Patching ESXi 6.5 with Update Manager


If you are responsible for keeping a VMware vSphere environment properly patched, you most likely use Update Manager to quickly and easily download patches from the Internet and apply them to your clusters according to baseline policies.

vSphere Update Manager (VUM) enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances. With Update Manager, you can perform the following tasks:

  • Upgrade and patch ESXi hosts
  • Install and update third-party software on hosts.
  • Upgrade virtual machine hardware, VMware Tools, and virtual appliances.\
Update Manager requires network connectivity with VMware vCenter Server. Each installation of Update Manager must be associated (registered) with a single vCenter Server instance. VUM module consists of a server component and of a client component. You can use Update Manager with either vCenter Server that runs on Windows or with the vCenter Server Appliance.
In vSphere 6.5, it is no longer supported to register Update Manager to a vCenter Server Appliance during installation of the Update Manager server on a Windows machine.
The Update Manager client component is a plug-in that runs on the vSphere Web Client and is automatically enabled after installation of the Update Manager server component on Windows, and after deployment of the vCenter Server Appliance.
Today we will show how to apply some patches to an ESXi 6.5 host using vSphere Update Manager. If you go to Home in your vCenter Server instance, you will see the icon Update Manager.
  1.  Step 1 is to upload patches.
Next you will see the screen below. We will be use offline patches for an Esxi host, as usually happen in your organization. Click on vCenter on the left -> Manage -> Download Settings -> Import Patches.
Click Browse and navigate to the offline zip file with patches and upload. Click Next and in Ready to complete screen, you will see all the patches included in the zip file that you are uploading. Click Finish.
    2.  Step 2 is to create Baseline

Next step is to create a Baseline. Update Manager baselines are hosts baselines, virtual machine baselines, and virtual appliance baselines. To upgrade objects in your vSphere inventory, you can use predefines baselines, system-managed baselines, or custom baselines that you create. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance. We can create and manage baselines in the Update Manager Client Administration view.

Under Manage -> Hosts Baselines -> New Baseline.
Here we are giving a name for this Baseline, a good specific description and choose a baseline type, depending on your actions that will be taken, if it is a patch, upgrade or any extension. Click Next to proceed.
Next we choose the type of patch baseline that we are going to use.
  • Dynamic patch baselines contain a set of patches, which updates automatically according to patch availability and the criteria that you specify.
  • Fixed patch baselines contain only patches that you select, regardless of new patch downloads.

Click Next to proceed in selecting the patches.


Here you can select the individual patches that you want to include on this Host baseline. You can use filters to select quickly the desired patches, see type, release date and if it requires host reboot or no. Click Next and review all details in Ready to complete screen and then click Finish to create a baseline.


   3.  Step 3 is attaching a baseline to an ESXi host.

Go to Home -> Hosts and Cluster -> Click on host -> Update Manager and Attach Baseline.



Next choose the host baseline that you have created and want to attach. Click Next.


After the baseline is attached, we initiate out a scan on the host to verify that the update/upgrade is in fact required. From the same screen, click on Scan for Updates


After that, we see the host baseline attached and Non-Compliant status, which means that this host is not compliant with this patches included in the baseline, are not found inside the host, you we can go with applying these patches.


   4.  Step 4 is to remediate a host

So last step is to perform a remediate the host. Remediating is the act of pushing a patch or update to an ESXi host. A host is remediated by clicking on the Remediate button.


Next select the target host that will be remediated with this baseline.


Here you have the option to select desired patches that you want to apply to the host.


Next you can schedule the remediate action in a proper time you may want. Click Next.


Next we can specify some remediation options. VM Power state is most important option. Choose “Do Not Change VM Power State” in order that during the remediate process, if a host requires a reboot, VMs will be move in another available host using vSphere HA. Also check the checkboxes, in order to disable any removable devices and to retry the process of maintenance mode of the host, if it is required for this remediation. Click Next to continue.


Next the choose some Cluster remediation options, depending on your environment cluster configuration. If you have DPM enabled, please check the checkbox to disable it. The same with FT enabled, HA Admission control. An important option is the last, check it to Migrate powered off or suspended VMs.  Click Next after you selected.


In Ready to complete page, take a look on all your configurations made and click Finish to begin the remediate process of the host.

After the task will be completed, refresh and in Update Manager tab of the host you will see the new “Compliance Status” changed to “Compliant” , so the patches were successfully installed.


So these are the steps you will follow also for updating, upgrading of an ESXi host.

Thanks for reading and sharing too!!! 🙂




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.