Using Auto-Deploy as part of Vulnerability Management

Our security team are all over us around patching of ESXi 6.x hosts. We are a small team (2 people) with 45 ESXi hosts to manage. Worse still, some clusters only have 1 hosts due to guest software licensing restrictions (oracle!). Regardless, we have to patch the hosts. Now, we could use the 'normal' methodology:

  • Use VUM to evacuate VMs, patch and reboot hosts. If issues, roll back patches
  • Repeat

So this seems time consuming to me for 2 reasons:

  • time taken need to reboot
  • time taken to back out patch if need be

I guess I could script up the whole thing using VCO but again, time I don't have ....

So, one other technology that caught my eye was auto-deploy. I was thinking it might be possible to do the following:

  • patch an offline image with patches
  • auto-deploy image to ESXi hosts
  • Rollback simply boot from old image

Anyone doing something similar or see any blockers here?

0 Kudos
0 Replies