Summary: How to setup and configure VMware Update Manager.
Date: Around 2010
Refactor: 1 May 2025: Checked links and formatting.

Hardware Requirements:

• Processor: Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
• Network: 10/100 Mbps. For best performance, use a Gigabit connection between Update Manager and the ESX/ESXi hosts
• Memory: 2GB RAM if Update Manager and vCenter Server are on different machines. 4GB RAM if Update Manager and vCenter Server are on the same machine

OS Requirements:

• OS: The Update Manager server requires Windows XP, Windows Server 2003, or Windows Server 2008.
• The Update Manager plug-in requires the vSphere Client, and works with the same operating systems as the vSphere Client.
• You can install Update Manager 4.1 only on a 64-bit machine.

Scanning and Remediation limitations:

• Windows: Update Manager scans and remediates Windows guest operating systems.
• Linux: Update Manager does not support patch remediation of Linux virtual machines and only scans powered-on Linux guest operating machines for patches. Update Manager scans and remediates Linux virtual machines for VMware Tools and virtual hardware upgrades.

Database Requirements:

• SQL Server 2005, SQL Server 2008, Oracle 10g, or Oracle 11g database.
• Small-scale environments using the bundled SQL Server 2005 Express
• Database best practice: You should use a dedicated database for Update Manager, not a database shared with vCenter Server, and should back up the database periodically.

Virtual Center Requirements:

• Update Manager is compatible with VirtualCenter Server, vCenter Server, VI Client, and vSphere Client of the same version.
• Update Manager 4.1 is compatible only with vCenter Server 4.1. Although multiple versions of the Update Manager Client plug-in might coexist on the same computer, the Update Manager Client plug-in of version 4.1 can be installed and enabled only on vSphere Client 4.1.

Media: I used this media which will update vCenter to version 4.1 update 1 (released February 2011): VMware-VIMSetup-all-4.1.0-345042.iso

vSphere Update Manager upgrades multiple VMware vSphere components:

• VMkernel
• Service console
  • If present
• Virtual machine hardware
• Virtual Machine Tools
• Guest operating systems
  • For SP and patch releases

The server that is going to run Update Manager also runs vCenter with a database on SQL server. In the VMware vCenter Update Manager Installation and Administration guide (see resources) there are a few guidelines about the creation of the database:

I created a new database and only changes the initial settings for the size:

That gives us a database like this:

As clearly stated in the VMware vCenter Update Manager Installation and Administration guide (see resources) Update Manager is a 32 bits application an although it's running on a 64 bits system it needs a 32 bits DSN, so start 'C:\Windows\SysWOW64\odbcad32.exe' go to system DSN and select the 'SQL Native Client':

Use some logical names for the database and description, and select the SQL server from the dropdown menu where you created the database:

Select to use 'With Integrated Windows Authentication':

Set the default database for the DSN to the database you just created and leave the ANSI settings default:

After the installation you can test the DSN after which you have a new System DSN in the list:

After testing the dsn you can check again in the database properties by clicking on the 'View connection properties' to see the Authentication Method:

Now you're ready to proceed with the installation op Update Manager.

After starting the installation wizard for Update Manager and agreeing to the license agreement you have to enter the vCenter information like servername/IP address and authentication credentials:

Then you get to select the DSN you just created:

Accept the database settings:

Check with your database administrators if you get this message. It means you have to make backups or your server will eventually run out of diskspace:

Select the IP address Update Manager will be available on and keep the default ports. We'll configure the proxy after the installation:

Change the location to where the patches will be downloaded. I checked consumed space and the patches for just ESX 4 did not exceed 1 GB but you should expect more. There is a sizing calculator available from VMware, see the resources:

After Update Manager is installed you have to download the plugin into your vCenter/vSphere Client setup. In your vSphere Client connect to the vCenter server, and go to 'Plug-Ins' → Manage Plug-Ins. Click on the link do download and install the plugin. Notice that this will start a small MSI that will take you through a small installation wizard:

After the plugin is installed you can go to 'Home' in vCenter and you'll have an extra 'Solutions and Applications' icon:

In the Update Manager Administration console go to the configuration tab. Here you can configure and test the proxy settings and select what kinds of download you want. I just want ESX 4 downloads so I just need the two sources I enabled:

When the proxy works you can simply click the 'Download Now' button to start downloading updates manually. Don't forget to configure a daily download schedule through the configuration link on the left.

If VMware would release an update/patch that should be recalled because there is something wrong with it, they let you know through something called a notification. Because bad patches can seriously impact your environment it's recommended that you keep the default schedule of 1 hour and check if notifications are received properly. You can check for errors in the 'Events' tab.

After patches has been downloaded you want to update your hosts with these patches. For administrative and management reasons VMware has created the opportunity for you to create baselines so you can decide which patches should be installed on your hosts in stead of VMware self. I like to create a baseline for a complete update 1 (released February 2011) so I can check my hosts to be compliant with that specific version.

To create a baseline go to the 'Baselines and Groups' tab and click on 'Create' which will present you with a wizard so you can give the baseline a name and a description. Keep in mind that Update 1 is a patch in VMWare terminology so be sure to check the correct baseline type:

Note that the create button that is marked is the wrong one, sorry about that. The correct one is behind the 'New Baseline' wizard window.
Select the 'fixed' baseline type:

Search for the correct patch and add it to the baseline:

After clicking finish it will present you with a brand new baseline:

When you created a baseline you want to attach it to your hosts. I did that on datacenter level, just go to Update Manager tab in your datacenter and click 'Attach' which gives you the opportunity to select the baseline you want to attach:

This will give you an overview of the hosts. Notice that the compliance level is unknown because the hosts and the baseline are not scanned and compared to each other yet:

You can scan the hosts by clicking 'Scan' still in the Update Manager tab in your datacenter view:

When the scan is complete you see that your host are incompatible, this is a small bug which can be ignored (see the resources - release notes ESX 4.1 Update 1):

Because patching a host is a process that requires downtime you want this to take the smallest time possible, to keep your maintenance window low. By staging the updates the patches are already placed on the host so the actual update takes less time. To stage the patches to the host click 'Stage' which will start this wizard to select the appropriate baseline and hosts:

Review the staging and click Next:

After which the staging will start which you can see in the Recent Tasks panel:

When done with staging you can remediate the host by going to the host in vCenter and going to the Update Manager tab again. Click on the 'Remediate' button:

Review the remediation wizard and click next again to review the patches and to click next again:

In the Host Remediation Options window give the task an description and schedule it. Also configure what the task should do if the host cannot go into maintenance mode:

Review the remediation wizard and click 'Finish' to start:

You can watch the progress of the remediation in the Recent Tasks panel:

When the server has rebooted and the update was successful you'll see the host in compliant now: