You can use this KB for reference
Also It would be good to patch a single host & also you can patch at cluster level.If you are going to update your system to update releases you can have a single rollup bulletin which contains both bug fixes & security update.
If you want to patch only with security updates you can choose that option in update manger.
Update Manager works on 5 thumb Rules.
1- Create A Baseline ( Baseline is collection of your patches, Extenstions, Upgrades or any bug fixes). Two types ( Static and Dynamic ( Static does not get updated automatically if any patch of the similar type is added to the repository where in dynamic baseline gets automatically updated if any patch of the similar type is added to the repository.
2- Attach the baseline- So in your case once you have created the baseline based on the patches that u want for your esxi host its time to attach this baseline to your esxi host (Yes it can be attached to a single ESXI host also to the entire cluster.
3- Scan for compliance- Scan to check whether your esxi host is compliant or non compliant based on the baseline which is attached to it. If it is compliant you are all good but if it;s not compliant you need to proceed further.
4- Staging- This is process in which you download the actual patch it does not require any downtime for your esxi host, as it will downloading the patch to your repository because initially only information about the patch is downloaded.
5- Remediation- This is the last stage which is actually patching your Esxi host ( Based on the patches you have added to your baseline your esxi may or may not reboot..
Update Manager downloads the list of available patches from vmware.com. To set up frequency of the repository update, click Home. Click the Update Manager icon. Under the Configuration tab, click Patch Download Schedule.
To view the Patch Download scheduled task, click Home > Scheduled Tasks > VMware vCenter Update Manager Update Download.
To manually run this task, right-click the task and click Run.
When running the task, you see Download Patch Definitions task in the Recent Tasks.
- If the Download Patch Definitions task fails, ensure Update Manager can reach vmware.com. For more information
To attach the baselines to the ESX host:
Click Home > Hosts and Clusters.
Highlight the ESX host you want to update and click the Update Manager tab.
Click Attach. Select Critical Host Patches and Non-Critical Host Patches baselines and click Attach.
Note: To create custom baselines click Home > Update Manager > Baselines and Groups > Create.
To scan the ESX host for missing patches against the repository, right-click on the ESX host and click Scan for Updates > Patches and Extensions > Scan.
Scan progress is shown by the Scan Entity task in the Recent Tasks.
The host scan does not affect running virtual machines.
If the scan fails, ensure the ports between Update Manager and the ESX host are open. For more information, seeVMware Update Manager network port requirements (1004543).
When the scan is complete you see the number of patches missing on the ESX host. If no patches are missing, you see Compliant.
To remediate the missing patches to the ESX host:
- Power off all virtual machines or vMotion them to a different ESX host.
- Place the ESX host into maintenance mode. Right-click on the ESX host, choose Enter Maintenance Mode, and click Yes.
- Right-click on the ESX host and choose Remediate > Critical Host Patches and Non-Critical Host Patches baselines and click Next.
- Choose which updates or patches to install, click Next > Next > Finish.
- Remediate progress is shown by the Remediate Entity task in the Recent Tasks.
This task might take some time as Update Manager starts downloading patches from vmware.com.
If the remediation fails, ensure the ports between Update Manager, the ESX host, and vmware.com are open. For more information, see VMware Update Manager network port requirements (1004543).
The ESX host might reboot after remediation completes.
Also you can refer the below link to watch video and more about
Sreekanth45 solution is step by step
My sentiments exactly!Chestin Hay
I agree with Sreekanth steps because it's step by step procedure is there no need to go to KB's
I'm using vSphere web client and I think Update Manager server component is just installed in Virtual Center, I read it's necessary to install plug-in for my browser?
How can I verify if both browser plug-in and Update Manager server component is just installed? Excuse me for my dummy question