You can use baseline groups to apply upgrade and patch baselines together for upgrading and updating hosts in a single remediation operation.
You can upgrade all ESXi hosts in your deployment system by using a single upgrade baseline. You can apply patches to the hosts at the same time by using a baseline group containing one upgrade baseline and multiple host patch baselines.
This workflow describes how to upgrade and patch the hosts in your vSphere inventory at the same time. You can upgrade hosts and apply patches to hosts at the folder, cluster, or datacenter level. You can also upgrade and patch a single host. This workflow describes the process to patch and upgrade multiple hosts in a container object.
Configure the Update Manager host and cluster settings.
Some updates might require that the host enters maintenance mode during remediation. You should configure the Update Manager response when a host cannot enter maintenance mode. If you want to apply updates at a cluster level, you should configure the cluster settings as well. You can configure the Update Manager settings from the Configuration tab of the Update Manager Administration view. For more information and the detailed procedure about configuring host and cluster settings by using Update Manager, see Configuring Host and Cluster Settings.
Import an ESXi image (which is distributed as an ISO file) and create a host upgrade baseline.
You must import an ESXi image, so that you can upgrade the hosts in your vSphere inventory. You can import ESXi images from the ESXi Images tab of the Update Manager Administration view.
For a complete procedure about importing ESXi images, see Import Host Upgrade Images and Create Host Upgrade Baselines.
Create fixed or dynamic host patch baselines.
Dynamic patch baselines contain a set of patches, which updates automatically according to patch availability and the criteria that you specify. Fixed baselines contain only patches that you select, regardless of new patch downloads.
You can create patch baselines from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating fixed patch baselines, see Create a Fixed Patch Baseline. The detailed instructions about creating a dynamic patch baseline are described in Create a Dynamic Patch Baseline.
Create a baseline group containing the patch baselines as well as the host upgrade baseline that you created.
You can create baseline groups from the Baselines and Groups tab of the Update Manager Administration view. For more information about creating baseline groups for hosts, see Create a Host Baseline Group.
Attach the baseline group to a container object.
To scan and remediate the hosts in your environment, you must first attach the host baseline group to a container object containing the hosts that you want to remediate. You can attach baseline groups to objects from the Update Manager Compliance view. For more information about attaching baseline groups to vSphere objects, see #GUID-5EA28531-0813-4B04-99A7-F8D88756F3CC.
Scan the container object.
After you attach the baseline group to the selected container object, you must scan it to view the compliance state of the hosts in the container. You can scan selected objects manually to start the scanning immediately. For detailed instructions on how to scan your hosts manually, see #GUID-72B973CF-671A-4C7A-B5CA-2ACC0ECA31FE.
You can also scan the hosts in the container object at a time convenient for you by scheduling a scan task. For more information and detailed instructions about scheduling a scan, see Schedule a Scan.
Review the scan results displayed in the Update Manager Client Compliance view.
For a detailed procedure about viewing scan results and for more information about compliance states, see Viewing Scan Results and Compliance States for vSphere Objects.
Remediate the container object.
Remediate the hosts that are in Non-Compliant state to make them compliant with the attached baseline group. For more information about remediating hosts against baseline groups containing patch, extension, and upgrade baselines, see Remediate Hosts Against Baseline Groups.
During the remediation, the upgrade is performed first. Hosts that need to be both upgraded and updated with patches are first upgraded and then patched. Hosts that are upgraded might reboot and disconnect for a period of time during remediation.
Hosts that do not need to be upgraded are only patched.
The hosts in the container object become compliant with the attached baseline group.