VMware Cloud Community
vm__geek
VMware Employee
VMware Employee
Jump to solution

UCS 6.7 u3 ESXi Patching

Hello,

The latest custom ESXi iso for Cisco servers available on VMware is 6.7.0 build number 14320388 released on 20/8/2019.

Is it recommended to install the newest embedded and installed patches that follow? (the latest is 09/06/2020 with build number 16316930) or it's better to keep the custom iso at it's original version. I am asking this to see if I will experience any issues with these servers if I decide to upgrade.

I don't have internet access on my vCenter, should I download the patch bundle from myvmware and upload it manually to VUM. And should I remediate it all or should I exclude some of the patch files?

Thank you!

Reply
0 Kudos
1 Solution

Accepted Solutions
nirmalgnair
VMware Employee
VMware Employee
Jump to solution

Hi @vm__geek

Vendor will release only major releases. In this case 6.7u3.

The updates that you see from VMware for Eg : Build : 16316930 are various bug fixes and security patches released from VMware.

So its okay to go ahead and patch the ESXi's to the latest version which includes security patches.

As you mentioned since there is not internet, you can download the file from https://my.vmware.com/group/vmware/patch#search  and upload to VUM and make use of it to patch the hosts and there is nothing to exclude.

Regards,

Nirmal Nair

View solution in original post

Reply
0 Kudos
10 Replies
scott28tt
VMware Employee
VMware Employee
Jump to solution

Moderator: Thread moved to the Update Manager area.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
amohammadimir
Hot Shot
Hot Shot
Jump to solution

Patches are mostly related to bugfix, security and enhancement so I suggest you to update.

Yes, you can download the patches from my VMware portal and upload them to the VUM and remediate. You only need the latest patch to apply.

Please remember to mark the replies as answers if they helped.
Reply
0 Kudos
vm__geek
VMware Employee
VMware Employee
Jump to solution

If I have the custom Cisco ESXi 6.7 u3 installed on these UCS Servers. Would I have any issues If I install the latest patch provided by VMware? Should I exclude some of the content of the patches such as driver's updates?

Reply
0 Kudos
nirmalgnair
VMware Employee
VMware Employee
Jump to solution

Hi @vm__geek

Vendor will release only major releases. In this case 6.7u3.

The updates that you see from VMware for Eg : Build : 16316930 are various bug fixes and security patches released from VMware.

So its okay to go ahead and patch the ESXi's to the latest version which includes security patches.

As you mentioned since there is not internet, you can download the file from https://my.vmware.com/group/vmware/patch#search  and upload to VUM and make use of it to patch the hosts and there is nothing to exclude.

Regards,

Nirmal Nair

Reply
0 Kudos
amohammadimir
Hot Shot
Hot Shot
Jump to solution

No, you won't face any issue, I have updated many UCS servers and so far no issue at all.

No need to exclude some of the content.

Please remember to mark the replies as answers if they helped.
Reply
0 Kudos
vm__geek
VMware Employee
VMware Employee
Jump to solution

Thank you. Do you recommend remediating only Critical Host Patches? or also non critical too?

Reply
0 Kudos
nirmalgnair
VMware Employee
VMware Employee
Jump to solution

You can do both so that VUM will show it as Complaint 🙂

Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

Please note that VUM selects the patches based on the bulletins included in the patch bundles, so you will need to upload all patch bundles that were released after the build that you are using to VUM in this case.

Patching the host from the command line using esxcli will only require the latest patch bundle.

André

Reply
0 Kudos
vm__geek
VMware Employee
VMware Employee
Jump to solution

So if I have to patch the host with all the newer patch bundles one by one? I thought I can download only the latest one and it can be enough

Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

So if I have to patch the host with all the newer patch bundles one by one?

No, a single remediation will work. Just upload all the patch bundles to VUM, and create a baseline with all of the new bulletin included.


André

Reply
0 Kudos