VMware Cloud Community
acnsys
Enthusiast
Enthusiast
‎07-03-2008 05:04 AM
Jump to solution

Update manager confusion

Hi,

I thought Update Manager would automatically approve critical updates. I have kept the default baseline for the ESX hosts critical patches.

Now if i query one of my hosts i get:Installed software bundles:

-

Name -

--- Install Date --- --- Summary ---

3.5.0-64607 02:40:45 09/02/07 Full bundle of ESX 3.5.0-64607

ESX350-200712407-BG 13:47:08 02/06/08 bnx2 driver update

ESX350-200712401-BG 13:47:32 02/06/08 Fix bnx2 issues

ESX350-200712402-SG 13:48:00 02/06/08 samba security update

ESX350-200712403-SG 13:48:22 02/06/08 util-linux security update

ESX350-200712404-SG 13:48:49 02/06/08 perl security update

ESX350-200712405-SG 13:49:12 02/06/08 openssl security update

ESX350-200712406-BG 13:49:33 02/06/08 tzdata update

ESX350-200712409-BG 13:49:54 02/06/08 Incorrect sockets # reported on Tigerton

ESX350-200712410-BG 13:50:27 02/06/08 hostd crashes during concurrent VMotions

ESX350-200802403-BG 22:07:57 04/02/08 Improved Data Collection for vm-support.

New packages:

VMware-vpxa-2.5.0-84767

hp-OpenIPMI-8.0.0-113.vmware30

hpasm-8.0.0-173.vmware30

hprsm-8.0.0-169.vmware30

hpsmh-2.1.11-197

And in the update manager i have a couple of unknown update either critical or Notapplicable. (Please see screenshot)

Should i just include all the critical update and the manager will know which one supersedes one another?

Preview file
95 KB
0 Kudos
1 Solution

Accepted Solutions
kjb007
Immortal
Immortal
‎07-03-2008 07:23 AM
Jump to solution

Yes, update manager will know which patch supersedes a previous patch. That should not be an issue. I typically will include all patches, to stay complaint on all patch releases. This is after testing in a lab/lower env of course to make sure nothing else breaks.

Update manager doesn't really approve anything, that is dependent your baseline. If you are using a dynamic baseline, then all downloaded patches will be included. Whether you choose critical only, is up to you. Other than that, there is nothing else special that Update Manager is doing with the baseline.

After you run the scan and remediate, then all will be in compliance, and the NotApplicable compliance status will be updated as well.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

View solution in original post

0 Kudos
2 Replies
kjb007
Immortal
Immortal
‎07-03-2008 07:23 AM
Jump to solution

Yes, update manager will know which patch supersedes a previous patch. That should not be an issue. I typically will include all patches, to stay complaint on all patch releases. This is after testing in a lab/lower env of course to make sure nothing else breaks.

Update manager doesn't really approve anything, that is dependent your baseline. If you are using a dynamic baseline, then all downloaded patches will be included. Whether you choose critical only, is up to you. Other than that, there is nothing else special that Update Manager is doing with the baseline.

After you run the scan and remediate, then all will be in compliance, and the NotApplicable compliance status will be updated as well.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
acnsys
Enthusiast
Enthusiast
‎07-03-2008 07:34 AM
Jump to solution

Cool, i just forgot to scan the hosts again. Now the updates are indeed included as it should be as my baseline is dynamic.

Greetings

0 Kudos