carbonbase
asked on
Patching Hyper-V environment
I have a number of Hyper-V servers running Windows 2012 Core which have not been patched in some time. Can I just patch the Hyper-V hosts or do I need to patch the VM's as well.
For background, this is a legacy environment and they people that built it have left the company some time ago without any handover. Windows Update service has been disabled on all the vm's for some reason. The vm's are a mix of Windows 7 and Windows 2008R2.
Is it just enough to patch the Hyper-V hosts?
For background, this is a legacy environment and they people that built it have left the company some time ago without any handover. Windows Update service has been disabled on all the vm's for some reason. The vm's are a mix of Windows 7 and Windows 2008R2.
Is it just enough to patch the Hyper-V hosts?
No, not enough just to patch the Hosts ... you need to patch VMs as well .... and, if that hasn't been done for a while expect GBs of patches to be downloaded and installed ...
if you are talking about a production environment, then both Hyper-V host and the VMs running on it should be updated, and always do so as a best practice.
FYI - the Hyper-V host here provides only hardware support for the VMs including physical memory, storage and processor power. every VM works individually like a real server, hence they need to be updated as normal servers.
FYI - the Hyper-V host here provides only hardware support for the VMs including physical memory, storage and processor power. every VM works individually like a real server, hence they need to be updated as normal servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Both the hosts and the guests need to be patched.
Expect downtime for the guests that are running on the host to be patched. If the hosts are domain joined then Shared Nothing Live Migration could be used to move the VMs to another host (mindful of licensing) to avoid downtime.
There is a just released patch for the Remote Desktop Protocol that is patching a vulnerability that is WannaCry like in that the bad actors can worm across all operating systems with the vulnerability.
Long and short of it is to patch! I suggest subscribing to www.patchmanagement.org. It's an awesome resource.
Expect downtime for the guests that are running on the host to be patched. If the hosts are domain joined then Shared Nothing Live Migration could be used to move the VMs to another host (mindful of licensing) to avoid downtime.
There is a just released patch for the Remote Desktop Protocol that is patching a vulnerability that is WannaCry like in that the bad actors can worm across all operating systems with the vulnerability.
Long and short of it is to patch! I suggest subscribing to www.patchmanagement.org. It's an awesome resource.
ASKER
Thanks all for your comments. As I suspected, but thanks for confirming.