jfoutwest
Enthusiast
Enthusiast

Patch ESXi U2 or upgrade to U3

We have ESXi 5.5 U2 systems that have not been patched in a few years. Would you advise to patch these systems using the patches listed in VMware Update Manager or upgrade the hosts to ESXi 5.5 U3? Thank you.

0 Kudos
3 Replies
MKguy
Virtuoso
Virtuoso

If you simply apply all outstanding/latest patches via VUM on these 5.5 (whatever build/upgrade) hosts, they will automatically be upgraded to U3. No separate upgrade process is necessary here.

And yes, you should probably due that due to some critical vulnerabilities and bugs being fixed.

-- http://alpacapowered.wordpress.com

If you directly upgrade to 5.5 U3, and then perform a scan again, the compliance status of the VUM comes up as non compliant.

When you view why the baseline is non compliant you can see few of the patches are missing.

These missing patches are not included in the 5.5 U3 bundle (even though updates are cumulative) perhaps because of their release dates.

If the status comes up as non compliant even after updating directly to U3, you will have to perform a re-remediate to get these missing patches applied to the ESXi host.

Suhas

If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Don't Backup. Go Forward! Rubrik Peek into my Website: http://www.virtuallypeculiar.com
cyberfed2727
Enthusiast
Enthusiast

Update manager is the easiest way to get your systems patched up to date. Your other option is to build an ISO that has ESXi update 3 with all the latest patches slip streamed into it. This is cumbersome and really not needed since you have access to update manager.