Keeping online servers up-to-date and patched is a challenge for a lot of enterprises. It only get complexer when you have a lot of virtual machines. Let me introduce you to Offline Virtual Machine Servicing Tool from Microsoft.
The increasing use of virtual machines—for purposes ranging from support of older operating system environments to power savings—has created new challenges for IT.
In particular, virtual machines may be left offline (stored in a non-operating state) for extended periods of time, which conserves resources when the server capacities of the virtual machines are not needed or frees up physical computing resources for other purposes.
However, offline machines do not automatically receive operating system, antivirus, or application updates that would keep them compliant with current IT policy. An out-of-date virtual machine may pose a risk to the IT environment. If deployed and started, the out-of-date virtual machine might be vulnerable to attack or could be capable of attacking other network resources.
Therefore, IT groups must take measures to ensure that offline virtual machines remain up-to-date and compliant. At present, these measures involve temporarily bringing the virtual machine online, applying the necessary updates, and then storing it again.
In the future, image updating solutions may be able to update virtual machines while they remain offline. Until such solutions become available, the Offline Virtual Machine Servicing Tool, a Solution Accelerator from Microsoft, provides a way to automate the process of updating virtual machines. This tool is now available as a free download from the Microsoft Download Center.
Source: http://technet.microsoft.com/en-us/library/cc501231.aspx
Version 2.0 just got released on the 20th of November. What's new?
This is the second release of the Offline Virtual Machine Servicing Tool. This version completely replaces version 1 and adds important new support for Hyper-V, Virtual Machine Manager 2008, and Windows Server® 2008. In addition, version 2 of the tool supports System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 R2, and Windows Server® Update Services 3.0 SP1.
When you install this Solution Accelerator, the installer determines which version of System Center Virtual Machine Manager resides on the target computer, and configures the Offline Virtual Machine Servicing Tool 2.0 accordingly. Certain features of the tool are only available when it is installed with System Center Virtual Machine Manager 2008.
Click here to download the Offline Virtual Machine Servicing Tool 2.0.
I was wondering how this is done in case of VMWare. On their side, they have the VMWare Update Manager to achieve the same thing.
- VMware ESX and Virtualcenter Security Hardening Guide
- Catching up on virtualization security
- Free webinar and ebook "File virtualization for dummies"
- Wanted: experts on security issues of OS virtualization technologies
- VMWorld Europe: An update on security features
- Beware of virtualization exploits
- How to run Solaris 10 under VMware
- BackTrack 2 with Metasploit 3 as a Virtual Appliance
- Big Update on virtualization security
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
2 comments:
Interesting tool, but here's an interesting question: what happens when somebody restores a snapshot from before the patches were installed? Or will the update manager update the snapshot as well?
I doubt it. It's the same thing with restoring backups. If you restore an image from before an upgrade, you still have to re-install the software.
Consult your software manual to make sure.
Post a Comment