Are VMWare Snapshots Good When Installing Patches?

Just wondering if using the snapshot feature is sufficient for installing OS patches in case something goes wrong and need to revert back to before the patches were installed. Thanks.
jaxjagsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Curt PetriccaIT TechnicianCommented:
We always snap our servers before we patch or do any maintenance on them. We also do a full backup with VEEAM in case the snapshot bites the dust.
0
andreasSystem AdminCommented:
In general yes, but there are some cases where snapshots can go wrong. E.g. in an AD environent. Restoring snapshots can cause AD corruption as the other servers and the rolled back ones do have different AD-databases.

http://www.virtualizationadmin.com/blogs/lowe/news/dont-snapshot-domain-controllers-96.html

Also if the snapshot of a client is quite old it could be kicked out of the domain after restoring the snapshot (but it an be joined back normally).
1
McKnifeCommented:
Asking this suggests, that you are unsure what the snapshot feature means. It means, you can rollback to a point in time completely, as if nothing that happened after that snapshot has ever happened. So yes, snapshots are certainly perfect for this.
Edit [as I see Andreas' comment right now] after 30 days, the computer's password is changed, so rolling can always mean to lose domain membership. Therefore, if you really plan to keep snapshots that long, you need to run a command right before the snapshot that changes the computer password, then, so that you have the full 30 days:
nltest.exe /sc_change_pwd:yourdomain.local
1
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
I'm going to say NO.

Performance is poor on a snapshot snapshots are evil.

I would recommend Full Backup or CLONE.

Not a snapshot and based on EE members questions on snapshots they don't understand them and get into snapshot hell.
2
McKnifeCommented:
1
Curt PetriccaIT TechnicianCommented:
Andrew,

While I agree with you about how badly a snapshot can cause performance loss on a server, I have to disagree with your perspective. As long as you do what you need to do and then remove the snapshot and consolidate the disks if required you will not have any issues.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
I'm just basing my evidence on EE questions Asked about Snapshots in the last five years and those that have corrupted failed VMs.
0
andreasSystem AdminCommented:
I strongly disagree on that. See here too.

http://www.vsysad.com/2012/12/dont-take-snapshots-of-a-domain-controller/

On 2012 and only on Hyper-V snapshots for an AD-Server are supported.

Besides this you may mess up things. There might be problems lurking that are not visible immediately but may cause havoc later.
Ive seen broken AD-forests due to snapshotting/imaging.

One thing you can do is to halt the other servers b4 you do the snapshot on the server you want to try out things, then let the others offline until the one with the snapshot is rolled back or confirmed working good.

After the others came back online do not revert the snapshot anymore.

It might work, it even might work without any issues, it might went will 1000times and in the 1001 time it might break.
0
McKnifeCommented:
"On 2012 and only on Hyper-V snapshots for an AD-Server are supported." - well that's what I said, right? No reason to call it "strongly disagree" if you actually agree.
I am not saying: hey let's do as many snapshots as possible on our DCs, no. Always be careful. I just felt the need to mention that 2012 was a game changer in that respect :)
0
Curt PetriccaIT TechnicianCommented:
I have to ask the question then... OP can you specify if you are using VMWare or Hyper-V?

If you are working on a DC then I would also have to recommend against snapshots as I should have specified in my earlier post I do this on servers that aren't redundant. There is no need to do this for your DC's as they would just fail over and continue operating as designed. Backups are always a highly recommended practice still.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Question is tagged VMware! But either hypervisor, or any hypervisor, the same applies!
0
andreasSystem AdminCommented:
My strongly disagree was pointed on Curts post. Not on your one.

Also jaxjags didnt mention what version of OS he want to snapshot and restore.
So my comments just aimed towards that its not ALWAYS a good idea to snap and restore as you like. It depends strongly on your situation.

For clients its in  very most cases okay. besides that fact of the changing machines passwords every 30 days and the drop from domain if restore of snapshot will be too old an the machines password already changed in the meantime.

But its indeed a great thing that 2012 now supporting snapshotting on Hyper-V
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
The answer is it depends.  I would use snapshot for following scenarios:

- File and print server
- Web server
- Application server

I would not use Snapshot for following scenarios:

- Active Directory and other directory services server
- Exchange server (unless you shut off all services and test snapshot for OS patches, etc.)
- SQL server (unless you shut off all services and test snapshot for OS patches, etc.)
- Certificate Authority servers
- Any server running/serving anything transactional
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Full VMware Virutal Machine Backup before patching or CLONING before patching.

Just like you would practice for any change control event on a Production server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.