I had a design/suggested infrastructure set up on a recent project which basically had UMDS on a server in a DMZ getting ESXi patches from the internet via a proxy. Then a server in a secondary DMZ outside one of the target environments running another UMDS instance.
The idea was to open 80/443 from UMDS in one DMZ to the other. Adding the internet connected UMDS server as a url to the secondary UMDS server.
Can you do it?
It only works with vendor website, not a downstream UMDS.
Here endeth the lesson for today!
(Ok, so what you should do instead is simply UNC copy the patch store to a server/location that the upstream “VUM” can access, wherever that may be. From there it can be replicated on upstream if necessary via Robocopy etc.
This was discovered after many hours of headbashing.)