Patching VMware vSphere using vSphere Lifecycle Manager (vLCM) Images

Posted on October 25, 2025

Patching VMware vSphere using vSphere Lifecycle Manager (vLCM) Images represents the modern “desired state” approach, replacing the legacy baseline method. This method ensures cluster-wide consistency by defining a single image (Base ESXi + Vendor Add-ons + Firmware) that all hosts must match.

 

Phase 1: Pre-Patching Checklist (Best Practices)

Before touching the production environment, verify these foundational elements to prevent “failed to enter maintenance mode” or “dependency conflict” errors.

  1. Verify Backups: Take a file-based backup of the vCenter Server Appliance (VCSA) and ensure you have host configuration backups or host profiles.

  2. Check DNS & NTP: Ensure forward/reverse DNS and time synchronization are perfect across vCenter and all ESXi hosts. Drift in time often causes remediation to fail.

  3. Validate Root Access: Ensure you have the passwords for the root account of ESXi hosts and the administrator@vsphere.local account.

  4. Hardware Compatibility: Run a check against the VMware Compatibility Guide (VCG) for the target ESXi version and your physical server hardware (specifically storage controllers and NICs).

Phase 2: Create and Configure the Cluster Image

This phase defines the “Source of Truth” for your cluster.

  1. Select the Cluster: Navigate to the Updates tab of your cluster.

  2. Setup Image: If the cluster is still using baselines, select Manage with a single image and click Setup Image.

    • Base Image: Choose the specific ESXi version/build you want to patch to.

    • Vendor Add-on: Select the OEM-specific package (e.g., HPE, Dell, Cisco) to include drivers and CIM providers.

    • Firmware and Drivers: (Optional) If you have a Hardware Support Manager (HSM) integrated, you can manage firmware here.

  3. Validate & Save: Click Validate to ensure there are no component conflicts. Once green, click Save.

Phase 3: Compliance and Staging

Staging is a critical best practice that reduces the downtime of individual hosts.

  1. Check Compliance: Click Check Compliance to see which hosts are out of sync with your new image.

  2. Run Remediation Pre-check: This is a “dry run” that identifies issues like DRS migration problems or incompatible VM settings before you start.

  3. Stage All: Click Stage All. This pre-downloads the required metadata and VIBs (vSphere Installation Bundles) to the local storage of each host.

    Note: Staging does not require maintenance mode and can be done during business hours.

Phase 4: Remediation (The Patching Process)

Remediation is the actual application of the image, which involves reboots.

  1. Configure Remediation Settings:

    • Quick Boot: Enable this if your hardware supports it to bypass the BIOS/firmware initialization and speed up reboots.

    • VM Power State: Choose Suspend to memory or Do not change (DRS will migrate them).

  2. Start Remediation: Click Remediate.

    • vLCM will place the first host into Maintenance Mode.

    • vSphere DRS will automatically migrate VMs to other hosts.

    • The host will install the patch/image and reboot.

    • Once back online, it moves to the next host in the cluster automatically.

Best Practices Summary

Action Why it Matters
Use Staging Reduces the time the host spends in Maintenance Mode.
Enable Quick Boot Cuts reboot times by avoiding long hardware POST cycles.
Parallel Remediation Only use this for separate clusters; keep remediation sequential within a single cluster to maintain HA capacity.
Depot Mirroring If you have remote sites, use a local depot so hosts don’t pull large images over the WAN.