When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

In the vSphere Web Client, the baselines and baseline groups are displayed on the Host Baselines and VMs/VAs Baselines tabs of the Update Manager Admin view.

Depending on the purpose for which you want to use them, host baselines can contain a collection of one or more patches, extensions, or upgrades. Therefore host baselines are upgrade, extension, or patch baselines. To update or upgrade your hosts you can use the Update Manager default baselines, or custom baselines that you create.

The VMs/VAs baselines are predefined. You cannot create custom VMs/VAs baselines.

The default baselines are the predefined and system managed baselines.

System Managed Baselines

The Update Manager displays system managed baselines that are generated by vSAN. These baselines appear by default when you use vSAN clusters with ESXi hosts of version 6.0 Update 2 and later in your vSphere inventory. If your vSphere environment does not contain any vSAN clusters, no system managed baselines are created.

The system managed baselines automatically update their content periodically, which requires Update Manager to have constant access to the Internet. The vSAN system baselines are typically refreshed every 24 hours.

You can use the system managed baselines to upgrade your vSAN clusters to recommended critical patches, drivers, updates or latest supported ESXi host version for vSAN.

Predefined Baselines

Predefined baselines cannot be edited or deleted, you can only attach or detach them to the respective inventory objects.

Under the Host Baselines tab in Update Manager Admin view, you can see the following predefined baselines:

Critical Host Patches (Predefined)

Checks ESXi hosts for compliance with all critical patches.

Non-Critical Host Patches (Predefined)

Checks ESXi hosts for compliance with all optional patches.

Custom Baselines

Custom baselines are the baselines you create.

If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain and you have an Update Manager instance for each vCenter Server system in the group, the baselines and baseline groups you create and manage are applicable only to inventory objects managed by the vCenter Server system with which the selected Update Manager instance is registered. You can use an Update Manager instance only with a vCenter Server system with which the instance is registered.

Baseline Groups

Baseline groups are assembled from existing baselines. A baseline group might contain one upgrade baseline, and one or more patch and extension baselines, or might contain a combination of multiple patch and extension baselines.

To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline privilege. To attach baselines and baseline groups, you must have the Attach Baseline privilege. Privileges must be assigned on the vCenter Server system with which Update Manager is registered. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of Update Manager privileges and their descriptions, see Update Manager Privileges.