3 Replies Latest reply on Dec 2, 2016 11:45 AM by Solidbrass

    How to automate vSphere 6.5 patching with non-internet connected vCenter Server Appliance?

    Solidbrass Novice

      I cannot be the only person who does not want vCenter or ESXi hosts to have paths to the internet so I am befuddled that this was not anticipated and documented well for vSphere 6.5. I'm interested in suggestions for making this work elegantly and reliably. I had this working as follows in vSphere 6.0:

       

      vCenter Server Appliance lives on private network 1 along with hosts.  This network has no direct routes to the internet.

      vCenter Update Server running on Windows Server 2012 R2 lives on private network 1 and is also connected to a private network 2.  Private network 2 is shared only by the two Windows VM's.

      vCenter Download server running on Windows Server 2012 R2 is connected to the internet and to private network 2.

      The vCenter Download server would download patches via its internet connection and then export downloaded patches to an SMB share hosted on vCenter Update Server via private network 2.

       

      This fairly straightforward and reliable architecture seems to have been annihilated as an option with vSphere 6.5.  Since Windows can no longer host updates for the vCenter appliance, there are seemingly two options.  The first is to download all the patches and import them manually from the vCenter appliance interface, which is a painfully ugly (moving endless zip files around?) and unautomatable approach. The other option presumably is to deploy the linux download service and export to a location where vCenter Server can access it via HTTPS.  The documentation for this is... not written by a native english speaker and provides exactly zero details on how the http server should be configured for vCenter to be happy with it.

       

      Has anyone made this work yet?