By default, two dynamic baseline are available – Critical and Non-Critical. The Critical baseline will contain all patches where the severity is ‘Critical’, whilst the Non-Critical baseline will contain all other patches. In order to create a new baseline from the vSphere Web Client browse to Home > Solutions and Applications > Update Manager > Baselines and Groups and selecting Baselines and Groups.
When creating a new baseline we have an option of the type of baseline that we want to use:
- Fixed – baseline will remain the same even if new patches are added to the repository
- Dynamic – baselines are updates when new patches meeting the criteria are added to the repository.
When selecting a dynamic baseline, we need to determine a criteria for the patches to be included in this update. In the below screenshot I am configuring the criteria to be as follows:
- Vendor: VMware, Inc
- Product: embeddedEsx 5.5.0
- Severity: Critial
- Category: Security
The dynamic baseline will now list the patches that meet the criteria specified where additional options are provided to permanently exclude the patches from the baseline. In this example, we will exclude the Patch ID ‘ESXi550-20131201-SG’.
We can also permanently include remaining patches from the repository in the dynamic baseline if required.
When creating a fixed baseline we are able to select the patches from the patch repository to which we require to include in the baseline.