Dwayne Lessner who runs IT Blood Pressure, has written a guest post on GestaltIT called Is My Favourite VSphere Tool Is Going Away?
In his article, Dwayne talks about vCenter Update Manager 4.1, and the fact that it seems to be the last version of the tools that will allow you to patch your Windows and Linux guests:
VMware vCenter Update Manager Features. vCenter Update Manager 4.1 and its subesquent update releases are the last releases to support scanning and remediation of patches for Windows and Linux guest operating systems and applications running inside a virtual machine. The ability to perform virtual machine operations such as upgrade of VMware Tools and virtual machine hardware will continue to be supported and enhanced.
VMware vSphere 4.1 release notes
Dwayne talks about this as being a bad thing, and that’s where I disagree. I have never understood why VMware saw it as their job to patch the operating systems the guests are running, and I have yet to see anyone actually use this feature. Obviously I was wrong, someone does indeed use it, but I really can’t understand why.
I’m a keen believer in doing what you know, and doing it well. Let “native” patching solutions take care of the guests, Windows Server Update Services (WSUS) comes to mind, and leave vCenter Update Manager (VUM) to take care of patching your VMware products.
I wouldn’t mind seeing vCenter Update Manager (VUM) extended into patching the VMware Workstation, Fusion and Player installations your enterprise might have, but I really think that losing the fat that is guest OS patching can only be a good thing.
I hope they are going to put some decent reporting in the next version for a start :)
I hope they are going to put some decent reporting in the next version for a start :)
Another point — VUM would only patch *virtual* Windows servers. Those who still had physical Windows servers in their environments would still have to use another solution, like WSUS, to get patching done.
So why have two different ways to patch? Either VUM had to start supporting physical machines or it had to give way to established tools like WSUS which can handle both physical and virtual. Obviously, VMWare decided it wasn’t worth the extra effort.
Another point — VUM would only patch *virtual* Windows servers. Those who still had physical Windows servers in their environments would still have to use another solution, like WSUS, to get patching done.
So why have two different ways to patch? Either VUM had to start supporting physical machines or it had to give way to established tools like WSUS which can handle both physical and virtual. Obviously, VMWare decided it wasn’t worth the extra effort.
@Chris Dearden: Better reporting would be very welcome, yes.
@Mike: I agree, and why should VMware care about patching other vendors OS’? I don’t see why they should spend the extra effort, and obviously VMware agrees.
@Chris Dearden: Better reporting would be very welcome, yes.
@Mike: I agree, and why should VMware care about patching other vendors OS’? I don’t see why they should spend the extra effort, and obviously VMware agrees.
VUM had the ability to take a snapshot before the patch. I don’t see that in WSUS. maybe w/ the vstorage API (VAAI) someday…
@Gcballard: That is a valid point. The ability to take a snapshot before applying patches is potentially a very nice feature. I do have to question how often that is used in real production environments. How often do you have production servers that you can just revert to a snapshot and live on with it. You can’t do that with Active Directory servers, that would wreak havoc in your network.
Would you do it to your Oracle or MS SQL servers? I don’t think so…
At first sight, it was a weird feature for VMware to add to their belt. On the surface I agree, you should let those good at what they do, do what they do!
I liked this product however because it gave me one place to patch, esx hosts, windows, linux, etc. I only had to deal with one tool to get and distribute all of these patches…
I would have to disagree with the statement regarding the usefullness of being able to scan and patch windows/linux vm’s. In our environment we primarily rely on Landesk, shavlik, and Tenable for security scanning and compliance. Vc update mgr. is a fast easy to use tool that leverages virtualization features like automatic snapshots prior to patching and then removing those snapshots after a specified time. I have also found it more reliable for patching remote office vm’s where the host is located on a slow wan link. Overall I will miss the features that are provided by the current version of vc update mgr.
[…] back in August 24 2010 I wrote a post called vCenter Update Manager to lose it’s fat. I’m still very happy that VMware has decided to drop OS patching from the product, and I […]
[…] back in August 24 2010 I wrote a post called vCenter Update Manager to lose it’s fat. I’m still very happy that VMware has decided to drop OS patching from the product, and I […]