An administrator needs to use vSphere Update Manager to perform orchestrated upgrades of ESXi hosts and virtual machines. The vSphere management components reside in a secure environment that does not have direct access to the Internet.
How would Update Manager be configured in this environment while maintaining the organization’s security requirements?
A. Install Update Manager Download Service on a machine with Internet access and configure an export policy to the Update Manager server.
B. Install Update Manager Secure Gateway on a machine in the DMZ and configure an IPsec tunnel to the internal Update Manager server.
C. Create a TFTP server as an HTTP proxy and configure an export policy to the Update Manager server.
D. Enable gateway services on the Update Manager server and provide Internet access to the gateway address.
Correct Answer: A
Explanation/Reference:
Explanation:
VMware vSphere Update Manager Download Service (UMDS) is an optional module of Update Manager. UMDS downloads upgrades for virtual appliances, patch metadata, patch binaries, and notifications that would not otherwise be available to the Update Manager server.
For security reasons and deployment restrictions, vSphere, including Update Manager, might be installed in a secured network that is disconnected from other local networks and the Internet. Update Manager requires access to patch information to function properly. In such an environment, you can install
UMDS on a computer that has Internet access to download upgrades, patch binaries, and patch metadata, and then export the downloads to a portable media drive so that they become accessible to the Update Manager server.
In a deployment where the machine on which Update Manager is installed has no Internet access, but is connected to a server that has Internet access, you can automate the export process and transfer files from UMDS to the Update Manager server by using a Web server on the machine on which UMDS is installed.
Incorrect Answers:
B: “Update Manager Secure Gateway” is not a valid product. Therefore, this answer is incorrect.
C: A TFTP (Trivial File Transfer Protocol) server cannot be configured as an HTTP proxy. Therefore, this answer is incorrect.
D: The Update Manager server has no Internet access for security reasons. Configuring the server as a gateway (router) and providing Internet access to the gateway address would still involve connecting the server to the Internet. This is not a valid solution. Therefore, this answer is incorrect.
References:
https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.update_manager.doc%2FGUID-AB1032CF-2C9A-44E5-94BA-216396F167F9.html