Hello Experts,
For the update of the esx through VUM, do you recommend to use the predefined template Critical Host Patches
Or is it too risky? and would it be better to use a custom one and slow down on the patches?
I don't want to break anything...
Yes, create a new fixed baseline, sort the patches by "Release Date" and pick the latest one with the name "VMware ESXi x.x Patch Release".
Here is an example for 6.5:
Then remediate your hosts with this baseline.
Moderator: I've just moved 2 of your threads to the Update Manager area, please try and post in the correct and most specific area for the product or technology you are using.
Hello Albert,
I would never use only the "Critical Host Patches" baseline for remediation, but only for checking compliance to ensure that all critical patches have been applied.
To bring ESXi to a consistent known state remediate your hosts with custom baselines to which you add a "Rollup bulletin". Rollup bulletins are published with every ESXi patch and include all fixes (critical and non-critical, security and bug fixes) that were released so far.
You can find more information about rollup bulletins in this blog post: New Rollup Bulletins Simplify VMware ESXi Updating - VMware vSphere Blog
There have been very few issues in the past with ESXi patches, so I consider it safe to always install the latest one for every ESXi version. However, you can also always select an older rollup bulletin, or test each new rollup in a test environment first.
- Andreas
Hello Andreas
So you recommend me to make a specific baseline for example for the Patch Releases and follow that order?
regards
Yes, create a new fixed baseline, sort the patches by "Release Date" and pick the latest one with the name "VMware ESXi x.x Patch Release".
Here is an example for 6.5:
Then remediate your hosts with this baseline.