TheVMinator
Expert
Expert

Patching Wisdom

What is the difference between an ESXi patch and an ESXi express patch?

VMware KB: Correlating VMware products build numbers to update levels

Are there risks involved in installing the latest patch prior to people finding out what things might break by using it or is that not an issue with ESXi?

Do I always want the latest patch?

homerzzz
Hot Shot
Hot Shot

I believe the difference in Express vs. patch is one vs multiple bulletins in the patch. I try to stay at the latest patch or update level since it typically fixes an issue I have run into. There is always the risk of a new problem being introduced. Read the release notes.

TheVMinator
Expert
Expert

OK thanks - what is the best policy to balance the risk of a new problem being introduced vs. out of date versions?  Is that latest full update such as right now would be "ESXi 5.5 Update 2"? This way there is at least 4 months for any terrible problems to be known on it.  Thoughts / opinions?

rcporto
Leadership
Leadership

The best policy patch for me is test the latest patches on non production environment before apply them on production... and of course, read the release notes before plan the upgrade, because some patches apply only for specific problems/configurations that may not apply for you.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
TheVMinator
Expert
Expert

Thanks - can you be more specific about what you do to test the release in your non-production environment?

Reply
0 Kudos
vThinkBeyondVM
VMware Employee
VMware Employee

Regular patches are planned one, ESXi patch usually gets release every 3 (not strict, it changes) months(It will have bug fixes, important, critical, catastrophic, security fixes etc) . Express patch on the other hand is not planned one: It usally gets released when there is issue which is having impact on multiple customers. Also critical security fixes get into the Express patches.

Checking release notes/KBs on particular patch (either regular patch or express) will help you to understand what is being fixed in the patch, based on that you can decide whether you really need to apply the patch right away or you can wait. If fixes does not impact you, then you need not to apply the patch. However, it is recommended that you apply the latest patch. Sometime you can not know when particular issue may pop up in your environment which was fixed in patch.

Testing on non-production environment usually is not must (people do it just to be on safer side), they look into release notes/KBs of the particular patch and test fixed issues in the patch (those matter to them) to make sure whether fixed issues work fine or not. (some time they check whether upgrade workflow works or not ).  If it works then they go ahead and apply the patch in production. 


----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

View solution in original post

homerzzz
Hot Shot
Hot Shot

I will roll out the patches to our non-critical clusters first. Then I normally confirm typical functionality such as vMotion, sVmotion, HA, backups, replication and check hardware status. I also have all logs forwarded to Splunk which really aids in flushing out any errors. I'll usually wait a week before rolling the patch out to the critical clusters. 

Reply
0 Kudos