community.spiceworks.

com /t/a-complete-guide-to-patching-esxi-with-vmware-update-manager/1013388

Unknown Title
⋮ 12/23/2020

Keeping your ESXi patches up to date helps eliminate security flaws that can be exploited by cybercriminals.
When you have a few ESXi hosts, patches can be installed via the command line interface using the ESXCLI
command set.

If, however, you oversee many ESXi hosts, patch installation via ESXCLI commands becomes too time-
consuming. It can become even more complicated with different versions of ESXi hosts that have to be
upgraded.

Luckily, VMware offers a convenient way of upgrading multiple ESXi hosts from a single pane of glass –
vSphere Update Manager.

Ahead is a comprehensive guide to upgrading ESXi hosts with vSphere Update Manager. Although the
guide focuses on upgrading ESXi 6.5 to ESXi 6.7, the steps detailed below are applicable to other versions
and builds of ESXi hosts. Follow them to reduce the amount of time you spend on vSphere administration.

Step 1: Select a target ESXi host

7bc81bfd02ee9add950ac2dfadab03677cf76b234dd10bfadc73cf929ce3867c_The-Updates-tab-is-available-
when-VMware-Update-Manager-is-installed.png1024×417 239 KB

1/11
In VMware vSphere Client, go to Hosts and Clusters and select a target ESXi host. VM folders, clusters, and
entire databases are also available for selection.

Before proceeding further, ensure that:

1. your current ESXi version supports the new ESXi version

2. your current version of vCenter supports the new ESXi version

3. your backup software supports the new ESXi and vCenter versions, and

4. your VM hardware supports ESXi patches.

The version and build numbers of the target ESXi host can be checked in the Summary tab or the Updates
tab. To verify the compatibility of the target ESXi version with a new ESXi version, use VMware product
interoperability matrices: Product Interoperability Matrix 19

Before starting the upgrade of ESXi, ensure you have all the required packages and download the ESXI 6.7
ISO installer: https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6 16

Step 2: Upload the image for upgrade

579fbfb18f79f629976777c3543225b2f4491894c8d910ddaaeabdfead551616_VMware-Update-Manager-_-
importing-an-ESXi-installation-image-for-upgrade.png1024×432 235 KB

In VMware Update Manager (Home > Update Manager), go to the ESXi images tab and click Import.

Step 3: Select the ESXi 6.7 installer

2/11
In a dialog box that opens, select the ESXi 6.7 installer ISO file and click Import.

Step 4: Wait

Wait until the ISO image is imported.

Step 5: Create a baseline

3/11
6380c336b76a561588c11cc983d5283ba7d8cc300aa3e1513ee709305a15661d_Creating-a-baseline-in-
VMware-Update-Manager.png1024×431 304 KB

In the ESXi images tab, click New Baseline.

Step 6: Enter a baseline’s name and description, and select its type

8df49c26dc7d918ec568e2f6d94444b771333dcca7d770d50abc7f7cc6529e3c_Entering-a-new-baseline-
name.png920×541 41 KB

In the Create Baseline wizard that opens, enter a baseline’s name and description, and select its type. Then,
click Next to continue

4/11
Step 7: Select an ESXi release image

4d91d7522a6c5f0275d7fa9729115944aaa50c7d8164a5c753c21da27b910332_Selecting-the-ESXi-image-
for-a-new-baseline.png920×486 44.4 KB

In the Create Baseline wizard, select an ESXi release image and click Next.

Step 8: Review the Summary and click Finish

5/11
c7c2da264e045d6b098c21e9c064ee8941e2b2b7a002774643e0437b622566a6_Creating-a-new-baseline-_-
summary.png920×643 31.2 KB

Review the Summary and click Finish.

The newly-created baseline can be found in the Baselines tab of VMware Update Manager.

Step 9: Attach a baseline

8a561be71e116a4f9875d3048b7b1b14642a3843c4a84e3666eb1c139d470d5e_VMware-Update-Manager-
_-attaching-a-baseline-to-an-ESXi-host.png1024×349 262 KB

6/11
In VMware vSphere Client, go to Hosts and Clusters and select your target ESXi host.

Then, go to the Updates tab and select Host Updates in the Overview section. Finally, click Attach in the
Attached Baselines section.

Note that VM folders, clusters, and entire databases are available for selection.

Step 10: Select a custom upgrade baseline

1e48dad415c85bcf7d229c06a9e3ddfae8c56f7923326b7e417555ec378d7166_VMware-Update-Manager-_-
attaching-a-baseline-to-upgrade-ESXi-hosts.png792×311 13.6 KB

Select a custom upgrade baseline and click Attach.

Step 11: Check compliance

6c8c9c1e982edb7750a11436c8f1799097b14dce2494579078d211cde28aab3e_Checking-compliance-in-
VMware-Update-Manager-before-upgrading-an-ESXi-host.png1024×446 234 KB

7/11
In VMware vSphere Client, go to Hosts and Clusters and select your ESXi host. In a window that opens, go
to the Updates tab and select Overview.

In the Host Compliance section, click Check Compliance.

VMware Update Manager will notify you if there is a conflict between your update and baseline.

Step 12: Perform pre-check remediation

In VMware vSphere Client, go to Hosts and Clusters and right-click your ESXi host. In the context menu,
select Update Manager > Pre-check Remediation.

Wait until the pre-check remediation is finished. If you receive warnings, take the recommended actions to fix
the issues.

Step 13: Remediate

8/11
6951c347ac71846eb2a5d99218993a3b281f8e946d6f94f338f4e52bacc2095e_VMware-Update-Manager-_-
everything-is-ready-to-remediate.png1024×365 281 KB

In VMware vSphere Client, go to Hosts and Clusters and select your ESXi host. Go to the Updates tab and
open the Host Updates in the Overview section. Then, select the previously-created baseline and click
Remediate.

Step 14: Accept the End User License Agreement

b499783e200c3af5c92b0f55ed27f1740938a38f20d131902d82792907777649_The-end-user-license-
agreement.png718×448 19.1 KB

Read the End User License Agreement, select the checkbox to accept it, and click OK.

Step 15: Track the progress of the remediation process

9/11
64d01cac3b765e8b33a8bce5c10e7f806317a4eaf2172109acd7b2c477d4c405_Remediating-an-ESXi-host-
in-VMware-Update-Manager.png1024×486 108 KB

Make sure to shut down or migrate all VMs from the target host before performing this step.

Select the target ESXi host, edit its scheduling settings and remediation options if needed, and click
Remediate.

Before the start of the remediation process, the host will enter the maintenance mode automatically. Track
the progress of the remediation process in the Recent Tasks tab. Upon the completion of the remediation
process, the host will exit the maintenance mode and reboot automatically.

Step 16: Select your ESXi host and verify its version and build numbers

f4d2e7438e485c45d243edcc444643e10da9ea0e34700afefb2c6a7d644fe093_The-ESXi-host-is-upgraded-
with-VMware-Update-Manager.png1024×316 297 KB

In VMware vSphere Client, go to Hosts and Clusters and select your ESXi host and verify its version and
build numbers.

10/11
If the ESXi host has been updated successfully, you will see the corresponding change of the version and
build numbers.

While patching ESXi is an integral part of VMware vSphere security, it is not the only thing you should do to
keep your data safe.

To ensure that your VMs, applications and data are intact and available on demand, back them up regularly:
https://www.nakivo.com/vmware-backup 4

Image-based, incremental and app-aware backups can be created effortlessly with NAKIVO Backup &
Replication. Use it to attain complete data protection for vCenter-managed and standalone ESXi workloads.

11/11