerhostscanbescannedfor
compliancewithabaselineandremediated(updated).Theseprocessescanbeinitiatedmanuallyorthrough
scheduledtasks.
Patch Downloading
UpdateManagerusestheInternettogatherinformationaboutthelatestpatchesfromVMwareandShavlik.
VMwareprovidesinformationaboutupdatestoESXServer,andShavlikprovidesinformationforallmajor
applicationsandoperatingsystems.
Atregular,configurableintervals,UpdateManagercontactsShavlikandVMwaretogatherthelatest
informationonavailablepatches.Forinformationaboutconfiguringdownloadintervals,seeCheckingfor
Updatesonpage 21.Informationaboutallpatchesisdownloaded,regardlessofwhethertheapplicationor
operatingsystemtowhichthepatchappliesiscurrentlyinuseinyourenvironment.
Downloadinginformationaboutallpatchesisarelativelylowcostoperationintermsofdiskspaceand
networkbandwidth.Doingsoprovidestheflexibilitytoaddscanningandremediationofthoseapplications
oroperatingsystemsatanytime.SeeScanningVirtualMachinesandESXServerHostsonpage 9,
Remediationonpage 10,ScanningVirtualAppliancesonpage 36,andRemediatingVirtualAppliances
onpage 37.
WhenUpdateManagerexaminessystemsforpatchcompliance,itcheckswhetherthelatestpatchisapplied
basedoninformationonthatsystem.Patchinformationisusedforthisprocess;thepatchitselfisnotrequired.
Machinesthatarenotcompliantwithbaselinesareidentifiedusingthesecomparisons.Toimproveefficiency
andsavediskspace,patchesforvirtualmachinesareonlydownloadedafteraneedisidentified.
Thefirsttimeavirtualmachineistoberemediated,theapplicablepatchesaredownloadedtotheUpdate
Managerserverandthepatchesareapplied.Thedetailsofhowapatchisapplied,suchaswhetheritisapplied
immediatelyoratalatertime,aredeterminedbythecombinationofwhatispossibleundertheconditions,
andwhattheuserrequests.Forexample,ifUpdateManagerisconfiguredtoremediatemachines,butthose
machinesarenotinastateinwhichremediationispossible(suchasESXServerhostsbeingpoweredoff),the
processisdeferreduntiltheactionispossible.
Afterapatchisdownloaded,itiskeptindefinitelyinthepatchdownloaddirectory.Whenothermachinesare
remediated,thepatchresourceisalreadypresentontheserver.
UpdateManagermightbedeployedinsuchawaythatitcannotconvenientlydownloadpatches.Forexample,
UpdateManagermightbedeployedonaninternalnetworksegmentthatdoesnothavereliableInternet
access.UpdateManagerDownloadServicedownloadsandstorespatchesonthemachineonwhichitis
installed,sothatUpdateManagerserverscanusethemlater.

9/52
VMware, Inc. 9
Chapter 1 Understanding Update Manager
YoucanconfigureUpdateManagertouseanInternetproxytodownloadpatchinformationandpatches.See
ConfiguringUpdateManagerforUsewithanInternetProxyonpage 22.
Scanning Virtual Machines and ESX Server Hosts
Scanningistheprocessinwhichattributesofasetofhostsorvirtualmachinesareevaluatedagainsta
standard,whichiscalledabaseline.YoucanscanESXServer3.5andlater,ESXServer3iversion3.5andlater,
aswellasvirtualmachinesrunningWindowsorLinux.YoucanscananESXServerinstallationtodetermine
whetherthelatestpatchesareapplied,oryoucanscanavirtualmachinetodeterminewhetherthelatestpatchesareappliedtoitsoperatingsystem.
Scansforupdatesareoperatingsystemspecific.Forexample,UpdateManagerscansWindowsvirtual
machinestoensurethattheyhaveaparticularsetofpatches,butdoesnotscanthesamemachinesto
determinewhetherLinuxpatchesareinstalled.
Inthevirtualinfrastructure,allobjectsexceptresourcepoolscanbescanned.
Youcanperformscansonbothonlineaswellasofflinevirtualmachinesandtemplates.
Baselines
Scanningcomparesthestateofahostorvirtualmachineagainstabaseline.Abaselinedescribesacollection
ofone
or
more
updates
such
as
service
packs,
patches,
or
bug
fixes.
With
asingle
baseline,
checking
whether
alltheindividualupdatesthatmakeupthebaselinewereappliedtotheobjectsbeingscanned,becomesa
onestepprocedure.
Atregularintervals,UpdateManagerqueriesupdaterepositoriesthatvendorsprovidetofindavailable
patches.Theserverforpatchinformationandthecontentsofthepatchesareauthenticatedbyusinga
fullfeaturedpublickeyinfrastructure.Tohelpensuresecurity,patchesaretypicallycryptographicallysigned
byvendorsandaredownloadedoverasecureconnection.
UpdateManageroffersthefollowingtypesofbaselines:
DynamicThesignificanceofeachupdatedeterminesthecontentofthebaseline.ForWindows,updates
areeithercriticaloroptional.
Thecontentsofadynamicbaselinearedeterminedbasedonavailableupdatesthatmeetthespecified
criteria.Asthesetofavailableupdateschanges,dynamicbaselinesareupdatedaswell.Youcanexplicitly
includeorexcludeanyupdates,andtheseexceptionspersistindefinitely.
FixedTheusermanuallyspecifiesallupdatesincludedinthebaselinefromthetotalsetofpatches
availableinUpdateManager.Fixedupdatesaretypicallyusedtocheckwhethersystemsarepreparedto
dealwithparticularissues.Forexample,youmightusefixedbaselinestocheckforcompliancewith
patchestopreventawormsuchasBlaster.
UpdateManagerincludesfourpreestablisheddynamicbaselinesthatyoucanusetoscananyvirtualmachine,
virtualappliance(thebaselinesforvirtualmachinesandappliancesareoneandthesame),orhostto
determinewhethertheyhaveallpatchesappliedforthedifferentcategories:
CriticalVirtualMachineUpdatesChecksvirtualmachinesforcompliancewithallcritical
Windowsupdates.
NoncriticalVirtualMachineUpdatesChecksvirtualmachinesforcompliancewithalloptional
Windowsupdates.
CriticalHostUpdatesChecksESXServerhostsforcompliancewithallcriticalupdates.
NoncriticalHostUpdatesChecksESXServerhostsforcompliancewithalloptionalupdates.
Youcanalsocreateadynamicbaselinethatincludesbothcriticalandoptionalupdates.
SeveralbaselineattributesappearintheUpdateManageruserinterface:
NameIdentifiesdifferentbaselines.Thenamecanbemodified,asrequired.Itisestablishedwhen
abaselineiscreated.

10/52
10 VMware, Inc.
UpdatesSpecifiesthenumberofupdatesincludedinthebaseline.Someupdates,suchasservice
packs,includemanysmallerpatchesthatmighthavebeendistributedindividuallyinthepast.
Becausethenumberofupdatesdoesnotdirectlyindicatetheextentoftheupdatesincludedinthe
baseline,thisinformationshowsthequantity,ratherthanthequality.Thenumberofupdatesmight
indicatehowlongascanandremediationmighttaketocomplete.
LastModifiedSpecifiesthelasttimeupdateswereaddedtoorremovedfromthisbaseline.This
datereflectsthelasttimeupdateschangedeitherbecauseofautomaticchangesresultingfrom
dynamicupdates
or
from
manual
user
changes.
Reviewing
the
last
update
information
can
help
provideanideaofwhetherexpectedchangesweremadetobaselines.
BaselineTypeIdentifiesthetypeoftheparticularbaseline.PossiblevaluesincludeDynamic,Fixed,
orDynamic(modified).Dynamic(modified)baselinesaredynamicbaselinesthatusersmodifyto
includeorexcludespecificupdates,countertothebasiccriteriaofthedynamicbaseline.
Administratorscancreatenewbaselines,editexistingbaselines,detachbaselines,orremove(delete)baselines.
Forlargeorganizationswithdifferentgroupsordivisions,eachgroupcandefinetheirownbaselines.
Administratorscanfilterthelistofbaselinesbysearchingforaparticularstringorbyclickingontheheaders
foreachcolumntosortbythoseattributes.ThisfunctionalityusesthecapabilitiesthatallVirtualCenterviews
provides.
RemediationRemediationistheprocessinwhichUpdateManagerappliesupdatestoESXServerhosts,virtualmachines,or
virtualappliancesafterascaniscomplete.Remediationhelpsensurethatmachinesandappliancesare
securedagainstknownpotentialattacksandhavegreaterreliabilityresultingfromthelatestfixes.While
remediationprovidesbenefits,youmightnotremediatemachines.Forexample,yourorganizationmight
determinethatthefixisnotsignificantenoughtowarrantapplication,oramachinemightberunninglegacy
processesthatdonotfunctionifthelatestpatchesareapplied.
Youcanremediatemachinesandappliancesinmuchthesamewaysthatyoucanscanthem.Aswithscanning,
youcannotonlyremediateasinglevirtualmachineorvirtualappliance,butyoucanalsoinitiateremediation
scanonafolderofvirtualmachines,acluster,oradatacenter,orallobjectsinyourvirtualinfrastructure.As
withscanning,resourcepoolsaretheonlyVMwareInfrastructureobjecttypethatcanneverberemediated.
Remediationissupportedfor:
Poweredon,suspended,orpoweredoffWindowsvirtualmachinesandappliances.
TemplatesforWindowsvirtualmachines.
HostsrunningESXServer3.5.0orhigher.
Update Manager Settings
ThevirtualmachineandESXServerremediationprocessisconfigurable.Configurableoptionsinclude:
Whentocheckforupdatedpatchinformation.
WhentoscanorremediatevirtualmachinesorESXServerhosts.
Howtohandlepreremediationsnapshotsofvirtualmachines.UpdateManagercancreatesnapshotsofvirtualmachinesbeforeremediation.IfyouconfigureUpdateManagertocreatesnapshots,youcan
configurethesnapshotstobekeptindefinitelyortobedeletedafteraspecifiedperiod.
Whethertocreatesnapshotsofvirtualmachinesbeforeremediation,whethertostorethesnapshot,and
forhowlong.
HowtohandlefailurestoremediateESXServerhosts.
Formoreinformationonsecurityconfiguration,seeConfiguringUpdateManageronpage 20.

11/52

12/52
12 VMware, Inc.
BeforeyouinstallUpdateManager,gatherinformationabouttheenvironmentintowhichyouareinstalling
UpdateManager.Informationtocollectincludesthefollowing:
NetworkinginformationabouttheVirtualCenterServerthatUpdateManagerwillworkwith.Defaults
areprovidedinsomecases,butyoumightwanttoensurethatyouhavethecorrectinformation,
including:
IPaddress.
Portnumber.Inmostcases,theWebserviceports(80and443bydefault)areused.
Administrativecredentialsrequiredtocompletetheinstallation,including:
Theusernameforanaccountwithsufficientprivileges.ThisisoftenrootorAdministrator.
Thepasswordfortheaccountthatwillbeusedfortheinstallation.
To Install Update Manager
1 InserttheInstallerCDintotheCDROMdriveoftheserverthatwillhosttheUpdateManagerserver.
2 ClickNext.
3 ClickNext.
4 AcceptoneoftheoptionsandclickNext.
5 EnteryournameandorganizationalinformationandclickNext.
6 SelectVMwareVirtualCenterServer.
IfyouhavealreadyinstalledcomponentssuchasVMwareInfrastructureClient,VirtualCenterServer,or
VMwareConverterEnterpriseforVirtualCenter,amessageappearsinformingyouthatthesecomponents
areinstalled.YoucancontinuetheinstallationofothercomponentssuchasUpdateManager.
IfyouselecttheCustomoption,youcanconfigurewhatdatabaseVMwareUpdateManageruses,change
proxyserversettings,andcustomizewhereUpdateManagerisinstalledandwherepatchesarestored.
7 ClickNext.
The
VirtualCenter
Server
Authorization
page
appears.8 EnterinformationabouttheVirtualCenterServerandAdministratoraccountthatthisUpdateManager
serverwillworkwith.
a IntheVCServerIPtextbox,enteranIPaddressoracceptthedefault.
b IntheVCServerPorttextbox,enteraPortnumberoracceptthedefault.
c IntheAdministratortextbox,enterthenameoftheadministrativeaccountyouwillusetocomplete
thisinstallation.
Table 2-1. Supported Database Formats
Database Type Patch and Driver Requirements
SQLServer2000SP4 UseSQLServerdriverfortheclient.
SQLServer2005SP1 UseSQLNativeClientdriverfortheclient.
SQLServer2005Express UseSQLNativeClientdriverfortheclient.
Oracle9i Applypatch9.2.0.8.0toserverandclient.
Oracle10gRelease1(10.1.0.2) Applypatch10.1.0.3.0toserverandclient.
Oracle10gRelease2(10.2.0.1.0) Firstapplypatch10.2.0.3.0toserverandclientandthenapplypatch5699495totheclient.(SEEUPDATE)

13/52

14/52

15/52

16/52
16 VMware, Inc.
To identify the SQL Server authentication type
1 OpenSQLServerEnterpriseManager.
2 ClickthePropertiestab.
3 Checktheconnectiontype.TheconnectiontypeindicateseitherWindowsNTorSQLServer
authentication.
Configuring Microsoft SQL Server 2005 Express
TheMicrosoftSQLServer2005Expressdatabasepackageisinstalledandconfiguredwhenyouselect
MicrosoftSQLServer2005ExpressasyourdatabaseduringtheVMwareUpdateManagerinstallation.No
additionalconfigurationisrequired.
IfMicrosoftSQLServer2005Expressisinstalled,reviewtherequireddatabasepatchesspecifiedinTable 21.
Ifyoudonotprepareyourdatabasecorrectly,theUpdateManagerinstallermightdisplayerrorandwarning
messages.
Maintaining Your Update Manager Database
AfteryourUpdateManagerdatabaseinstanceandUpdateManagerareinstalledandoperational,perform
standarddatabasemaintenanceprocesses.Theseinclude:
Monitoringthegrowthofthelogfileandcompactingthedatabaselogfile,asneeded.Seethe
documentationforthedatabasetypeyouareusing.
Schedulingregularbackupsofthedatabase.
BackingupthedatabasebeforeanyUpdateManagerupgrade.
Seeyourdatabasedocumentationforinformationonbackingupyourdatabase.
Installing the Guest Agent
TheVMwareUpdateManagerGuestAgentfacilitatesUpdateManagerprocesses.ForbothLinuxand
Windowsoperatingsystems,theGuestAgentisinstalledthefirsttimearemediationisscheduledorwhena
scanisinitiatedonapoweredonvirtualmachine.Forbestresults,ensurethatthelatestversionoftheGuest
Agentisinstalled.
IftheGuestAgentinstallationdoesnotcompletesuccessfully,operationssuchasscanningandremediation
fail.Insuchacase,manuallyinstalltheGuestAgent.
TheGuestAgentinstallationpackagesforWindowsandLinuxguestsareinthedirectoryyouspecifiedduring
theUpdateManagerinstallation.Inthatdirectory,theGuestAgentinstallationpackagesarelocatedat
\docroot\vci\guestAgent\.Forexample,ifUpdateManagerisinstalledin
C:\Program Files\VMware\Infrastructure\Update Manager,theGuestAgentinstallersareat
C:\Program Files\VMware\Infrastructure\Update Manager\docroot\vci\guestAgent\.
TheGuestAgentrequiresnouserinput,andtheinstallationcompletessilently.ForWindows,startthe
installerbyrunningtheVMware-UMGuestAgent.exefile.ForLinux,installthe
VMware-VCIGuestAgent-Linux.rpmfile
by
running
the
rpm -ivh VMware-VCIGuestAgent-Linux.rpmcommand.
Installing the Update Manager Download Service
UpdateManagerDownloadServicedownloadsupdatesthatwouldnototherwisebeavailabletoUpdate
Managerservers.Forexample,forsecurityreasonsanddeploymentrestrictions,VMwareInfrastructure,
includingUpdateManager,isinstalledinanairgapnetworkasecurednetworkthatisdisconnectedfrom
otherlocalnetworksandtheInternet.UpdateManagerrequiresaccesstopatchinformationtofunction
properly.

17/52
VMware, Inc. 17
Chapter 2 Working with Update Manager
TheDownloadServiceprovidesasolutioninsuchsituations.DownloadServicedownloadsupdatesfor:
ESXServer3iorhigher,andESXServer3.5orhigher.
AllUpdateManagersupportedversionsofWindowsvirtualmachines.
TousetheUpdateManagerDownloadService,youmustsetupaservertobeyourUpdateManager
Downloadsystem.ThisservermusthaveInternetaccess.
AftertheDownloadServicedownloadsupdates,theupdatescanbeexportedbyCDorUSBkeydeviceaswell
asautomaticallytoaVirtualCenterServerrunningUpdateManager.
TheamountofspacerequiredtostoretheupdatesontheserveronwhichtheDownloadServiceisinstalled
variesbasedonthenumberofdifferentoperatingsystemsandapplicationsyouintendtopatch,aswellasthe
numberofyearsyouintendtogatherpatchesonthissystem.Allocate50GBforeachyearofESXServer
patching,and11GBforeachvirtualmachineoperatingsystemandlocalecombination.Forexample,touse
theserverfortwoyearstopatchhostsWindowsXPUSEnglishandWindowsServer2003requires100GBfor
thehostsand44GBforthevirtualmachinesforatotalof144GB.ToinstalltheDownloadServiceinsuchan
environment,installitonaserverwithatleast144GBofavailablespaceforpatchstorage.
TheDownloadServiceinstallerrequiresadatabase.Theinstallationprogramincludesanoptiontocreatea
SQLServer2005Expressdatabase,oryoucanuseanexistingMicrosoftSQLServerorOracledatabase.
To install the Update Manager Download Service
OpentheVMware-UMDS.exefilelocatedintheumdsfolderontheinstallationCD.Usethe
VMware Update Manager Download Serviceinstallationwizardtocompletetheinstallation.
Duringtheinstallation,youcanmodifytheSOAPport,Webport,andproxysettings.Ifyoukeepthedefault
settingsduringtheinstallationandwanttochangetheUpdateManagerDownloadServiceproxy
authenticationsettingslater,usetheTomanuallyupdateproxyauthenticationinformationonpage 22
procedure.
Upgrading VI Client to Support Update Manager
StartingwithVirtualCenterversion2.5,UpdateManagerclientsaredeliveredasapluginfortheVIClient.
TheUpdateManagerfunctionalityisanintegralpartofVirtualCenter,andthenewVIClientsupersedes
previousVIClientreleases.
AfterinstallingUpdateManager,updateatleastoneVIClient,soyoucanconfigureUpdateManager.You
mustinstalltheUpdateManagerpluginonanyVIClientthatyouwanttousetomanageUpdateManager,
butyoudonotneedtoupdateallclientsifyoudonotwantto.AnycombinationofVI ClientwithUpdate
ManagerpluginandVIClientwithsomeornootherpluginscanconnecttoagivenVirtualCenterServer
withoutaconflict.
To enable Update Manager on a VI Client
1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalled.
2 ChoosePlugins>ManagePlugins.
3 ClickDownload
and
installfor
the
Update
Manager
plug
in.
4 CompletetheUpdateManagerclientinstallationandclickOK.
5 ClicktheInstalledtabonthePluginManagerpage.
TheVMwareUpdateManagerclientpluginmightnotbeimmediatelyavailable.Youmightneedtowait
uptoaminutebeforetheUpdateManagerclientisshownontheInstalledtab.
6 SelectEnabled.
7 DismissanySecurityWarningdialogboxesthatappearbyclickingYesorIgnore,andthenclickOK.
TheUpdateManagerbuttonmightnotalwaysimmediatelyappearintheVIClient.Afterinstallingthe
VMwareUpdateManagerplugin,ifthebuttondoesnotappear,restarttheVIClient.

18/52

19/52
VMware, Inc. 19
Update Manager Network Port Requirements
AfteryouinstallUpdateManagerifthedefaultsettingsarekeptduringtheinstallation,theUpdateManager
Webserverlistenson9084TCPandtheUpdateManagerSOAPserverlistenson8084TCP.Bothareaccessed
throughareverseproxythatlistensonthestandardports80and443.Formoreinformation,seeFigure 21.
Figure 2-1. Update Manager Network Port Requirements
WhenUpdate
Manager
and
the
VirtualCenter
Server
are
installed
on
the
same
machine:
AllincomingconnectionstoUpdateManagerareaccessedthroughareverseproxyprovidedbythe
VirtualCenterServer.
ESXServerconnectstoport80,andtheVirtualCenterServerforwardstherequesttotheUpdateManager
Webserverlisteningonport9084forhostpatchdownloads.
TheVirtualCenterServerdirectlyconnectstoUpdateManageronport8084becausetheyareonthesame
machine.
UpdateManagerconnectstoESXServeronport902forpushingthevirtualmachinespatches.
WhenUpdateManagerandtheVirtualCenterServerareinstalledontwodifferentmachines:
UpdateManagerhasareverseproxylisteningonports80and443ifthedefaultisnotchangedduringthe
installation.
TheVirtualCenterServerconnectstoUpdateManagerthroughport443.Thereverseproxyforwardsthe
requestto8084.
ESXServerconnectstoUpdateManagerthroughport80.Thereverseproxyforwardstherequestto9084.
UpdateManagerconnectstoESXServeronport902forpushingthevirtualmachinespatches.
Toobtainmetadatafortheupdates,UpdateManagermustbeabletoconnecttohttp://www.vmware.comand
http://xml.shavlik.com,andrequiresoutboundports80and443.
Formoreinformationaboutconfiguringtheportsettingsaftertheinstallation,seeConfiguringtheUpdate
ManagerNetworkPortSettingsonpage 22.
ESX host
VirtualCenter
(Update Manager)
AKAMAI
(Patch Content Server)
Patch Metadata
Server
ESX host ESX host
80
HTTP
443 80
SSL/HTTP
80
9000-
9100
902 902 902
80
9000-
9100
80
9000-
9100
vmware.com
ISV
(Patch Content Server)
internet
80
HTTP 443 80
SSL/HTTP
shavlik.com
Patch Metadata
Server
network
http://www.vmware.com/http://xml.shavlik.com/http://xml.shavlik.com/http://www.vmware.com/

20/52
20 VMware, Inc.
Configuring Update Manager
YoucanmodifytheadministrativesettingsforUpdateManagerbeforeyoutouseit.Theadministrative
settingsdeterminethefollowing:
WhatactionUpdateManagertakesifaremediationfailsforeitheraguestvirtualmachineoranESX
Serverinstallation.
HowoftenUpdateManagerchecksfornewupdates.
HowUpdateManagerworkswithanInternetproxy.
HowUpdateManagercanbeconfiguredtoworkwithnewportsettings.
HowtochangethelocationinwhichUpdateManagerdownloadspatches.
Responding to Guest Remediation Failure
UpdateManagercantakesnapshotsofvirtualmachinesbeforeapplyingupdates.Thisensuresthatifapatch
cannotbeapplied,thestateofthevirtualmachinebeforetheupdateiseasilyreestablished.Youcanelectto
keepthesesnapshotsindefinitelyorforafixedperiod.
Keepingsnapshotsindefinitelymighteventuallyconsumealargeamountofdiskspaceanddegrade
virtualmachine
performance,
but
these
snapshots
provide
protection
against
problems
with
patching.
Keepingnosnapshotssavesspaceinyourenvironment,ensuresbestvirtualmachineperformance,and
mightreducetheamountoftimeittakestocompleteremediation.
Keepingsnapshotsforasetperiodisacompromisebetweentheothertwochoices.
Theconfigurationdescribedinthefollowingprocedure,determinesthedefaultsettingsforremediation
failures.Youcanspecifyalternativesettingstothesedefaultswhenyouconfigureindividualremediation
tasks.
To configure guest snapshot behavior
1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclickthe
UpdateManagerbutton.
2 ClicktheConfigurationtab.
TheGuestSettingslinkontheleftisselectedbydefault.
3 SelectSnapshotthevirtualmachinesbeforeapplyingupdatestoenablerollback.
4 Configuresnapshotstobekeptindefinitelyorforaperiodoftime.
5 ClickApply.
Responding to a Failure to Put ESX Server in Maintenance Mode
UpdateManagerputsESXServerinmaintenancemodebeforeapplyingupdates.Virtualmachinescannot
continuetorunwhenanESXServerisinmaintenancemode.Toensureaconsistentuserexperience,the
VirtualCenterServermigratesvirtualmachinestootherESXServerhostswithinaclusterbeforetheserverbeingremediatedisputinmaintenancemode.VirtualCenterServercanmigratethevirtualmachines,ifthe
clusterisconfiguredforVMotion.Forothercontainersorindividualhoststhatarenotinacluster,migration
cannotbeperformed.IfVirtualCenterservercannotmigratethevirtualmachinestoanalternativehost,
Update Managercantakeoneofthefollowingactions:
FailTaskLogthisfailureintheUpdateManagerlogsandtakenofurtheraction.
RetryWaitfortheretrydelayperiodandrepeattheattempttoputtheserverintomaintenancemodeas
manytimesasyouindicateintheNumberofretriesfield.

21/52

22/52
22 VMware, Inc.
9 (Optional)Specifyoneormoreaddressestoreceiveemailwithinformationabouttheresultsoftheupdate
downloadprocesswhenthenewupdatesaredownloaded.
Tohavethisoptionworking,themailsettingsfortheVirtualCenterServermustbeconfiguredcorrectly.
10 ClickNext.
11 ClickFinish.
Configuring Update Manager for Use with an Internet Proxy
AfterinstallingUpdateManager,youcanmodifytheconfigurationtoworkwithanInternetproxyserverby
usingtheCustomInstalloptionintheinstallationprogram.Todothis,restarttheinstallationprocessand
providenewproxyconfigurationinformation.TheinstallationprocessisdescribedinToInstallUpdate
Manageronpage 12.
YoucanmodifytheconfigurationbothmanuallyandthroughtheUpdateManagerplugin.
To manually update proxy authentication information
1 LogintotheUpdateManagerserverasanadministrator.
2 StoptheUpdateManagerservice.
a RightclickMyComputerandclickManage.
b Intheleftpane,expandServicesandApplicationsandclickServices.
c Intherightpane,rightclicktheVMwareUpdateManagerService,andclickStop.
3 Openthevum-proxyAuthCfg.exe fileintheUpdateManagerdirectory.
ThedefaultlocationisC:\Program Files\VMware\Infrastructure\Update Manager.
4 Provideupdatedproxyauthenticationinformation.
5 RestarttheUpdateManagerservice.
To modify the proxy configuration through the Update Manager plug-in
1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclicktheUpdateManagerbutton.
2 ClicktheConfigurationtab.
3 ClicktheInternetAccesslinkontheleft.
4 Changethedefaultproxyinformationasnecessary.
Iftheproxyrequiresauthentication,selecttheProxyrequiresauthenticationcheckboxandprovide
usernameandpassword.
5 (Optional)Testtheconnection.
TheTestConnectionbuttonallowsyoutoentertheInternetaccesssettings,andtesttheconnectivityof
theUpdate
Manager
server
with
the
Internet
before
actually
applying
the
new
settings.
6 ClickApply.
Configuring the Update Manager Network Port Settings
AfteryouinstallUpdateManager,youcanconfigureitsportsettingstoavoidconflictswithotherprograms
installedonthesamemachine.
IfVirtualCenterisinstalledonthesamemachine,youcannotchangetheHTTPandHTTPSports.Update
Managerdoesntopentheseports,butVirtualCenterdoes.IfVirtualCenterisnotinstalledonthesame
machine,UpdateManagerstartsitsownreverseproxy.Inthiscase,youareabletochangeboththeHTTPand
HTTPSports.

23/52

24/52
24 VMware, Inc.
Configuring Update Manager Patch Download Location
WhenyouinstallUpdateManager,theinstallationwizardallowsyoutochangethelocationfordownloading
patches.Ifyoukeepthedefaultlocationduringtheinstallation,andwanttochangeitlater,without
reinstallingUpdateManager,youhavetodoitmanually.
To configure the Update Manager patch download location
1 StoptheUpdateManagerservice.
2 Findthevci-integrity.xmlfileintheUpdateManagerinstallationdirectory.
ThedefaultlocationisC:\Program Files\VMware\Infrastructure\Update Manager.
3 Createabackupcopyofthisfileincaseyouneedtoreverttothepreviousconfiguration.
4 Editthefilebychangingthefollowingfields:
yournewlocation
Thedefaultpatchdownloadlocationis:
C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\
Data\
Thedirectorypathmustendwith\.
SavethefileinUTF8format,andreplacetheexistingfile.
5 Copythecontentsfromtheoldpatchstoredirectorytothenewfolder.
6 RestarttheUpdateManagerservice.
Using the Update Manager Download Service
UsetheUpdateManagerDownloadServicetoinitiatedownloadsofupdatesandtotransfertheupdatesto
UpdateManager.Establishadepotinwhichtoplacetheupdates.Aftertheupdatesareinthedepot,export
thenewlydownloadedupdatestosomeportablestoragedevicesuchasaCDorUSBkeyandimportthemto
theUpdateManagerserver.IfUpdateManagerisinstalledonamachinethatisnotconnectedtotheInternet,
thescheduledupdatechecksfail.Insuchacase,disablethescheduledupdatechecksandusetheUpdateManagerDownloadServiceastheonlymeanstodownloadandtransferupdatestoUpdateManager.
YoucanautomatetheUpdateManagerDownloadServiceinasemiairgapdeploymentadeploymentin
whichyoucantransferfilesfromthemachineonwhichUpdateManagerDownloadServiceisinstalledtoa
machineonwhichUpdateManagerserverisinstalledusingasharedfolder.Thissharedfoldercanbeonthe
samemachineonwhichUpdateManagerisinstalledoronaremoteserver.
ThebestpractiseistocreateascripttodownloadtheupdatesmanuallyandsetitupasaWindowsScheduled
Taskthatdownloadstheupdatesautomatically.
To use the Update Manager Download Service
1 LogintothemachineonwhichUpdateManagerDownloadServiceisinstalled.
2 ChooseStart>Run,typecmdandpressEnter.
3 ChangetothedirectorywhereDownloadServiceisinstalled.
ThedefaultfolderisC:\Program Files\VMware\Infrastructure\Update Manager.
4 Setupwhatupdatestodownload:
TosetupadownloadofallESXServerhostupdates,enterthefollowingcommand:
vmware-umds --set-config -enable-host 1 --enable-win 0 --enable-lin 0
TosetupadownloadofallWindowsupdates,enterthefollowingcommand:
vmware-umds --set-config -enable-host 0 --enable-win 1 --enable-lin 0

25/52

26/52

27/52
VMware, Inc. 27
To create a dynamic baseline using the New Baseline wizard
2 OntheBaselinestab,clickNewBaseline.
TheNewBaselinewizardappears.
3 Provideanameandadescriptionofthebaseline,andselectatarget.
UpdateManagerdoesnotsupportbaselinesthatapplytobothtargettypes.Baselinesmustapplytoeither
ESXServerhostsorvirtualmachines.
4 ClickNext.
5 SelectDynamicforthetypeofbaseline.
6 ClickNext.
TheDynamicBaselineCriteriapageappears.
7 Customizethebaselinebyenteringspecificcriteriatofiltertheupdates.
TextcontainsEntertexttorestricttheupdatesdisplayed.Textenteredinthisfieldissearched
forconformityinalltextfieldsoftheavailableupdates.
ProductSelectoperatingsystemsorproductsforwhichthisbaselineincludespatches.Youcan
selectmultipleproductsoroperatingsystems,butonlyupdatesapplicabletotheproductor
operatingsystemofthemachinebeingevaluatedarescanned.
SeveritySelecttheseverityofupdatestobeincludedinthisbaseline.
LanguageSelectwhichlanguageversionsofpatchestoinclude.
ReleasedDateProvideBeforeandAfterdatestospecifyarangeforthereleasedatesofthe
updates.
UpdateVendorSelectoneofthelistedupdatevendors.
Addorremovespecificupdatesto/fromthisbaselineSelectthecheckboxtoaddorremove
specificupdates.
8 ClickNext.
Dependingonthechoicesyoumake,oneofthefollowingpagesappears:
TheReadytoCompletepage,ifyoujustfilteredtheupdates
TheExclusionspage,ifyouselectedtoaddorremovespecificupdatesfromthebaseline.
9 IntheExclusionspage,selectindividualupdatestoexcludefromyourbaselineandclickthedownarrow.
10 ClickNext.
TheInclusionspageappears.
11 Selectindividual
updates
that
do
not
meet
the
filter
criteria
set
up
in
Step 7,
to
include
them
in
the
baseline,andclickNext.
12 ReviewtheReadytoCompletepage,andclickFinish.

28/52
28 VMware, Inc.
Editing Baselines
YoucaneditexistingbaselinesbyusingtheVIClient.
To edit an existing baseline
2 Onthe
Baselines
tab,
select
an
existing
baseline
and
click
Edit
Baseline.
TheEditBaselinewizarddisplays.
3 ClickBaselineNametomodifythenameanddescriptionofthebaseline.
4 ClickBaselineTypetochangethetypeofupdatesincludedinthebaseline.
5 Dependingonthetypeofbaseline,dooneofthefollowing:
Ifthebaselineisfixed,clickUpdatestoaddorremovespecificupdatesfromthebaseline.
Ifthebaselineisadynamicone,clickCriteriatochangethedynamicbaselinecriteria.
Additionally,ifsomeupdatesareexcludedfromorincludedinthebaseline,clickExclusions,or
Inclusionstochangetheexcludedorincludedupdates.
Attaching Baselines
YoucanattachexistingbaselinestoobjectsintheVirtualCenterinventory.Youcanattachbaselinesto
individualobjects,butamoreefficientapproachistoattachbaselinestocontainerobjects,suchasfolders,
hosts,clusters,anddatacenters,insteadofattachingthemtoindividualvirtualmachinesandhosts.Attaching
abaselinetoacontainerobjectsuchasafolder,host,clusterordatacentertransitivelyattachesthebaselineto
allobjectsinthecontainer.
To attach a baseline
2 Navigatetothevirtualinfrastructureobjecttoattachthebaselineto,clicktheUpdateManagertab,and
clicktheAttachBaselinelinkintheupperrightcorner.
3 SelectoneormorebaselinestobeattachedandclickOK.
Detaching Baselines
Youcandetachbaselinesfromcertainobjectsintheinventory.Theseareobjectstowhichthebaselineswere
directlyattachedinapreviousattachoperation.VMwareInfrastructureobjectsoftenhaveinherited
properties,includingbaselineassociations,sotodetachabaselinefromanobject,youmighthavetonavigate
totheparentobject,towhichthebaselineisattached,andremoveitfromthere.
To detach a baseline
2 Navigatetothevirtualinfrastructureobjecttoremovethebaselinefrom,andclicktheUpdateManager
tab.
3 Findthebaselinetoremove,andreviewwherethebaselineisattached.
ThisinformationiscontainedintheAttachedAtcolumn.
4 Rightclickthebaselinetoremove,andclickDetachBaseline(s).
ThebaselineisdetachedfromtheVMwareInfrastructureinventoryobject.

29/52
VMware, Inc. 29
Removing Baselines
YoucanremovebaselinesanddeletethemfromVIClient.
To remove a baseline
2 ClicktheUpdateManagerbutton.
3 OntheBaselinestab,selectthebaselinestoremove.
4 ClickRemoveBaseline.
5 Whenpromptedtoconfirmdeletionoftheselectedbaselines,clickYes.
Scanning Virtual Machines and ESX Server Hosts
YoucangetUpdateManagertoautomaticallyscanvirtualmachinesandESXServerhostsbyusing
preestablishedtasksoryoucanmanuallyinitiatescans,asrequiredbyusers.Toproducecompliance
information,youcanrunscansagainstobjectsthathavebaselinesattachedtothem.Whenyouscananobject,
thescanisperformedagainstallupdates,butcomplianceinformationisproducedonlyfortheupdates
includedinabaselineattachedtotheobject.SeeAttachingBaselinesonpage 28.
To manually initiate a scan
2 ClickInventoryinthenavigationbar.Forvirtualmachines,clickVirtualMachinesandTemplates.For
ESXServerhosts,clickHostsandClusters.
3 Intheleftpane,rightclickacontainerobjecttobescannedandclickScanforUpdates.
Allchildobjectsoftheobjectonwhichthescanisinitiatedarealsoscanned.Thelargerthevirtual
infrastructureandthehigherupintheobjecthierarchyyouinitiatethescan,thelongerthescantakes.
IftheESXServerhostswithinacontainerobjectaredisconnected,theyarenotscanned.EvenifallESX
Serverhostsaredisconnected,whenyourightclickthecontainer,theScanforUpdatesoptionis
available,but
actual
scanning
is
never
performed.
4 Whenpromptedtoconfirmthatyouwanttoscanalltheobjectsandchildobjects,clickYes.
Fortheresultsofthescan,seeViewingScanResultsonpage 30.
To schedule a scan
1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalled,andclick
ScheduledTasks.
2 ClickNewinthetoolbartoopentheSelectaTasktoScheduledialogbox.
3 Fromthedropdownmenu,selectScanforUpdatesandclickOK.
4 Selectthetypeofscantoschedule.ClickNext.
5 Selecttheobjectstobescanned.ClickNext.
Forallobjectsselected,allchildobjectsarescannedaswell.
6 ConfigurewhenthetaskwillrunbasedonthestateofthevirtualmachineorESXServer.ClickNext.
7 ReviewthesummaryinformationforthetasktobecompletedandclickFinish.

30/52
30 VMware, Inc.
Viewing Scan Results
UpdateManagerprovidesameanstoquicklycheckhowmachinescomplywithbaselines.Youcanreview
complianceeitherbyexaminingresultsforasinglevirtualmachineorESXServer,orbyreviewingtheresults
foragroupingofvirtualmachinesorESXServerhosts.ComplianceinformationisavailableontheUpdate
ManagertabintheVIClient.ForESXServerhosts,youcanviewcomplianceintheHostsandClustersview.
Forvirtualmachines,youcanviewcomplianceintheVirtualMachinesandTemplatesview.
Supported
groupings
include
virtual
infrastructure
container
objects
such
as
folders,
clusters
and
datacenters.Baselinesinteractwithvirtualmachinesinthefollowingways:
Ifauserdoesnothavepermissionstoviewanobject,anobjectscontents,oravirtualmachine,theresults
ofthosescansarenotdisplayed.
Compliancewithbaselinesisassessedatthetimeofviewing.Thismeansabriefpausemightoccurwhile
informationisgatheredaboutvirtualmachinescompliance,toensurethatallinformationiscurrent.
Onlyinformationaboutcompliancewithrelevantbaselinesisprovided.Forexample,ifabaselineisnot
attachedtothecontainerinquestion,complianceisnotassessed.Similarly,considerthecaseinwhicha
containerhasWindowsXPandWindowsVistavirtualmachines,andbaselinesforWindowsXPand
WindowsVistapatchesareattachedtothiscontainer.Insuchacase,theWindowsVistavirtualmachines
areassessedforcompliancewithWindowsVistabaselines,andtheresultsaredisplayed.Thesame
WindowsVistavirtualmachinesarenotassessedforcompliancewithWindowsXPpatches,andasaresult,thestatusoftheircomplianceisdisplayedasnotapplicable.
Compliancestatusisdisplayedbasedonpermissions.Userswithpermissiontoviewacontainerbutnot
allofthecontainerscontentsareshowntheaggregatecomplianceofallentitiesunderthatcontainer,but
theindividualcountsforcompliant,notcompliantandunknownentitiesonlyappearastheusers
permissionspermit.Toviewthecompliancestatus,useralsomusthavepermissionstoviewthebaseline
orsoftwareupdatecompliancestatusforanobjectintheinventory.
WhenyouscananESXServerhostagainstafixedbaselinecontainingonlyupdatesobsoletedbynewerones,
andthenewerupdatesarealreadyinstalledontheESXServerhost,thecompliancestatusoftheoldupdates
isnotapplicable.IfthenewerupdatesarenotinstalledontheESXServer,thecompliancestatusoftheold
updatesisnotcompliant.Youcaninstallthenoncompliantupdatesafterstartingaremediationprocess.
WhenyouscananESXServerhostagainstafixedbaseline,containingbothobsoleteandnewerupdates,the
oldupdatesaredisplayedasnotcompliant.Onlythenewerupdatesareinstalledafterstartingaremediation
process.
Reviewing Scan Results for Virtual Machines Contained in a Virtual Infrastructure Object
Whenscansarecompletedonallmachinescontainedwithinavirtualinfrastructureobject,theresultsare
displayedinasummary.Informationthatisdisplayedexplainsthedegreeofconformancewithbaselines,
ratherthanthedetails.Thefollowinginformationisincluded:
Whenthelastscanwascompletedatthislevel.
Thetotalnumberofcompliantandnoncompliantupdates.
Foreachbaseline,thenumberofvirtualmachinesorhoststhatarecompliantornotcompliant.
Foreachbaseline,thenumberofpatchesthatarenotapplicabletoparticularvirtualmachinesorhosts.

31/52
VMware, Inc. 31
To review scan results for virtual machines or ESX Server hosts
2 ClickInventoryinthenavigationbar.Forvirtualmachines,clickVirtualMachinesandTemplates.For
ESXServerhosts,clickHostsandClusters.
3 Clicktheobjectwhosescanresultsyouwanttoview.
4 ClicktheUpdateManagertab.
Theresultsforscanscompletedonvirtualmachinesinthatcontainerappearattheright.
Youcanreceivemoreinformationabouttheresultsofthescansofparticularbaselines.
To receive more information about baseline compliance of virtual machines in an object
Clickthehyperlinkindicatinghowmanyvirtualmachinesareinaparticularstateofcompliance.
TheBaselineDetailswindowappears.
Youcanreceivemoreinformationaboutaspecificmachinescompliancewiththeupdatescontainedina
baseline.
To receive more information about baseline compliance of a virtual machine with specific updates
Clickthehyperlinkindicatingthenumberofupdatesthatareorarenotincompliance.
TheVirtualMachineBaselineDetailswindowappears.
Reviewing Scan Results for Individual Virtual Machines and ESX Hosts
WhenscansarecompletedonspecificvirtualmachinesorESXServerhosts,detailedresultsareprovided.
Informationthatisdisplayedexplainsthedegreeofconformancewithbaselines,ratherthanthedetailsof
conformance.Someinformationincludedis:
Whenthelastscanwascompletedatthislevel.
Thetotalnumberofbaselinesandupdatesthatarecompliantornotcomplaint.
To review scan results for a virtual machines
2 ClickInventory,andclickVirtualMachinesandTemplates.
3 SelectanindividualvirtualmachineorselectaVMwareInfrastructureobjectsuchasadatacentertosee
thestatusforallvirtualmachinesinthatobject.
To review scan results for an ESX Server host
2 ClickInventory,andclickHostsandClusters.
3 SelectanindividualESXServerhostorselectaVMwareInfrastructureobjectsuchasadatacentertosee
thestatusforallhostsinthatobject.

32/52
32 VMware, Inc.
Remediating ESX Server Hosts and Virtual Machines
Youcanremediatemachineseitherthroughuserinitiatedremediationorthroughregularlyscheduled
remediation.
FortheESXServerhostsinacluster,theremediationprocessissequential.Whenyouremediateaclusterof
ESXServerhostsandoneofthehostsfailstoentermaintenancemode,theUpdateManagerreportsanerror
andtheprocessfails.TheremainingESXServerhostsinthesameclusterthatdidgetremediatedstayatthe
updatedlevel.
The
ones
that
were
to
be
remediated
after
this
host
are
not
updated.
Formultipleclustersunderadatacenter,theremediationprocessesareparallel.Iftheremediationprocessfails
foroneoftheclusterswithinadatacenter,theremainingclustersarestillremediated.
Templatesareatypeofvirtualmachine,sotheycanberemediated.VMwarerecommendstakingsnapshots
oftemplatesbeforeremediation,especiallyifthetemplatesaresealed.Atemplatethatissealedisstopped
beforeoperatingsysteminstallationiscompleted,andspecialregistrykeysareusedsothatvirtualmachines
createdfromthistemplatestartinsetupmode.Whensuchavirtualmachinestarts,theusercompletesthefinal
stepsinthesetupprocess,allowingforfinalcustomization.
Tocompleteremediationofasealedtemplate,thetemplatemustbestartedasavirtualmachine.Forthisto
happen,thespecialregistrykeysthatstartthevirtualmachineinsetupmodearenotedandremoved.Aftera
templateisstartedandremediated,theregistrykeysarerestoredandthemachineisshutdown,returningthe
templateto
its
sealed
state.
Iferrorsoccur,atemplatemightnotbereturnedtoitssealedstate.Forexample,ifUpdateManagerlosesits
connectionwiththeVirtualCenterServerduringremediation,thetemplatecannotbereturnedtoitssealed
state.Creatingasnapshotbeforeremediationprovidesforeasyrecoveryfromsuchissues.
Afterremediationiscompleted,butthebaselineisstillnotcompliant,repeattheremediation.
Guest Shutdown
Machinesarerebootedattheendoftheremediationprocess,ifarebootisrequired.Adialogboxtellstheusers
loggedintotheremediatedmachinesoftheupcomingshutdown.
Userscanpostponetheshutdownforuptoamaximumof60minutes.AfterclickingOK,arebootreminder
dialogbox
appears
in
the
task
bar.
After
the
specified
time
elapses,
afinal
timer
before
shutdown
appears.
Manual Virtual Machine Remediation
Youcanmanuallyremediatevirtualmachinesonacasebycasebasis.
To manually initiate a remediation
2 ClickInventoryandclickVirtualMachinesandTemplates.
4 Rightclicktheobjecttoberemediated,andclickRemediate.
Allchildobjectsoftheobjectonwhichtheremediationisinitiatedarealsoremediated.Thelargerthe
virtualinfrastructureandthehigherintheobjecthierarchyyouinitiatetheremediation,thelongerthe
processtakes.
5 Selectthebaselinesyouwanttoapply,andclickNext.
6 Allupdatesareincludedbydefault.Toexcludeindividualupdatesfromtheremediationprocess,deselect
theircheckboxesandclickNext.
7 (Optional)ReviewtheexcludedupdatesandclickNext.
8 IntheSchedulepage,selectthetimetoinitiatetheremediationactionsbasedonthestateofthevirtual
machineandclickNext.

33/52
VMware, Inc. 33
9 Specifywhetheryouwouldliketoenablerollbackbeforeperformingtheupdate.Ifyouenablerollback,
asnapshotofthevirtualmachineiscreated.
Selectthesnapshotoptions,includinganameanddescriptionforthesnapshot,aswellaswhethertotake
asnapshotofthevirtualmachinesmemory.ClickNext.
Manual ESX Server RemediationYoucanmanuallyremediateESXServerhostsonacasebycasebasis.
2 ClickInventoryandclickHostsandClusters.
4 RightclicktheobjecttoberemediatedandclickRemediate.
Allchildobjectsoftheobjectonwhichtheremediationisinitiatedarealsoremediated.Thelargerthe
virtualinfrastructureandthefurtherupintheobjecthierarchyyouinitiatetheremediation,thelonger
theprocesstakes.
IftheESXServerhostswithinacontainerobjectaredisconnected,theyarenotremediated.EvenifallESX
Serverhostsaredisconnected,whenyourightclickthecontainer,theRemediateoptionisavailable,but
actualremediationisnotperformed.
5 SelectthebaselinestoapplyandclickNext.
6 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesandclickNext.
7 (Optional)Reviewthelistofupdatestobeexcluded,andclickNext.
8 Selectthehostremediationoptions,includingthetimetoinitiatetheremediationactionsaswellasthe
remediationfailureresponseoptions,andclickNext.
9 Reviewthe
summary
information
for
the
task
to
be
completed,
and
click
Finish.
Scheduled Virtual Machine Remediation
Youcanremediatevirtualmachinesatpredeterminedtimesbyusingscheduledtasks.
To schedule virtual machine remediation
2 ClicktheScheduledTasksbutton.
3 RightclicktheScheduledTaskspaneandclickNewScheduledTask.
4 SelectRemediateandclickOK.
5 SelectVirtualMachines/GuestOperatingSystemsandclickNext.
6 Selecttheobjectstowhichthisremediationapplies,andclickNext.
Allvirtualmachinesundertheselectedobjectareremediatedaswell.
7 IntheBaselinespage,selectthebaselinestoapply,andclickNext.
8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesintheUpdates
pageandclickNext.
9 (Optional)Reviewthelistofupdatesthatareexcluded,andclickNext.
10 IntheSchedulepage,selectthetimetoinitiatetheremediationactionsbasedonthestateofthevirtual
machine,andclickNext.

34/52
34 VMware, Inc.
asnapshotofthevirtualmachineiscreated.
Selectthesnapshotoptions,includinganameanddescriptionforthesnapshot,aswellaswhethertotake
asnapshotofthevirtualmachinesmemory,andclickNext.
12 Reviewthesummaryinformationforthetasktobecompleted,andclickFinish.
Scheduled ESX Server RemediationYoucanremediateESXServerhostsatpredeterminedtimesbyusingscheduledtasks.
To schedule ESX Server remediation
3 RightclicktheScheduledTaskpaneandclickNewScheduledTask.
4 SelectRemediate,andclickOK.
5 SelectESXServers,andclickNext.
6 Selectthe
objects
to
which
this
remediation
are
applied,
and
click
Next.
AllESXServerhostsundertheselectedobjectareremediatedaswell.
TheBaselinespageappears.
7 Selectthebaselinestoapply,andclickNext.
8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesandclickNext.
9 (Optional)Reviewthelistofupdatestobeexcluded,andclickNext.
10 Selectthehostremediationoptions,includingwhentheremediationtakesplaceaswellashow
remediationfailuresishandled,andclickNext.
Working with Update Manager Events
UpdateManagerstoresdataaboutevents.Youcanreviewthiseventdatatogatherinformationaboutthe
UpdateManageroperationsthatareinprogressorhavefinished.Forreferenceinformationaboutallevents,
seeEventsonpage 41.
To review events
2 ClicktheEventstab.
Informationabout
the
recent
events
appears.
To export events
2 ClicktheEventstab,andclickExportEvents.

35/52

36/52
36 VMware, Inc.
LanguageSelectwhichlanguageversionsofpatchestoinclude.
ReleasedDateProvideBeforeandAfterdatestospecifyadaterangeforupdates.
UpdateVendorSelectoneofthelistedupdatevendors.
3 ClickFind.
Managing Virtual Appliances
Avirtualapplianceisasoftwaresolutionthatiscomposedofoneormorevirtualmachines,ispackagedasa
unitbyanappliancevendor,andisdeployed,managed,andmaintainedasaunit.
TheUpdateManagersupportforonlineVMwareVirtualAppliancesDevelopmentToolkit(VADK)based
virtualapplianceisanexperimentalfeature.Offlineandsuspendedvirtualappliancescannotbescannedand
remediated.IfavirtualapplianceisnotVADKcompatible,itistreatedasaregularvirtualmachineforguest
patchingandthesamelimitations(suchasnoremediationforLinuxvirtualmachines)stillapply.
AllvirtualappliancesarerequiredtohaveInternetconnectionfordiscovery,scan,andremediation
operations.IfthevirtualapplianceneedstoaccessInternetthroughaproxy,theproxyserversettingscanbe
configuredviatheappliancesownWebUI.
Virtual Appliances DiscoveryAfteryouimportaVADKbasedvirtualapplianceintheVIClient,andpoweritonforthefirsttime,itis
discoveredasavirtualappliance.
To view the information about a virtual appliance
2 ClickInventoryandclickVirtualMachinesandTemplatestoviewthevirtualmachines.
3 SelectavirtualapplianceandclicktheUpdateManagertab.
Youcanseevirtualapplianceinformationsuchasvendor,product,andversion.
Scanning Virtual AppliancesYoucanenableUpdateManagertoautomaticallyscanvirtualappliancesusingpreestablishedtasks,oryou
canmanuallyinitiatescans.Bestpracticeistoputthevirtualappliancesinaseparatefoldersothattheyare
managedeasilyandcheckedforcompliance.
To scan a virtual appliance
2 ClickInventoryandclickVirtualMachinesandTemplatestoviewthevirtualmachines.
3 Intheleftpane,rightclickavirtualapplianceobjecttobescannedandclickScanforUpdates.
To schedule a scan
1 ConnecttheVIClienttoaVirtualCenterServeronwhichUpdateManagerisinstalledandclick
ScheduledTasks.
2 ClickNewinthetoolbartoopentheSelectaTasktoScheduledialogbox.
3 Fromthedropdownmenu,selectScanforUpdatesandclickOK.
4 Selectthetypeofscantoschedule,andclickNext.
5 Selectthevirtualappliancetobescanned,andclickNext.
6 Enterthetasknameaswellasthetaskdescription,configurewhenthetaskwillrun,andclickNext.

37/52
VMware, Inc. 37
Viewingthescanresultsforvirtualappliancesisthesameastheoneforvirtualmachines.Formore
information,seeViewingScanResultsonpage 30.
Remediating Virtual Appliances
Updatesforavirtualappliancearedownloadedbythevirtualapplianceitselfduringtheremediationprocess.
UpdateManageronlycontrolswhenandwhattodownload.ThedownloadURLissetbytheindependent
softwarevendorprovidingthevirtualappliance.
Todownloadtheupdatesforvirtualappliances,UpdateManagerusesthefollowingapproach:
1 UpdateManagerscansthevirtualappliancestoreturnproductandvendorinformation,information
aboutthecurrentversion,andthemissingupdates.
2 UpdateManagerdirectsthevirtualappliancestodownloadthemissingupdates.UpdateManager
controlstheremediationprocesslikewhenandhowtoremediate,butthevirtualapplianceremediates
itself.
Afterremediation,thevirtualappliancecanberebootediftheupdatepackagerequiresthat.
VirtualapplianceshavetheirownWebUIforselfmanagedupdatemode.Iftheautoinstallupdatesoptionis
turnedoninacertainvirtualappliance,UpdateManageronlyrunsreportingmodeagainstit.Thismeansthat
UpdateManagerscansthevirtualappliance,butskipsremediationandtheremediationoperationfailswith
aneventindicatingthereason.
Youcaneitherremediatevirtualappliancesmanually,orcanschedulearemediationprocess.
2 ClickInventoryandclickVirtualMachinesandTemplates.
4 Rightclickthevirtualappliancetoberemediated,andclickRemediate.
5 Selectthebaselinesyouwanttoapply,andclickNext.
6 Allupdatesareincludedbydefault.Toexcludeindividualupdatesfromtheremediationprocess,deselect
theircheckboxesandclickNext.
7 (Optional)ReviewtheexcludedupdatesandclickNext.
8 IntheSchedulepage,selectthetimeatwhichtoinitiatetheremediationactions,andclickNext.
asnapshotofthevirtualapplianceiscreated.
Selectthesnapshotoptionsincludinganameanddescriptionforthesnapshot,andclickNext.
10 Reviewthesummaryinformationforthetasktobeinitiated,andclickFinish.
To schedule virtual appliance remediation
3 RightclicktheScheduledTaskspaneandclickNewScheduledTask.
4 SelectRemediateandclickOK.
5 SelectVirtualMachines/GuestOperatingSystemsandclickNext.
6 Selectthevirtualappliancestowhichthisremediationwillapply,andclickNext.
7 IntheBaselinespage,selectthebaselinestoapplyandclickNext.

38/52
38 VMware, Inc.
8 Toexcludeindividualupdatesfromtheremediationprocess,deselecttheircheckboxesintheUpdates
pageandclickNext.
9 (Optional)ReviewthelistofupdatesthatwillbeexcludedandclickNext.
10 IntheSchedulepage,selectthetimetocompletetheremediationactions,andclickNext.
asnapshotofthevirtualappliancewillbecreated.
Selectthesnapshotoptionsincludinganameanddescriptionforthesnapshot.ClickNext.

39/52
VMware, Inc. 39
3s
YoucanleaveestablisheddeploymentsofUpdateManagertoautomaticallyrunwithminimaladministrative
intervention.If,however,UpdateManagerrequiresfurtheroptimization,thischapterincludesinformation
thatmighthelpachievethatgoal.
Thischapterdiscussesthefollowingtopics:
CommonProblems
and
Solutions
on
page 39.
Eventsonpage 41.
DatabaseViewsonpage 44.
Common Problems and Solutions
Thissectionincludesinformationaboutthemorecommonproblematicconditionsthatmightoccurwith
UpdateManager.
Gathering Log Files
TogatherinformationaboutrecenteventsontheUpdateManagerserverfordiagnosticpurposes,usethe
GenerateUpdate
Manager
log
bundlefunctionalitythatthesupportscriptvum-support.wsfprovided.
To generate a Update Manager log bundle
1 LogintotheVirtualCenterServeronwhichUpdateManagerisinstalled.
2 ChooseStart>AllPrograms>VMware>GenerateUpdateManagerlogbundle.
LogfilesaregeneratedasaZIPpackage,whichisstoredonthecurrentusersdesktop.
No Baseline Updates Available
BaselinesarebasedonmetadatathatUpdateManagerdownloadsfromtheShavlikandVMwareWebsites.
Shavlikprovidesmetadataforvirtualmachinesandapplications,whileVMwareprovidesmetadataforESX
Serverhosts.
A
common
reason
having
no
updates
available
for
baselines
might
be
that
Update
Manager
cannotcontacttheShavlikservers.TheconnectionbetweenUpdateManagerandtheWebsiteincludesseveral
links,thefailureofanyofwhichmightcauseupdatesinbaselinestobeunavailable.Somepossiblecausesand
solutionsinclude:
Webserverproxymisconfiguration.SeeConfiguringUpdateManagerforUsewithanInternetProxy
onpage 22.
Shavlikserversbeingunavailable.ChecktheShavlikWebsite(http://www.shavlik.com)todetermine
whetheritisavailable.
Operations Reference 3
http://www.shavlik.com/http://www.shavlik.com/

40/52

41/52
VMware, Inc. 41
Chapter 3 Operations Reference
RemediationfailsforsomepatchesPatchesmightnotbereadilyavailable.Forexample,testing
indicatesthatversionsofWindowslocalizedforlanguagesotherthanEnglishorpatchesfor64bit
applicationsmightbeunavailable.ReviewtheTasksandEventstabstodetermineifpatchesthatwere
notappliedwerenotdownloaded.
Remediationiscompleted,butthebaselineisstillnotcompliantThisconditionmightoccurwhen
applyingpatchesthatsubsequentlymakeotherpatchesapplicable.Forexample,apatchmightbe
applicableonlyafteraservicepackisapplied,soapplyingthatservicepackmightaddressallknown
issuesfrom
when
the
remediation
started,
but
the
act
of
applying
the
service
pack
made
other
patches
applicable.
Insuchacase,repeattheremediation.
ESX Server Scanning Fails
ESXServerscanningtypicallyfailsasaresultofinsufficientpermissionsorproblemswithSSLconfiguration.
Checktomakesurethattheaccountbeingusedtodothescanninghassufficientpermissionsandthatyour
SSLconnectionsareproperlyconfigured.FormoreinformationaboutUpdateManagernetworkportsettings
andhowtoconfigurethem,seeUpdateManagerNetworkPortRequirementsonpage 19andConfiguring
theUpdateManagerNetworkPortSettingsonpage 22.
EventsUpdateManagerproduceseventsthathelpyoumonitortheprocessesthatthesystemiscompleting.
Table 3-1. Update Manager Events
Type Message Text Action
Info Successfullydownloadedguestupdatemetadata.Newupdates:.
Error Failedtodownloadguestupdatemetadata. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.
Info SuccessfullydownloadedguestupdatemetadataforUNIX.
Newupdates:
.
Error FailedtodownloadguestupdatemetadataforUNIX. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.
Info Successfullydownloadedhostupdatemetadata.Newupdates:.
Error Failedtodownloadhostupdatemetadata. Checkyournetworkconnectionstomakesurethatyourmetadatasourceisreachable.
Info Successfullydownloadedguestupdatepackages.Newpackages:.
Error Failedtodownloadguestupdatepackages. Checkyournetworkconnectionsto
makesurethatyourupdatesourceisreachable.
Info SuccessfullydownloadedguestupdatepackagesforUNIX.Newpackages:.
Error FailedtodownloadguestupdatepackagesforUNIX. Checkyournetworkconnectionstomakesurethatyourupdatesourceisreachable.
Info Successfullydownloadedhostupdatepackages.Newpackages:.
Error Failedtodownloadhostupdatepackages. Checkyournetworkconnectionstomakesurethatyourupdatesourceisreachable.

42/52
42 VMware, Inc.
Info Successfullyscannedforupdates.
Error Scanninghasbeencancelledbyauser.
Error Failedtoscanforupdates.
Warning Warningduringscanning,foundmissingupdate:.Redownloadingupdatesmightresolvethisproblem.
Error Failedtoscanforupdatesbecauseofaninvalidstate:.
Checkthestateofthevirtualmachine.Rebootthevirtualmachinetofacilitatescanning.
Error Failedtoscanforupdatesbecauseofaninvalidstate:
CheckthestateoftheESXServer.Rebootthehosttofacilitatescanning.
Info Remediationsucceededfor.
Error Remediationfailedforwith.
Checkthetargetsstate.Restartthetargettofacilitateremediation.
Error Failedtoremediateforupdatesbecauseofaninvalidstate:.
Checkthevirtualmachinesstate.Restartthevirtualmachinetofacilitateremediation.
Error Failedtoremediateforupdatesbecauseofaninvalidstate:.
CheckthestateoftheESXServer.Restartthehosttofacilitateremediation.
Error FailedtoscanorremediatebecauseofunsupportedorunknownOS:.
Error Cantremediate:Remediationof
Linuxvirtualmachinesisnotsupported.
Info VMwareUpdateManagerdownloadalert(critical/total):ESXdata.esxCritical/data.esxTotal;Windowsdata.windowsCritical/data.windowsTotal;Linuxdata.linuxCritical/data.linuxTotal.
Providesinformationaboutthenumberofupdatesdownloaded.
Error Failedtoscanforupdatesbecausehostisofunsupportedversion.
Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.
Error Failedtoremediateforupdatesbecausehostisofunsupportedversion.
Forthelatestinformationonwhichhostscanbescanned,seethereleasenotes.
Error Failedtoscanforupdatesbecauseit
isof
unsupported
version
.
HostswithESXServerversionslater
thanESX
Server
3.5
and
ESX
Server
3i
canbescanned.Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.
Error Failedtoremediateforupdatesbecauseitisofunsupportedversion.
HostswithESXServerversionslaterthanESXServer3.5andESXServer3icanbescanned.Forthelatestinformationonwhichvirtualmachinescanbescanned,seethereleasenotes.
Info VMwareUpdateManagerGuestAgentsuccessfullyinstalledon.
Table 3-1. Update Manager Events (Continued)

43/52
VMware, Inc. 43
Error FailedtoinstallVMwareUpdateManagerGuestAgenton.
UpdateManagerGuestAgentisrequiredforremediatingvirtualmachines.FormoreinformationoninstallingUpdateManagerGuestAgent,seeInstallingtheGuestAgentonpage 16.
Error FailedtoinstallVMwareUpdateManagerGuestAgentonbecauseVMwareToolsisnotinstalledorisofanincompatibleVMwareToolsversion.Therequiredversionisandtheinstalledversionis.
Error ThereisnoVMwareUpdateManagerlicenseforfortherequiredoperation.
Obtaintherequiredlicensestocompletethedesiredtask.
Warning VMwareUpdateManagerisrunningoutofstoragespace.Location:. Availablespace:.
Addmorestorage.
Warning VMwareUpdateManageriscriticallylowonstoragespace!Location:. Availablespace:.
Addmorestorage.
Error VMwareUpdateManagerGuestAgentfailedtorespondintimeon.PleasecheckifthevirtualmachineispoweredonandGuestAgentisrunning.
Error AninternalerroroccurredincommunicationwithUpdateManagerGuestAgenton.Pleasecheckifthevirtualmachineispoweredonandretrytheoperation.
Error VMwareUpdateManagerGuestAgentfailedtoaccessDVDdriveon.PleasecheckifaDVDdriveisavailableandretrytheoperation.
Error Anunknowninternalerroroccurredduringtherequiredoperationon.Pleasecheckthelogsformoredetailsandretrytheoperation.
Error Failedtoinstallupdateon.
Info Installofupdateon.
Info Sysprepsettingsarerestored.
Info Sysprepisdisabledduringtheremediation.
Info Failedtoscanorphanedvirtualmachine.
Info Failedtoremediateorphanedvirtualmachine.
Error Failurein
downloading
patches
for
following
updates:
. Checkyour
network
connections
to
makesurethatyourpatchsourceisreachable.
Warning containsanunsupportedvolume.Scanresultsforthisvirtualmachinemaybeincomplete.
Info Initiatingthetaskcancellationon
Warning Therearerunningtasksfortheentitythatcannotfinishwithinaspecifictime.Theoperationwillbeaborted.

44/52
44 VMware, Inc.
Database Views
UpdateManagerusesSQLServerandOracledatabasestostoreinformation.ThedatabaseviewsforMicrosoft
SQLServerandOracledatabasesarethesame.DuetolimitationsinthelengthofthenamesforOracle
database,some
of
the
database
views
in
Oracle
are
with
shorter
names.
VUMV_VERSION
UpdateManagerversioninformation.
VUMV_UPDATES
Softwareupdatemetadata.
Warning Actionisnotsupportedforofflineorsuspendedvirtualappliance.
Ascanorremediationprocessisnotsupportedforofflinevirtualappliance.
Info Successfullydiscoveredvirtualappliance.
Info Failedtodiscovervirtualappliance. Anerroroccurredduringthediscoveryofthevirtualappliance.
Error AutoupdateissettoONforvirtualappliance.
IfautoupdateissettoONinvirtualappliance,UpdateManagercannotperformremediation.
Error Repositoryaddressnotsetforvirtualappliance,itdoesntsupportupdatesbyVirtualCenter.
Info Openfirewallports.
Info Closefirewallports.
Info Patchmetadataformissing.Pleasedownloadupdatesmetadatafirst.
Info Patchmetadataforcorrupted.Pleasecheckthelogsformoredetails.Redownloadingupdatemetadatamayresolvethisproblem.
Table 3-2. VUMV_VERSION
Field Notes
VERSION TheUpdateManagerversioninx.y.zformat,forexample1.0.0
DATABASE_SCHEMA_VERSION TheUpdateManagerdatabaseschemaversion(anincreasingintegervalue),forexample1
Table 3-3. VUMV_UPDATES
Field Notes
UPDATE_ID SoftwareupdateuniqueIDgeneratedbytheUpdateManager
TYPE Theentitytype:avirtualmachineorESXServerhost
TITLE Title

45/52
VMware, Inc. 45
VUMV_PATCHES
Patchbinarymetadata.
VUMV_BASELINES
TheUpdateManagerbaselinedetails.
VUMV_PRODUCTS
Productmetadata,includingoperatingsystemsandapplications.
DESCRIPTION Description
META_UID AuniqueIDprovidedbythevendorforthisupdate(forexample,MS12444forMicrosoftupdates)
SEVERITY Updateseverityinformation.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.
RELEASE_DATE Thedateonwhichthisupdatewasreleasedbythevendor
DOWNLOAD_TIME ThedateandtimethisupdatewasdownloadedbytheUpdateManagerserverintotheUpdateManagerdatabase
SPECIAL_ATTRIBUTE Anyspecialattributeassociatedwiththisupdate(forexample,allMicrosoftServicepackswillbemarkedasServicePack)
Table 3-3. VUMV_UPDATES (Continued)
Field Notes
Table 3-4. VUMV_PATCHES
Field Notes
PATCH_ID UniqueIDforthecurrentpatch,generatedbytheUpdateManagerserver
TYPE Theentitytype:avirtualmachineoranESXServerhost
NAME Nameofthepatch
DOWNLOAD_TIME AURLforthepatchbinary
PATCH_SIZE SizeofthepatchinKB
Table 3-5. VUMV_BASELINES
Field Notes
UPDATE_ID UniqueIDgeneratedforthisbaselinebytheUpdateManagerserver
NAME Nameofthebaseline
TYPE Thebaselinetype:FixedorDynamic
TARGET_TYPE Typeoftargetsthatthisbaselineappliesto:avirtualmachineoranESXServerhost
Table 3-6. VUMV_PRODUCTS
Field Notes
PRODUCT_ID UniqueIDfortheproductgeneratedbytheUpdateManagerserver
NAME Nameoftheproduct

46/52

47/52
VMware, Inc. 47
VUMV_ENTITY_SCAN_HISTORY
Historyofthescanoperations
VUMV_ENTITY_UPDATE_SCAN_HISTORY
Historyofthestatusofagivenentityforanupdate.
ForOracle,thenameofthisdatabaseviewisVUMV_ENTITY_UPDATE_SCAN_HIST.
VUMV_ENTITY_REMEDIATION_HISTORY
Historyof
remediation
operations.
ForOracle,thenameofthisdatabaseviewisVUMV_ENTITY_REMEDIATION_HIST.
Table 3-11. VUMV_ENTITY_SCAN_HISTORY
Field Notes
SCAN_ID UniqueIDgeneratedbytheUpdateManagerserver
ENTITY_UID UniqueID
of
the
entity
the
scan
was
initiated
on
START_TIME Starttimeofthescanoperation
END_TIME Endtimeofthescanoperation
SCAN_STATUS Resultofthescanoperation(forexampleSuccess,Failure,orCancelled)
FAILURE_REASON Anerrormessagedescribingthefailurereason
Table 3-12. VUMV_ENTITY_UPDATE_SCAN_HISTORY
Field Notes
SCAN_ID UniqueID(foreignkeyVUMV_SCAN_HISTORY)
UPDATE_ID UniqueID(foreignkeyVUMV_UPDATES)
ENTITY_UID UniqueIDoftheentitythescanwasinitiatedon
ENTITY_STATUS Statusofthisentityforthisupdate(forexample,MissingInstalled,UnknownorNotApplicable)
Table 3-13. VUMV_ENTITY_REMEDIATION_HISTORY
Field Notes
REMEDIATION_ID UniqueID,generatedbytheUpdateManagerserver
ENTITY_UID UniqueIDoftheentitythattheremediationwasinitiatedon
START_TIME Starttimeoftheremediation
END_TIME Endtimeoftheremediation
REMEDIATION_STATUS Resultoftheremediationoperation(forexample,Success,Failure,orCancelled)
IS_SNAPSHOT_TAKEN Indicateswhethersnapshotiscreatedpriortotheremediation

48/52
48 VMware, Inc.
VUMV_UPDATE_PRODUCT_DETAILS
Aconvenientviewoftheproducts(operatingsystemsandapplications)thatacertainsoftwareupdateapplies
to.
VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS
Aconvenientviewofthesoftwareupdatesthatarepartofabaseline.
ForOracle,thenameofthisdatabaseviewisVUMV_BASELINE_UPDATE_DET.
VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS
Aconvenientviewofthestatushistoryofagivenentityforanupdate.
ThenameofthisdatabaseviewforOracleisVUMV_ENTITY_UPD_SCANHIST_DET.
Table 3-14. VUMV_UPDATE_PRODUCT_DETAILS
Field Notes
UPDATE_METAUID SoftwareUpdateID(foreignkey,VUMV_UPDATES)
UPDATE_TITLE UpdateTitle
UPDATE_SEVERITY Updateimpactinformation.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.
PRODUCT_NAME Productname
PRODUCT_VERSION Productversion
Table 3-15. VUMV_BASELINE_UPDATE_ASSIGNMENT_DETAILS
Field Notes
BASELINE_NAME Baselinename
BASELINE_TYPE Baselinetype:FixedorDynamic
BASELINE_TARGET_TYPE Baselinetargettype,forexample,avirtualmachineoranESXServerhost
UPDATE_METAUID UpdatemetaID
UPDATE_TITLE Updatetitle
UPDATE_SEVERITY Updateseverity.ThevaluesofthisfieldareNot
Applicable,Low,
Moderate,
Important,
Critical,
HostGeneral,andHostSecurity.
Table 3-16. VUMV_ENTITY_UPDATE_SCAN_HISTORY_DETAILS
Field Notes
ENTITY_UID EntityuniqueID(amanagedobjectIDassignedbytheVirtualCenterServer)
SCAN_START_TIME Starttimeofthescanprocess
SCAN_END_TIME Endtimeofthescanprocess
UPDATE_METAUID UpdatemetauniqueID
UPDATE_TITLE Updatetitle
UPDATE_SEVERITY Updateseverity.ThevaluesofthisfieldareNotApplicable,Low,Moderate,Important,Critical,HostGeneral,andHostSecurity.
ENTITY_STATUS Statusoftheentitywithregardtotheupdate.ThisfieldhasvaluesMissing,Installed,Unknown,andNotApplicable.

49/52

50/52

51/52
VMware, Inc. Update1
Updates for the Update Manager Administration
Guide
LastUpdated:February13,2009
ThisdocumentprovidesupdatestotheUpdate2ReleaseforUpdateManager1.0versionoftheUpdateManagerAdministrationGuide.Updateddescriptions,procedures,andgraphicsareorganizedbypagenumbersothatyoucaneasilylocatetheareasoftheguidethathavechanges.Ifthechangespansmultiplesequential
pages,thisdocumentprovidesthestartingpagenumberonly.
ThefollowingisanupdatetotheUpdateManagerAdministrationGuide:UpdatesfortheTableofSupportedDatabaseFormatsonPage 12
Updates for the Table of Supported Database Formats on Page 12
Table 21doesnotmentionsupportforversionslaterthan10.2.0.3.0ofOracle 10gEnterpriseRelease 2.The
rowshouldappearasfollows:
OracleDatabase10gRelease2(10.2.0.1.0) Applypatch10.2.0.3.0totheclientandserverandthenapplypatch5699495totheclient.
Note:VMwaresupports10.2.0.3.0andlaterversionsofOracleDatabase 10gRelease2.

52/52
Updates for the Update Manager Administration Guide

Vi3 Vum 10u2 Admin Guide

Documents

Vi3!35!25 u2 3 Server Config

PIRATEPARTEI – PK Steierreform vum 2. Dezember 2015

Disaster Recovery “Cookbook” Guide Using VMWARE VI3...

Vi3 Installation Guide

MIIC886007 - REGISTRO PROTOCOLLO - 0001698 - 13/05/2020 -...

08Q4 VM Exchange Server 2007 VI3 WP

Elefantcsontpart Buzas VUM 200903

Vi3 Vec 10 Admin Guide

HIGHLIGHTS VUM MOUNT FEBRUAR 02 - img.100komma7.lu ·...

inCorp Portal - digital understøttelse af VUM

Vum gelderland

Vi3 Vum 10 Admin Guide

Vi3!35!25 Resource Mgmt

Vi3!35!25 u2 3i Server Config

VI3 IC REV B - 06 Virtual Machines

Vi3 Admin Guide