Blog post

1.8 – Describe vSphere Lifecycle Manager concepts (baselines, cluster images, etc.)

vSphere Lifecycle manager automates the process of VMs and removing them from service at the appropriate time. It automatically places servers based on their location, org, environment, service level or performance levels. When a solution is found for a set of criteria, the machine is automatically deployed

In previous iterations of vCenter this was called VMware Update Manager (VUM). It’s used for installing, maintaining and decommissioning software and is a service that runs on vCenter Server and uses the vCenter database. It can also manage host firmware and check against compatibility against VCG / HCL

vSphere lifecycle manager extension enables centralized, automated patch and version management for vSphere and offers support for ESXi hosts, VMs and virtual appliances

If you switch from managing using baselines to managing using images, you cannot return to managing using baselines


  • Compares ESXi host against an ESXi major version, group or patches, or set of extensions
  • Supports all ESXi versions from 6.5 and later
  • Baselines attach to individual ESXi hosts
  • ESXi upgrades through ISO images
  • ESXi updates or patches are bundled into baselines


  • Compares ESXi hosts against a customized image that includes a base ESXi image, one or more add-on components, one or more vendor add-on components, firmware and drivers
  • Supports ESXi version 7 and later
  • Hosts in a cluster are managed collectively, with one ESXi host image per cluster
  • ESXi upgrades through image depots (ZIP files)
  • ESXi updates or patches are bundled and distributed as new ESXi versions

When vSphere Lifecycle manager puts hosts in maintenance mode, vSphere DRS evacuates each host before the host is patched.

Vsphere Lifecycle manager attempts to place a host into maintenance mode and certain prechecks are performed to ensure that the ESXi host can enter maintenance mode

Vsphere client reports any configuration issues that might prevent an ESXi host from entering maintenance mode


A baseline includes one or more patches, extensions or upgrades.

The following dynamic baselines are included by default:

  • Critical Host Patches
  • Non-Critical Host Patches
  • Host Security Patches

A baseline group can contain multiple baselines. These can contain one upgrade baseline and one or more patch and extension baselines.

With the baseline wizard you can create baselines to meet the needs of your deployment:

  • Fixed patch baseline: Set of patches that do not change as patch availability changes
  • Dynamic patch baseline: Set of patches that meet certain criteria
  • Host extension baseline: Contains additional software for ESXi hosts. This could be from VMware or third-party software


Managing clusters with images helps to standardize the software running on your ESXi hosts

An ESXi image consists of several elements:

  • ESXi base image: An update that provides software fixes and enhancements
  • Components: Logical grouping of one or more VIBs (Vsphere installation bundles) that encapsulates a functionality in ESXi
  • Vendor add-ons: Sets of components that OEMs bundle together with an ESXi base image
  • Firmware and Drivers Add-on: Firmware and driver bundles that you can define for your cluster image

An image is applied to all hosts in a cluster. A base image is a complete ESXi installation package and is enough to start an ESXi host. Only VMware creates and releases ESXi base images.

An ESXi base image is a grouping of components. You must select at least the base image or vSphere version when creating a cluster image.

Cluster images

To set up a cluster image, all ESXi hosts must be version 7 or later. They need to be stateful installed and ideally, all physical hosts should be from the same vendor.

To create a cluster image, you need to select the “Manage image setup and updates on all hosts collectively” when creating a cluster.

You can check the image compliance at the level of various vCenter Server objects:

  • At the host level for a specific ESXi host
  • At the cluster level for all ESXi hosts in the cluster
  • At the datacenter level for all clusters and hosts in the datacenter
  • At the vCenter Server level for all datacenters, clusters, and ESXi hosts in the vCenter Server inventory.

The host can have several statuses:

  • Unknown: Is unknown before you check compliance
  • Compliant: Has the same ESXi image defined for the cluster
  • Out of Compliance: Is not compliant and a message for remediation appears
  • Or not Compatible: If the image version is later than the desired cluster image version, or the host does not meet the installation requirements for the vSphere build

The hardware compatibility check verifies the underlying hardware of the ESXi host in the cluster against the vSAN Hardware Compatibility List (HCL). When a device undergoes maintenance via the Lifecycle manager, it will first perform a compliance check, then a remediation pre-check, then put the updates in staging mode and then remediates the server.