Host patching is the process in which Update Manager applies VMware ESX/ESXi host patches or third-party patches, such as Cisco Distributed Virtual Switch, to the ESX/ESXi hosts in your vSphere inventory.
You must configure Update Manager network connectivity settings, patch download sources and schedule, as well as proxy settings, so that Update Manager downloads the host patches, patch metadata, and patch binaries. For more information, see Configuring Update Manager.
During host patch operations (scanning, staging, and remediation), you can check Update Manager events for information about the status of the operations. You can also see which host patches are available in the Update Manager repository.
This workflow describes the process to apply patches to the hosts in your vSphere inventory. You can apply patches to hosts at a folder, cluster or datacenter level. You can also apply patches to a single host. This workflow describes the process to apply patches to multiple hosts in a container object.
Configure the Update Manager host and cluster settings.
Some updates might require that the host enters maintenance mode during remediation. You should configure the Update Manager response when a host cannot enter maintenance mode. If you want to apply updates at a cluster level, you should configure the cluster settings as well. You can configure the Update Manager settings from the Configuration tab of the Update Manager Administration view. For more information and the detailed procedure about configuring host and cluster settings by using Update Manager, see Configuring Host and Cluster Settings.
Create fixed or dynamic host patch baselines.
Patch data in dynamic baselines change depending on the criteria you specify each time Update Manager downloads new patches. Fixed baselines contain only the patches you select, regardless of new patch downloads.
You can create patch baselines from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating fixed patch baselines, see Create a Fixed Patch Baseline. For detailed instructions about creating a dynamic patch baseline, see Create a Dynamic Patch Baseline.
Attach the patch baselines to a container object containing the hosts that you want to scan or remediate.
The container object can be a folder, cluster, or datacenter. You can attach baselines and baseline groups to objects from the Update Manager Compliance view. For more information about attaching baselines and baseline groups to vSphere objects, see Attach Baselines and Baseline Groups to Objects.
Scan the container object.
After you attach baselines to the selected container object, you must scan it to view the compliance state of the hosts in the container. You can scan selected objects manually to start the scanning immediately. For detailed instructions on how to scan your hosts manually, see Manually Initiate a Scan of ESX/ESXi Hosts.
You can also scan the hosts in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see Schedule a Scan.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see Viewing Scan Results and Compliance States for vSphere Objects.
(Optional) Stage the patches in the attached baselines to the hosts that you want to update.
You can stage the patches and copy them from the Update Manager server to the hosts before applying them. Staging patches speeds up the remediation process and helps minimize host downtime during remediation. For a detailed procedure about staging patches and extensions to hosts, see Stage Patches and Extensions to ESX/ESXi Hosts.
Remediate the container object.
Remediate the hosts that are in Non-Compliant state to make them compliant with the attached baselines. For more information about remediating hosts against patch or extension baselines, see Remediate Hosts Against Patch or Extension Baselines.
During patch staging and remediation, Update Manager performs prescan and postscan operations. After remediation is completed, the compliance state of the hosts against the attached baseline is updated to Compliant.