Solved

off / suspended guests and AV/Patch

Posted on 2012-03-27
12
342 Views
Last Modified: 2012-06-27
Do you deploy any specific procedures around keeping off and suspended guests patched with OS security updates and AV definitions? If not - what is the risk? If yes - why so, why the need? I.e. if you power them on after 6 months they'll obviously be behind (I assume you cant patch and off or suspended guest?) but wouldnt your patch management and AV update tools just kick in and patch them the next time they are on?

I've been going through one of the DoD checklists and they say organisations must have some sort of process to keep off/suspended guests patched.

From vCenter - where could one see a list of currently off and suspended guests, could anyone provide a screenshot? And is there any where that you can see how long they have been "off" or "suspended for"?
0
Comment
Question by:pma111
  • 5
  • 4
  • 3
12 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 37770558
I think you need to do that with powercli
0
 
LVL 30

Accepted Solution

by:
IanTh earned 250 total points
ID: 37770562
see
http://read.virtualizeplanet.com/?p=157

you could see it in vcenter but as it logs everything at the bottom finding a spcific vm off after 6 months
0
 
LVL 30

Expert Comment

by:IanTh
ID: 37770573
0
 
LVL 118

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
ID: 37770576
If we Suspend Machines (which we do not really) for any length of time, when a VM is Powered On it will be discovered by AV and Patching software automaitcally and updated to Company Standards.

All Physical and Virtual machines need to be patched and maintained, whether on or off.

in vCenter the Virtual Machine will have a "pause symbol" indificating Suspended in the Inventory.

Suspended Machine
Suspended Machine
The event logs in vCenter would state when the Machine was Suspended.
0
 
LVL 3

Author Comment

by:pma111
ID: 37770730
>All Physical and Virtual machines need to be patched and maintained, whether on or off.

Why so, because if you turn it back on, then surely then the AV/PM solution wll find it, find its out of date and update it? Are you saying you schedule an "on window" where you patch it, then turn it off again, until the next window?

Whats the symbol for an "off" machine as opposed a suspended? Why would you suspend over turning it off, or is it the same issue?
0
 
LVL 3

Author Comment

by:pma111
ID: 37770738
My concern is if you have an unpatched machine thats off, who can attack it?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 118
ID: 37770760
In the screeshots above, a virtual machine which is OFF, does not have a Green Arrow or Yellow Suspended Pause Button.

It's just Blue. As per vMaster VM.

You would maybe want to Suspend, if you wanted to turn the VM on quicker, but I do not think it's used much in a Production World.

Yes, you need to ensure ALL Computers are patched.

Yes, in our Config, if a computer is attached to our LAN, and discovered by AV and Patching software it's updated.

IF THE MACHINE IS OFF, IT IS NOT AS RISK! IT CANNOT BE ATTACKED!
0
 
LVL 3

Author Comment

by:pma111
ID: 37770780
So you say all machines must be patched, but then say if its off theres no risk. So... why and how do you patch your "off" machines? Do you just turn them back on and let your AV/PM tool patch them, even if theyd been off say 6 months, or do you schedule maintenance windows to patch them in case they were ever back on. I.e. turn the offs on, patch, and turn them off again/

Can you explain why machines would be turned off for prolonged periods of time. And why they'd be off for minimal periods of time?
0
 
LVL 3

Author Comment

by:pma111
ID: 37770786
Im basically getting at do you need any special arrangements for machines you know will be off for some time. I.e. does the fact turning them on with 6 months worth of missing patches/AV cause a window of opportunity...
0
 
LVL 118
ID: 37770904
if our machines are OFF for an extended period the are for decommissioning.

otherwise machines are not turned off.

In the real world, machines would not be off for extended periods if in Production.
0
 
LVL 3

Author Comment

by:pma111
ID: 37770927
Why would they be off at all?
0
 
LVL 118
ID: 37770938
because they are going to be retired. deleted and archived.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now