Solved

VMware update manager vs Microsoft updates

Posted on 2009-03-31
7
1,426 Views
Last Modified: 2012-05-06
We have a series of ESX 3.5 VM's that are referenced against a dynamic VMware baseline for updates. The baseline is set to check weekly for Critical updates, another task schedules the VM scan to compare against the baseline.
With VM's remediated against the latest baseline I am seeing a larghe discrepancy between what VMware sees as required critical updates, and what microsoft feels are required critical/hi priority updates.
I understand that the updates come from different sources, but can anyone explain why they might be so vastly different?
0
Comment
Question by:agradmin
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 21

Accepted Solution

by:
za_mkh earned 400 total points
ID: 24032931
We use VMWare Update Manager, but have to say that we only use it for ESX host update management. We keep to WSUS for the MS updates. The update source VMWare Update Manager uses is by a company called Shavlik (www.shavlik.com)
It could be that they are not updating as quickly as MS pushes the updates out? But as far as I know Shavlik should be deciding as to what an update's criticallity is?
0
 
LVL 20

Expert Comment

by:jdera
ID: 24034156
If am understanding correctly, you are comparing 2 completely different things, you can't compare these the VMware updates are the vmhost platform.  The microsoft updates are for the server running on top of of the VMhost.
0
 
LVL 42

Expert Comment

by:paulsolov
ID: 24035755
From what I've seen use VMWare Update for hosts and use WSUS for microsoft updates (it can be a VM)
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:agradmin
ID: 24038400
For clarification, it is the MS Vm guests that pose the problem - we do use Update manager to update the ESX hosts.
We can use WSUS to update the VM's - are others using WSUS due to preference or resulting from similar problems with updating guests with Update Manager?
What are the advantages of using WSUS? - I like the scheduling and snapshot ability built into Update Manager.
0
 
LVL 42

Assisted Solution

by:paulsolov
paulsolov earned 100 total points
ID: 24038868
We implement WSUS for Windows OS because it's designed for Windows and not a 3rd party product so we know that it will download all the updates that we need.  Just as VMWare does a good job with Updater for the host updates we usually stick to what works for each product.  
0
 
LVL 21

Assisted Solution

by:za_mkh
za_mkh earned 400 total points
ID: 24044046
At the moment, we also stick to 'best' of breed for each application, in that WSUS for MS, and VUM for ESX hosts. But the shavlik techonology is pretty interesting (since it can manage security for so many more applications) so we are actually looking at that to see if we can manage our estate via that (regardless of whether PC is physical or virtual).
But you are right, I too like the facility to snapshot VM's before applying updates, and then automatically removing them after a predefined time. I guess to answer your question, you could maybe direct it to the shavlik (who provide the MS updates) for the VUM. You could get a better answer out of them.
Good luck
0
 

Author Closing Comment

by:agradmin
ID: 31564927
After more searching VMware/Shavlik download patches that are deemed 'Critical', where MS is downloading those rated as "Priority". The MS "Priority" patches outnumber the Vmware "Critical" hence the difference.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question