Well, more tightening with VMware by Broadcom. Broadcom has announced major changes to the way VIAdmins are getting updates in their environments. Let’s take a look at how Broadcom locking VMware updates and what those changes are and what you need to do moving forward.
What is changing?
Up until today, as we all know, we have been able to simply point to the depot.vmware.com site and get our updates in products like vCenter Server and VMware ESXi hypervisor. However, Broadcom is now deprecating this functionality as a “free” way to get updates.
- These URLs will continue to work until 4/23/2025. After this, they will no longer work without the unique tokens as part of the download request.
Now, Broadcom is taking this a step further by now requiring a token be generated based on the SiteID of the customer. The SiteID is a new construct for Broadcom licensing that ties a user/organization with their licensing and support. So, downloads are now hinged on this SiteID before they will be able to pull updates from the download site.
Below is the message users are now seeing when logging into their Broadcom support portal:
You can read the official KB article here: VCF Authenticated downloads Configuration Update Instructions.
What products are affected currently with this change?
Note the following products that are currently affected with this change to VMware downloads:
- VMware vCenter Server 7.x
- VMware vCenter Server 8.x
- VMware vSphere ESXi 7.x
- VMware vSphere ESXi 8.x
- SDDC Manager 4.5.x
- SDDC Manager 5.x
- Offline Bundle Transfer Utility (OBTU)
- Async Patch Tool (AP Tool)
- Update Manager Download Service (UMDS)
- vSAN File Services
Relevant KB articles
The VMware KB has documented the following relevant KB articles on how to update your download repository URLs for each of the products in the portfolio. Take a look at the relevant table below with links to the KBs you need for either manually updated the repo URLs or using the VMware-provided script.
| Depot | Component | Scripted Method | Manual Method |
| VCF Depot | SDDC Manager | KB389276 | KB389871 |
| Offline Bundle Transfer Utility (OBTU) | Not Available | KB390119 | |
| Async Patch Tool (AP Tool) | Not Available | KB390122 | |
| vApp Update (vCenter) | vCenter Server | KB389276 | KB390120 |
| Host Update (ESXi) | vSphere Lifecycle Manager (vLCM) and VMware Update Manager (VUM) | KB389276 | KB390121 |
| Update Manager Download Service (UMDS) | Not Available | KB390123 | |
| Auto Deploy / Image Builder | Not Available | KB391021 | |
| vSAN File Services | vSAN | Not Available | KB390237 |
Running the update script
The preferred method to remediate and change your update repos to include the token is by using the PowerCLI script that VMware by Broadcom has provided.
With the script, you can add automation to your workflow to get this remediated across your environments and it takes the human error out of the equation.
Below, the vCenter Server is still set to the default depot location:
Walkthrough of the process to use the script to update
I have created a separate VHT forum post located below that walks you through the process to update your default depot location to the new URL and using the download token:
I have created a detailed forum post of me walking through the process to use the VMware-provided script to add the download token to the new Broadcom URL:
All in all, the process to add the download token to the new URL is fairly painless along with the script. This is the workflow that I think most will opt for opposed to manually updating the URL and adding the download token to that URL.
Impact on the community
I think the news of Broadcom locking VMware updates is going to impact the community again in a negative way. It further reinforces the fact that there are no more “freebie” VMware solutions, even from an update standpoint. So, if home labbers were not planning on getting certified to get VMUG licensing, and just running with old distros, this will mean no new updates. Let me know in the comments what you think about the new changes for updates. How does this affect you in the home lab? Are you sticking with VMware for the home lab? If not, what virtualization stack are you migrating to?
0 Comments