06-05-2024 03:52 AM
Hello.
I our Organization we have Cisco UCS C240 M5S servers with these sw installed:
Currently the latest custom version of ESXi 7.0 available for download is 7.0 Update 3o (File name: "VMware-ESXi-7.0.3o-22348816-Custom-Cisco-4.3.2-a.1").
Meanwhile, vulnerabilities with high severity have been published: these vulnerabilities are fixed in the ESXi 7.0 Update 3q (no Custom) version. As written earlier the latest Cisco Custom version is Update 3o, which is earlier than the image that fixes the vulnerabilities.
I have read in other threads that it is possible to update an ESXi with Custom Image with a non-Custom image.
At this point my question is, what is the upgrade path I need to follow to fix my ESXi servers?
I was thinking of a path like this:
Based on your experience, do you think this path is correct?
Finally, once I have upgraded the ESXi with a non-Custom version can I upgrade the ESXi with a Custom version?
Thank you.
Regards.
Sergio
06-06-2024 04:52 AM - edited 06-06-2024 04:53 AM
Hi there Sergio. You refer to custom image. There are 2 custom distribution mechanisms for ESXi:
Are you still using the (deprecated in vSphere 8.0) vLCM baselines and baseline group based, or have you switched to using vLCM Image-based updates, the Cisco vendor add-on).
06-06-2024 08:28 AM
Hello.
Thank you for your response.
No, we don't use vLCM: we have few servers in our environment, and last time I did the server upgrade by uploading the ISO via CIMC.
To install this update I was thinking to use the offline bundle (.zip file) by installing the package via CLI.
06-08-2024 02:38 AM
Your upgrade plan seems sound. The only change I would make is, If you cannot upgrade server firmware at the same time as drivers and ESXi (e.g. have the firmware upgrade pending on next reboot), I would strongly recommend that you upgrade drivers first (with / without ESXi) before upgrading server firmware.
In our experience over the past decade plus, newer drivers with older server firmware do not cause an issue.
What you want to avoid is your scenario, running newer server firmware (e.g. 4.3.x) with drivers that have been certified with 4.2.x server firmware.
06-08-2024 08:47 AM - edited 06-08-2024 08:48 AM
(deleted)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide