Make sure the update process is followed as recommended, So that you would not face any issues on the host post upgrading.
Operating systems (OS), virtual machines, virtual appliances, hypervisors, server firmware, and CPU microcode must all be patched or upgraded for effective mitigation of these known variants.
Below mentioned are few KBs for your reference, Which are discussed in detail.
I put a patch on the host when the first issues one shortly after the issue was brought to light and then they recall it. I do not want be in that same situation where they release and recall the patch. So are you saying that you have applied these patches yourself and have seen no issues? That they have not be recalled?
VMware recalled the patched because Intel recalled the patch which they had released for Microcode.
They would be releasing the Microcode by the hardware vendor.
Since the Microcode was not available, VMware had to recall the patch.
This KB was only relevant for organizations that had deployed ESXi650-201801402-BG, ESXi600-201801402-BG, and/or ESXi550-201801401-BG which were pulled down on 01/12/18. VMware’s recommendation is to instead follow the procedure laid out in Hypervisor-Assisted Guest Mitigation for branch target injection. Note that ESXi650-201803401-BG, ESXi600-201803401-BG, and ESXi550-201803401-BG will remove the workaround line below from /etc/vmware/config when applied. Host profiles in ESXi 6.5 may re-introduce the workaround under certain circumstances, see KB52460 for more information. This KB article (52345) will remain published for historical purposes.
It has been updated by VMware if you refer to the above KB.
We have updated in our Lab Environment with the same process and we havent observed any issues till date.
1. Upgrade vCenter
2. Apply ESXi patches
3. Apply the Microcode/BIOS updates
4. Updated firmware and Drivers.
5. Apply all security patches for your Guest OS
6. VMs are using Virtual Hardware Version 9 and above.
Back in January 2018 we deployed the following two patches
Is there a process to remove a patch if it causes issues?
If there is an issue, You could always revert to the previous build.
While the ESXI server is booting you would get the option to Press Shit + r to revert to a previous version of ESXi.
You could implement the patches on the ESXi host, which you have mentioned.
Make sure that you follow the upgrade process as mentioned in the documents.
Below KB lists the Intel and AMD processors for which microcode updates were included in ESXi patches ESXi650-201803402-BG, ESXi600-201803402-BG, and ESXi550-201803402-BG:
Please contact your hardware vendor to determine if BIOS/firmware updates are recommended as there may be additional improvements included with those updates.
LOL yes I can implement them but the purpose of this thread was to find out if there are any down sides to applying them, and I will admit I don't think that question as has been answered
I havent seen any thing which has been creating issues on the ESXi hosts after applying these Patch.
Previous patch which was recovered had few issues, but with these patches, we have not observed issues on the host as of now.
My plan is to install the patches using the update manager where they showed up when I scanned for patches
Yes, VMware ESXi patches would be listed once you download the latest patches and scan on the host.
Yes that is exactly what i said they showed up in the update manager and I plan to install them from there, but the information you provided seemed to focus on the manual install not using the update manager