Update Manager baselines are hosts baselines and virtual machine baselines. To upgrade objects in your vSphere inventory, you can use predefines baselines, system-managed baselines, or custom baselines that you create.
When you scan hosts and virtual machines you evaluate them against baselines and baseline groups to determine their level of compliance.
In the vSphere Web Client, the baselines and baseline groups are displayed on the Host Baselines and VMs Baselines tabs of the Update Manager Admin view.
Depending on the purpose for which you want to use them, host baselines can contain a collection of one or more patches, extensions, or upgrades. Therefore host baselines are upgrade, extension, or patch baselines. To update or upgrade your hosts you can use the Update Manager default baselines, or custom baselines that you create.
The VMs baselines are predefined. You cannot create custom VMs baselines.
The default baselines are the predefined and system managed baselines.
System Managed Baselines
The Update Manager displays system managed baselines that are generated by vSAN. These baselines appear by default when you use vSAN clusters with ESXi hosts of version 6.0 Update 2 and later in your vSphere inventory. If your vSphere environment does not contain any vSAN clusters, no system managed baselines are created.
The system managed baselines automatically update their content periodically, which requires Update Manager to have constant access to the Internet. The vSAN system baselines are typically refreshed every 24 hours.
You can use the system managed baselines to upgrade your vSAN clusters to recommended critical patches, drivers, updates or latest supported ESXi host version for vSAN.
Predefined baselines cannot be edited or deleted, you can only attach or detach them to the respective inventory objects.
Under the Host Baselines tab in Update Manager Admin view, you can see the following predefined baselines:
Critical Host Patches (Predefined)
Checks ESXi hosts for compliance with all critical patches.
Non-Critical Host Patches (Predefined)
Checks ESXi hosts for compliance with all optional patches.
Under the VMs Baselines tab in Update Manager Admin view, you can see the following predefined baselines:
VMware Tools Upgrade to Match Host (Predefined)
Checks virtual machines for compliance with the latest VMware Tools version on the host. Update Manager supports upgrading of VMware Tools for virtual machines on hosts that are running ESXi 6.0.x and later.
VM Hardware Upgrade to Match Host (Predefined)
Checks the virtual hardware of a virtual machine for compliance with the latest version supported by the host. Update Manager supports upgrading to virtual hardware version vmx-15 on hosts that are running ESXi 6.7.
Custom baselines are the baselines you create.
If your vCenter Server system is connected to other vCenter Server systems by a common vCenter Single Sign-On domain and you have an Update Manager instance for each vCenter Server system in the group, the baselines and baseline groups you create and manage are applicable only to inventory objects managed by the vCenter Server system with which the selected Update Manager instance is registered. You can use an Update Manager instance only with a vCenter Server system with which the instance is registered.
Baseline groups are assembled from existing baselines. A baseline group might contain one upgrade baseline, and one or more patch and extension baselines, or might contain a combination of multiple patch and extension baselines.
To create, edit, or delete baselines and baseline groups, you must have the Manage Baseline privilege. To attach baselines and baseline groups, you must have the Attach Baseline privilege. Privileges must be assigned on the vCenter Server system with which Update Manager is registered. For more information about managing users, groups, roles, and permissions, see vCenter Server and Host Management. For a list of Update Manager privileges and their descriptions, see Update Manager Privileges.