Baselines can be upgrade, extension, or patch baselines. Baselines contain a collection of one or more patches, extensions, or upgrades.

Baseline groups are assembled from existing baselines, and might contain one upgrade baseline per type of upgrade baseline and one or more patch and extension baselines, or might contain a combination of multiple patch and extension baselines. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline privilege. To attach baselines and baseline groups, you must have the Attach Baseline privilege. Privileges must be assigned on the vCenter Server system with which Update Manager is registered. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of Update Manager privileges and their descriptions, see Update Manager Privileges.

Update Manager includes two default dynamic patch baselines and three upgrade baselines.

Critical Host Patches (Predefined)

Checks ESXi hosts for compliance with all critical patches.

Non-Critical Host Patches (Predefined)

Checks ESXi hosts for compliance with all optional patches.

VMware Tools Upgrade to Match Host (Predefined)

Checks virtual machines for compliance with the latest VMware Tools version on the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESXi 5.5.x and later.

VM Hardware Upgrade to Match Host (Predefined)

Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. Update Manager supports upgrading to virtual hardware version vmx-13 on hosts that are running ESXi 6.5 .

VA Upgrade to Latest (Predefined)

Checks virtual appliance compliance with the latest released virtual appliance version.

In the vSphere Web Client, default baselines are displayed on the Baselines and Groups tab of theUpdate Manager server Administration view.

If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain and you have an Update Manager instance for each vCenter Server system in the group, the baselines and baseline groups you create and manage are applicable only to inventory objects managed by the vCenter Server system with which the selected Update Manager instance is registered. You can use an Update Manager instance only with a vCenter Server system on which the instance is registered.