Hoping you could help me with a general query I have wrt patching ESX 3.5 servers using the esxupdate utility.
We do have future plans on implementing Update Manager, but at the moment we use esxupdate with a patch depot, according to the instructions in the ESX Server 3 Patch Management Guide.
Prior to the release of U3, we followed the advice in the guide of applying all security patches, and also reviewing bug fixes and general updates, and applying them if they were applicable to our environment.
Now when the update package for U3 was released, I noticed that it had a huge list of "required" updates that needed to be present. A considerable number of these were general updates and bug fixes, a lot of which we hadn't applied (as per the Patch Management gudie) as they were not relevant to our environment.
So we were left with the option of downloading a load of packages and their dependencies and installing them so that the necessary requirements for U3 would be met. We opted for the far simpler option of booting off the U3 installation media and upgrading our servers that way
So - can anyone clarify whether you're supposed to install all Vmware issued bug patches and general updates, regardless of whether they are applicable to your environment? Obviously all security updates have to be applied, but if you only install relevant general updates and bug fixes, then you could be left with a large "required" list when a major maintenance release (U3 in my case) comes along.
Hope I've explained this clearly. Has anyone come across this or am I the only one using esxupdate?
Message was edited by: pb3
"Supposed to" is a big one. I'd personally not recommend blindly installing all patches, unless you've determined they apply to your environment, and that you've tested them against what you've currently got deployed, to ensure you've got nothing "odd" waiting for you. When you have a huge leap U2 -> U3, it should also follow this same testing process, and only be applied if it will provide you with new functionality, or fix an existing issue. Then again, that is how I feel about it. There is no one right way to do patching, it is highly organizationally dependant.