When you enable the Live Patch setting, you can apply security patches and urgent bug fixes to all hosts in a cluster that you manage with a vSphere Lifecycle Manager image with minimal disruption to your workloads.

Starting with vSphere 8.0 Update 3, you can use the Live Patch setting to deploy patches with resolved security and functional issues to all ESXi hosts in a cluster managed with a single image. During remediation, vSphere Lifecycle Manager does not place the hosts in the cluster into maintenance mode, hosts are not rebooted and there is no need to migrate the virtual machines running on the hosts in the cluster.

To configure vSphere Lifecycle Manager to perform live patch operations on the hosts in a cluster managed with an image, you must activate Live Patch. See Configure vSphere Lifecycle Manager Remediation Settings for Clusters or Standalone Hosts that You Manage with a Single Image.

Requirements for Using Live Patch

You use vSphere Lifecycle Manager to install live patches on hosts that are part of a cluster managed with a single image, only in case the following conditions are met:
  • vCenter Server must be of version 8.0 Update 3 and later.

  • All ESXi hosts in the cluster managed with a vSphere Lifecycle Manager image must be of version 8.0 Update 3 and later.

  • You use the Live Patch functionality only to upgrade hosts in a cluster that you manage with a vSphere Lifecycle Manager image.

  • All hosts in the cluster managed with a single image must support the Live Patch functionality. If you activate Live Patch for a vCenter Server instance or a cluster and you try to install a live patch on the cluster with hosts that require maintenance mode, remediation is blocked. You can view details about the compliance of the cluster against the selected live patch image for further information.

  • vSphere Lifecycle Manager can install a live patch only to a host that is eligible to be updated with a specific live patch release of the VMware base image. vSphere Lifecycle Manager image depot provides information about all the possible versions of the ESXi host image which you can update with a specific Live Patch release. For more information about how to browse the depot, see Browsing the vSphere Lifecycle Manager Depot.

  • vSphere DRS must be enabled on the cluster managed with a single image before you try to install a live patch on all hosts.
  • You must deactivate the parallel remediation setting before you try to install a live patch on the hosts in the cluster. If you have both settings enabled, the remediation pre-check reports this as an issue for a successful remediation and provides you with possible solutions. Live patches can only be installed on the hosts in a cluster managed with a single image in sequence.