Do you deploy any specific procedures around keeping off and suspended guests patched with OS security updates and AV definitions? If not - what is the risk? If yes - why so, why the need? I.e. if you power them on after 6 months they'll obviously be behind (I assume you cant patch and off or suspended guest?) but wouldnt your patch management and AV update tools just kick in and patch them the next time they are on?
I've been going through one of the DoD checklists and they say organisations must have some sort of process to keep off/suspended guests patched.
From vCenter - where could one see a list of currently off and suspended guests, could anyone provide a screenshot? And is there any where that you can see how long they have been "off" or "suspended for"?