VMware vSphere

Hello Experts,

For the update of the esx through VUM, do you recommend to use the predefined template Critical Host Patches

Or is it too risky? and would it be better to use a custom one and slow down on the patches?

I don't want to break anything...

Moderator: I've just moved 2 of your threads to the Update Manager area, please try and post in the correct and most specific area for the product or technology you are using.

Hello Albert,

I would never use only the "Critical Host Patches" baseline for remediation, but only for checking compliance to ensure that all critical patches have been applied.

To bring ESXi to a consistent known state remediate your hosts with custom baselines to which you add a "Rollup bulletin". Rollup bulletins are published with every ESXi patch and include all fixes (critical and non-critical, security and bug fixes) that were released so far.

You can find more information about rollup bulletins in this blog post: New Rollup Bulletins Simplify VMware ESXi Updating - VMware vSphere Blog

There have been very few issues in the past with ESXi patches, so I consider it safe to always install the latest one for every ESXi version. However, you can also always select an older rollup bulletin, or test each new rollup in a test environment first.

- Andreas

Hello Andreas

So you recommend me to make a specific baseline for example for the Patch Releases and follow that order?

regards

Yes, create a new fixed baseline, sort the patches by "Release Date" and pick the latest one with the name "VMware ESXi x.x Patch Release".

Here is an example for 6.5:

Then remediate your hosts with this baseline.