In this article I will demonstrate how to easily update ESXi 6.5 using Update Manager.
In this demonstration I will use vCenter Update Manager, so I must have the proper vCenter version already installed. As a rule of thumb, you always need to update vCenter Server before ESXi (vSphere). Update process for VMware solutions can be tricky, so for specific order update for VMware products I suggest you to check KB2147289.
Note: If you look for VCSA update instructions, check this article: How to Update vCenter Server Appliance to 6.5 Update 1b.
Check vCenter and ESXi versions
I will connect to my vCenter Server using vSphere Web Client and I will check the vCenter version. As you can see below, I am running vCenter version 6.5.0, build 6816762, which is the latest version at the moment I am writing this article.
Next, I will check ESXi version. I navigate in the left panel to the ESXi server I plan to update (esx1.lab.local). In the right panel, I can see the installed product: VMware ESXi 6.5.0 build 5310536.
I will use now my.vmware.com site.to find the latest version for ESXi 6.5. As you can see below, latest build is 6765664. Take note of the Bulletin Number, we will use it later: ESXi650-201710401-BG.
Update ESXi 6.5 with Update Manager
Back to vSphere Web Client, I will click on Home button, then on “Update Manager” link.
Click on the name of your vCenter Server to load the Update Manager page.
Click on “Manage” link.
Now click on “Hosts Baselines”.
You can see we already have two baselines, “Non-Critical Host Patches” and “Critical Host Patches”. What we want to do now is to create a new custom baseline, containing the update for the desired ESXi patch level. Click on “New Baseline” link.
New baseline wizard starts. Choose a name for your baseline (I will use the bulletin number). You can also add a description. Make sure “Host Patch” is selected for “Baseline type”. Click “Next”.
For “Patch options” select “Fixed”. Click “Next”.
The list of patches loads now. Easiest way to find your patch is to filter by bulletin number.
I will enter the bulletin number I noted from my.vmware.com page (ESXi650-201710401-BG). Now only this patch is listed. Select the patch and click on “Show patch details…”.
A pop-up window with patch details appears. You can click on the Details URL link to read all the details of this patch. Click “OK”.
I am in “Ready to complete” stage of the new baseline wizard. If you are satisfied with the configuration, click “Finish”.
The new host baseline is listed in the “Custom” section.
Now that I have my custom baseline created, I will click on the ESXi server I want to update (esx1.lab.local in my case), then click on “Update Manager” tab. Click on “Attach Baseline…” button.
I will select the custom patch I created at previous step. Click on “OK” button.
We see the baseline attached to the host. “Compliance Status” is listed as Unknown. Click on “Scan for Updates…” button.
Keep both checkboxes checked and click “OK”.
In the “Recent Tasks” area from the lower part of the screen you will see a “Scan entity” task. When the task is completed, “Compliance Status” is changed as “Non-Compliant”. We also see a list of the patches included in the host baseline and Compliance Status for each patch. Click on “Remediate…” button.
Remediate wizard starts. Select the custom baseline created earlier. Click “Next”.
For “Select target objects” step, make sure the ESXi server you plan to update is selected. Click “Next”.
For “Patches and extensions” step, make sure the correct patches are selected. Click “Next”.
“Advanced options” step allows us to schedule the action. I want the update process to start immediately, so I keep schedule section untouched. Click “Next”.
We are in “Host remediation options” step now. Default options are a good start. Click “Next”.
For “Cluster remediation options” you may want to check the last option (“Migrate powered off…”). It may be a good idea to migrate powered off VMs from the host, just in case somebody will try to power on a VM while the server is unavailable. Click “Next”.
Verify the details listed in “Ready to complete” step. If you are satisfied with the configuration, click “Finish”.
A series of tasks will start now. You can monitor the status using “Recent Tasks” area. The ESXi server will enter in maintenance mode, patch will be installed and verified. The host will then be rebooted. After the ESXi server is back online, it will taken out of maintenance mode and will be again production ready. “Compliance Status” changed to “Compliant”. The patches are validated as “Installed” now.
To make a final verification, go back to “Summary” tab of the updated ESXi server. We can see the latest version displayed: VMware ESXi 6.5.0 build 6765664.
This concludes my demonstration on how to update ESXi (vSphere). Happy VM management 🙂