Indie101
asked on
Managing unpatched virtual machines
Usually I would look for change management , either manual or automatic patching
I have a customer who has pretty much performed no patching for 2 and a half years. For pretty much of all of their 100 virtual servers
Allied to this VMware tools , hardware versions aren't in line
Usually in my own experience, I would create test environment and apply patches there , a month behind MS Security Bulletin.
Now we're upgrading tools, hardware version currently 8, and the patches next week
Is there a best way to upgrade patches since June 2014?
I have flagged all this at the very start , that its not best practice etc to give them the outline, but I don't want to throw on a load of updates manually either (they have no WSUS, Shavlik ,or SCCM) etc
Any best way to do this? (its very frustrating as they lost 2 servers already that weren't patched, they just dont get it)
I have a customer who has pretty much performed no patching for 2 and a half years. For pretty much of all of their 100 virtual servers
Allied to this VMware tools , hardware versions aren't in line
Usually in my own experience, I would create test environment and apply patches there , a month behind MS Security Bulletin.
Now we're upgrading tools, hardware version currently 8, and the patches next week
Is there a best way to upgrade patches since June 2014?
I have flagged all this at the very start , that its not best practice etc to give them the outline, but I don't want to throw on a load of updates manually either (they have no WSUS, Shavlik ,or SCCM) etc
Any best way to do this? (its very frustrating as they lost 2 servers already that weren't patched, they just dont get it)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No consolidation either, i had looked into that in my first week
Thanks I have a plan in mind just wanted to check this here
Go through security bulletins, highlight and download updates (no office\windows 10 etc) and take it from there, I have one or two test vms, but not a complete standalone vCenter with test vms etc so this is going to take time
Using this
https://technet.microsoft.com/en-us/security/hh778967.aspx
Thanks I have a plan in mind just wanted to check this here
Go through security bulletins, highlight and download updates (no office\windows 10 etc) and take it from there, I have one or two test vms, but not a complete standalone vCenter with test vms etc so this is going to take time
Using this
https://technet.microsoft.com/en-us/security/hh778967.aspx
If they don't want to purchase software you are in luck as a Contractor, because they will just have to pay you more to do it.
To be honest with you rather than visiting every server, and downloading the same patches, I would recommend you stand up a WSUS server, install Windows 2012 R2, patch it, install WSUS, sync it with Microsoft, so you have ALL the patches required locally, this will speed up deployment.
and then create a new OU in Active Directory, Create a Group Policy, and move Servers into this Managed Folder.
and then on WSUS Approve Patches.
All this is going to add to the Project and keep you in beers!
To be honest with you rather than visiting every server, and downloading the same patches, I would recommend you stand up a WSUS server, install Windows 2012 R2, patch it, install WSUS, sync it with Microsoft, so you have ALL the patches required locally, this will speed up deployment.
and then create a new OU in Active Directory, Create a Group Policy, and move Servers into this Managed Folder.
and then on WSUS Approve Patches.
All this is going to add to the Project and keep you in beers!
ASKER
Thanks Andrew, just wanted to confirm what was there. Shavlik or some other tool would be great here
ASKER
This time around I have to go with manual unfortunately, its a bit of a joke but thats the customer, they've been briefed etc on difficulties of this
With a manual download of updates since June 2014, any best plan? Its a file server so no dependent software involved, Windows 2008 R2 64 Bit
I haven't had to plan like this since I did desktop ago 7 years ago. I have explained its not VMware and that VMware will not support it etc but thats all I can do