Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1465
  • Last Modified:

VMware update manager vs Microsoft updates

We have a series of ESX 3.5 VM's that are referenced against a dynamic VMware baseline for updates. The baseline is set to check weekly for Critical updates, another task schedules the VM scan to compare against the baseline.
With VM's remediated against the latest baseline I am seeing a larghe discrepancy between what VMware sees as required critical updates, and what microsoft feels are required critical/hi priority updates.
I understand that the updates come from different sources, but can anyone explain why they might be so vastly different?
0
agradmin
Asked:
agradmin
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
za_mkhCommented:
We use VMWare Update Manager, but have to say that we only use it for ESX host update management. We keep to WSUS for the MS updates. The update source VMWare Update Manager uses is by a company called Shavlik (www.shavlik.com)
It could be that they are not updating as quickly as MS pushes the updates out? But as far as I know Shavlik should be deciding as to what an update's criticallity is?
0
 
jderaCommented:
If am understanding correctly, you are comparing 2 completely different things, you can't compare these the VMware updates are the vmhost platform.  The microsoft updates are for the server running on top of of the VMhost.
0
 
Paul SolovyovskySenior IT AdvisorCommented:
From what I've seen use VMWare Update for hosts and use WSUS for microsoft updates (it can be a VM)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
agradminAuthor Commented:
For clarification, it is the MS Vm guests that pose the problem - we do use Update manager to update the ESX hosts.
We can use WSUS to update the VM's - are others using WSUS due to preference or resulting from similar problems with updating guests with Update Manager?
What are the advantages of using WSUS? - I like the scheduling and snapshot ability built into Update Manager.
0
 
Paul SolovyovskySenior IT AdvisorCommented:
We implement WSUS for Windows OS because it's designed for Windows and not a 3rd party product so we know that it will download all the updates that we need.  Just as VMWare does a good job with Updater for the host updates we usually stick to what works for each product.  
0
 
za_mkhCommented:
At the moment, we also stick to 'best' of breed for each application, in that WSUS for MS, and VUM for ESX hosts. But the shavlik techonology is pretty interesting (since it can manage security for so many more applications) so we are actually looking at that to see if we can manage our estate via that (regardless of whether PC is physical or virtual).
But you are right, I too like the facility to snapshot VM's before applying updates, and then automatically removing them after a predefined time. I guess to answer your question, you could maybe direct it to the shavlik (who provide the MS updates) for the VUM. You could get a better answer out of them.
Good luck
0
 
agradminAuthor Commented:
After more searching VMware/Shavlik download patches that are deemed 'Critical', where MS is downloading those rated as "Priority". The MS "Priority" patches outnumber the Vmware "Critical" hence the difference.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now