VMware Cloud Community
amateolo
Enthusiast
Enthusiast
‎07-10-2020 01:44 AM
Jump to solution

VUM "Critical Host Patches (Predefined) "

Hello Experts,

For the update of the esx through VUM, do you recommend to use the predefined template Critical Host Patches

Or is it too risky? and would it be better to use a custom one and slow down on the patches?

I don't want to break anything...

1 Solution

Accepted Solutions
peetz
Leadership
Leadership
‎07-10-2020 04:37 AM
Jump to solution

Yes, create a new fixed baseline, sort the patches by "Release Date" and pick the latest one with the name "VMware ESXi x.x Patch Release".

Here is an example for 6.5:

ESXi65-Baseline.png

Then remediate your hosts with this baseline.

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de

View solution in original post

4 Replies
scott28tt
VMware Employee
VMware Employee
‎07-10-2020 03:26 AM
Jump to solution

Moderator: I've just moved 2 of your threads to the Update Manager area, please try and post in the correct and most specific area for the product or technology you are using.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
peetz
Leadership
Leadership
‎07-10-2020 04:04 AM
Jump to solution

Hello Albert,

I would never use only the "Critical Host Patches" baseline for remediation, but only for checking compliance to ensure that all critical patches have been applied.

To bring ESXi to a consistent known state remediate your hosts with custom baselines to which you add a "Rollup bulletin". Rollup bulletins are published with every ESXi patch and include all fixes (critical and non-critical, security and bug fixes) that were released so far.

You can find more information about rollup bulletins in this blog post: New Rollup Bulletins Simplify VMware ESXi Updating - VMware vSphere Blog

There have been very few issues in the past with ESXi patches, so I consider it safe to always install the latest one for every ESXi version. However, you can also always select an older rollup bulletin, or test each new rollup in a test environment first.

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos
amateolo
Enthusiast
Enthusiast
‎07-10-2020 04:16 AM
Jump to solution

Hello Andreas

So you recommend me to make a specific baseline for example for the Patch Releases and follow that order?

regards

0 Kudos
peetz
Leadership
Leadership
‎07-10-2020 04:37 AM
Jump to solution

Yes, create a new fixed baseline, sort the patches by "Release Date" and pick the latest one with the name "VMware ESXi x.x Patch Release".

Here is an example for 6.5:

ESXi65-Baseline.png

Then remediate your hosts with this baseline.

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de