This is a quick post to explain how to create a VMware vCenter Server Update Manager policy to roll out security patches to Datacenters, Clusters or individual ESXi hosts.
First select an item in the hosts and clusters view in vCenter and click the Updates tab
Make sure you have the correct vCenter server selected from the drop down and click the Baselines tab
Click New> Baseline
We are rolling out a patch not a full upgrade i.e 6.7.1 to 6.7.2 no 6.5 to 6.7 so click Patch and name the Baseline
Deselect the Automatically update button as we are choosing a specific patch
Click the filter and type in the patch ID you want to roll out
Click Finish
Select the object you want to apply the baseline to (dont worry this will not roll out any updates yet!). I usually choose a cluster.
Select the baseline you create and click attach
First run the pre-checks (usually just complains about attached iso files) and then click Remediate
Check the options and then click Remediate, this will then put the host into maintenance mode, install the updates, reboot and then take the host out of maintenance mode.
If the update gets stuck you may have to manually put the host into maintenance mode and then remediate.