Listen to this Post
Broadcom has announced significant changes to how VMware updates are accessed, requiring a download token linked to a customer’s SiteID. This shift impacts various VMware products and tools, deprecating the traditional free access to updates via depot.vmware.com.
What is Changing?
Previously, VMware administrators could fetch updates directly from `depot.vmware.com` for products like vCenter Server and ESXi. However, Broadcom now mandates a SiteID-based token for downloads, tying update access to licensing and support.
- The old URLs will stop working after April 23, 2025.
- A SiteID (a unique identifier for licensing) is now required to generate download tokens.
Affected Products
The following VMware products are impacted:
- VMware vCenter Server 7.x & 8.x
- VMware vSphere ESXi 7.x & 8.x
- SDDC Manager 4.5.x & 5.x
- Offline Bundle Transfer Utility (OBTU)
- Async Patch Tool (AP Tool)
- Update Manager Download Service (UMDS)
- vSAN File Services
You Should Know:
How to Generate a VMware Download Token
1. Obtain Your SiteID:
- Log in to the Broadcom Support Portal.
- Navigate to Licensing > My Products to find your SiteID.
2. Generate a Token:
- Use the VMware API or Broadcom’s token generation tool:
curl -X POST "https://api.broadcom.com/vmware/token" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"siteId": "YOUR_SITE_ID"}' - Save the returned token for authentication.
3. Configure VMware Products to Use the Token:
- For vCenter CLI updates:
esxcli software profile update -p PROFILE_NAME \ --depot=https://depot.vmware.com?token=YOUR_TOKEN
- For UMDS (Update Manager Download Service):
/usr/bin/vmware-umds --token YOUR_TOKEN --siteid YOUR_SITE_ID
Alternative: Offline Bundle Transfer Utility (OBTU)
If automated downloads fail, manually transfer updates using:
obtu-cli --download --token YOUR_TOKEN --bundle ESXi-8.0U2-offline.zip
Verifying Token Validity
Check if your token is active:
curl -I "https://depot.vmware.com/vmw-desktop/ws/1.0/file.json" \ -H "Authorization: Token YOUR_TOKEN"
(HTTP 200 OK means valid.)
What Undercode Say
Broadcom’s move enforces stricter licensing control, requiring admins to adapt quickly. Key takeaways:
– Linux admins: Use `curl` and `jq` to automate token handling.
– Windows admins: PowerShell can fetch tokens via Invoke-RestMethod.
– Automate updates with cron jobs or scheduled tasks to avoid disruptions.
Essential Commands to Remember:
<h1>Check VMware ESXi version</h1> esxcli system version get <h1>List installed VIBs (ESXi packages)</h1> esxcli software vib list <h1>Force a manual update check</h1> vmware-updateMgr --check --token YOUR_TOKEN
For **PowerShell users**:
$token = (Invoke-RestMethod -Uri "https://api.broadcom.com/vmware/token" -Method POST -Headers @{"Authorization"="Bearer API_KEY"}).token
Start-Process "vmware-updater.exe" -ArgumentList "--token $token"
## **Expected Output:**
A structured workflow ensuring VMware updates proceed smoothly post-April 2025, with minimal downtime.
References:
Reported By: Phuong Nguyen – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
