VMware Cloud Community
andvm
Hot Shot
Hot Shot
‎09-18-2021 08:09 AM

Patch ESXi after Deploying Vendor Custom Image

Hi,

vSAN Baseline Group suggested the following upgrade:

DellEMC Customized VMware ESXi 7.0 U2 (build 17867351). (Think VUM obtains this Dell Custom Image in the background rather than having to find it and upload it to VUM?)

The Server has been upgraded via VUM however I still see 12 critical and 5 Security patches pending, what is the correct process to update this custom image so it includes this patches and is it recommended to do so since its a Customized vendor image?

This should not change any drivers as they have already been validated via the HCL

Thanks

 

 

0 Kudos
6 Replies
Alex_Romeo
Leadership
Leadership
‎09-20-2021 02:32 PM

Hi,

VMware patches can be applied on top of the vendor-customized image. This will not remove the customization drivers.

The general rule is to bring the version to the latest released by the hardware manufacturer (Dell. HPE, etc ...), if VMware releases additional patches, they can be applied without problems.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
andvm
Hot Shot
Hot Shot
‎09-23-2021 09:08 PM

Ok so do I select Critical Host Patches (Predefined), click STAGE and REMEDIATE and it will auto pickup the Missing (Shown under Status) critical updates?

Which Baselines should normally be attached - The Critical Host Patches and the Host Security Patches (Both Predefined)?

andvm_0-1632456580238.png

In this case the following are the ones showing as "Missing", I see core ESXi VIBs and this is perfectly ok to do right as sometimes in past I got vib conflicts events?

 

andvm_1-1632456708694.png

 

 

0 Kudos
Alex_Romeo
Leadership
Leadership
‎09-24-2021 12:28 AM

Hi,

1- Yes, or create the Baseline with the patch you want to install.

2- Did you install a customized Esxi image from the hardware manufacturer (dell, hpe, etc ...) or that of VMware? Normally, patches do not change the drivers inserted by the hardware manufacturer.

 

ARomeo

 

Blog: https://www.aleadmin.it/
0 Kudos
andvm
Hot Shot
Hot Shot
‎09-24-2021 04:35 AM

1) yes creating a Baseline sounds good to include just the needed Critical and Security Patches, should I select all the Updates that show "Missing" under Status or can I just select one that would include all?

Critical

andvm_1-1632483154617.png

 

Security

andvm_0-1632483107791.png

 

2) Installed via VUM as suggested image was a customized Esxi image from Dell (I did not upload anything to VUM however)

0 Kudos
Alex_Romeo
Leadership
Leadership
‎09-24-2021 05:26 AM

Hi,

1- you can select the one that includes all.

2 -You need to install the Dell customized major releases. While for security patches you can use those released by vmware.

From VUM select only the patch you are interested in.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
andvm
Hot Shot
Hot Shot
‎09-25-2021 06:23 AM

Ok created and using a baseline that includes the Dell Custom image for ESXi 7.0 Update 2a, which image was already available in VUM.

For the rest it was not clear which update I should include from the Security and Critical patches so I did not add to Baseline

 

0 Kudos