Just looking for a bit of guidance in creating a patching policy for my work place. We have a small-ish ESXi environment. 1 vCenter and 12 ESXi hosts in an air-gap environment.
All hosts are running ESXi 6.7U3 and are on the 2nd to last Dell custom image released Aug 2019. Management are happy that only critical patches are applied from now - so does the following sound plausible?
Create 12 x ESXi Host baselines in VUM (One for each month of the year). Each baseline will be configured for ESXi 6.7 critical patches and will also be configured to only contain patches released within that calendar month. The plan is to patch one month behind allowing time for testing etc - so at the end of Feb 2021 I will download all patches from VMware website, upload to VUM and hopefully the January baseline should populate with relevant patches , which I can then attach to the required hosts.
Is this a viable patching strategy? Obviously I will x-reference HCL's too etc.