Hi,
I thought Update Manager would automatically approve critical updates. I have kept the default baseline for the ESX hosts critical patches.
Now if i query one of my hosts i get:Installed software bundles:
-
Name -
--- Install Date --- --- Summary ---
3.5.0-64607 02:40:45 09/02/07 Full bundle of ESX 3.5.0-64607
ESX350-200712407-BG 13:47:08 02/06/08 bnx2 driver update
ESX350-200712401-BG 13:47:32 02/06/08 Fix bnx2 issues
ESX350-200712402-SG 13:48:00 02/06/08 samba security update
ESX350-200712403-SG 13:48:22 02/06/08 util-linux security update
ESX350-200712404-SG 13:48:49 02/06/08 perl security update
ESX350-200712405-SG 13:49:12 02/06/08 openssl security update
ESX350-200712406-BG 13:49:33 02/06/08 tzdata update
ESX350-200712409-BG 13:49:54 02/06/08 Incorrect sockets # reported on Tigerton
ESX350-200712410-BG 13:50:27 02/06/08 hostd crashes during concurrent VMotions
ESX350-200802403-BG 22:07:57 04/02/08 Improved Data Collection for vm-support.
New packages:
VMware-vpxa-2.5.0-84767
hp-OpenIPMI-8.0.0-113.vmware30
hpasm-8.0.0-173.vmware30
hprsm-8.0.0-169.vmware30
hpsmh-2.1.11-197
And in the update manager i have a couple of unknown update either critical or Notapplicable. (Please see screenshot)
Should i just include all the critical update and the manager will know which one supersedes one another?
Yes, update manager will know which patch supersedes a previous patch. That should not be an issue. I typically will include all patches, to stay complaint on all patch releases. This is after testing in a lab/lower env of course to make sure nothing else breaks.
Update manager doesn't really approve anything, that is dependent your baseline. If you are using a dynamic baseline, then all downloaded patches will be included. Whether you choose critical only, is up to you. Other than that, there is nothing else special that Update Manager is doing with the baseline.
After you run the scan and remediate, then all will be in compliance, and the NotApplicable compliance status will be updated as well.
-KjB
Yes, update manager will know which patch supersedes a previous patch. That should not be an issue. I typically will include all patches, to stay complaint on all patch releases. This is after testing in a lab/lower env of course to make sure nothing else breaks.
Update manager doesn't really approve anything, that is dependent your baseline. If you are using a dynamic baseline, then all downloaded patches will be included. Whether you choose critical only, is up to you. Other than that, there is nothing else special that Update Manager is doing with the baseline.
After you run the scan and remediate, then all will be in compliance, and the NotApplicable compliance status will be updated as well.
-KjB
Cool, i just forgot to scan the hosts again. Now the updates are indeed included as it should be as my baseline is dynamic.
Greetings