We are currently on version 5.1.0 (Build 799733) of vSphere (vCenter / ESXi). We have a mandate now that we are to install all security patches for all operating systems in our datacenter. Up until this point we have mainly been updating to the different major releases and have been running stable with version 5.1 for over a year. The next planned update was to be after vSphere 6 was released. We have a fairly large VMware environment (approx 80 ESXi hosts and over 1000 VMs)
I guess my question is, is it ok to just install all security patches released for version 5.1 up to this point (and not bug fixes, etc, that do not really affect us)? We would prefer not to do an upgrade to the latest release 5.5 at this point since we were planning for our next major upgrade to vSphere 6 when that is released sometime next year. We have been running stable without any real issues under this version of 5.1 and would rather not rock the boat too much until we upgrade to the next major release (vSphere 6). If this is not a best practice then would updating to 5.1 Update 3 include all past security patches for version 5.1? I would tend to think that if we do a more major update such as installing Update 3 for 5.1, which includes bug fixes, feature enhancements, etc, then we might as well just update to version 5.5.
Also, If just applying security patches for 5.1, would this affect the build number of ESXi and possibly require an update to our vCenter servers?
Any insight into this would be appreciated. Thanks