I usually stop the NIC Service Manager and then do the VAM update...followed by the ESU update. I generally just wait until both are available, so I only have to worry about 1 small outage rather than two.
Also, I am pretty sure that the ESU updates do require a restart of the Webserver service because it needs to update the GUI to reflect the new messages.
This makes sense to me. It sounds like the cleanest way to do it, hopefully avoiding ill effects that may otherwise be avoided. Still I wonder what RSA's "best practices" recommendation is.
I was about to make a similar content. All kinds of odd behavior disappears by simply rebooting, which I prefer over starting and stopping this service and that service. One needs to take care of avoiding collisions with scheduled tasks and FTP jobs, but I find it makes my lifeeasier just to reboot all units on occasion. And nothing beats a VAM or event source update for said occasion.
Retrieving data ...