Ivanti Security Controls can scan ESXi hosts and install missing patches. According to a product documentation[1] version ESXi 6.0 (and above) is supported.
A simple lab environment was prepared to check ESXi 6.0 patching using Ivanti Security Controls. Lab consists of domain controller, SQL Server and Ivanti Security Controls as virtual machines and ESXi 6.0 as virtual machine hosted by another hypervisor.
If Ivanti Security Controls and scanned ESXi host can access Internet, scanning process ends with success. Missing updates are listed.
Selected updates can be installed (context menu):
Installation steps are reported to a server and displayed as a deployment events:
After completing installation process and scanning, compliance status is changed:
Patches are listed including install impact information. If ESXi must reboot or enter maintenance mode administrator can decide how to treat powered on virtual machines (this very simple lab does not allow VM migration).
It should be noted installation reboot and maintenance events included in deployment events log:
Scanning and patching ESXi is an interesting feature of Ivanti Security Controls.