Hello,

I am quite new tothe VMware virtualization and was wondering what is the best way to regurally and automatically patch templates for creating new virtual machines. What I want to do is to provide a library of VM templates and be sure that anyone who deploy new machine out of these template will get compliant machine with all necessary patches installed. I can think out two possibilities:

1. Use Update Manager. Update manager is able to patch offline images, templates including. Problem is that downloading patches from shavlik.com site which is the only site I can download patches for offline patching from doesn't work in my company due to the restrictive policy on our proxy server. Although this is probably solvable with certain amount of effort, there is the other problem that the patches are available only for Microsoft systems and some Linux distributions (no Ubuntu, no Solaris...) so that wouldn't be an option for these systems anyway.

2. Use Orchestrator. Automate the patching using VMware Orchestrator. I can imagine something like this: remove template tag --> turn on VM --> somehow initialize patching routine --> turn off VM --> mark the VM as template.
   Here I am not quite sure how difficult would be to do this (especially
   the "somehow intialize patching routine" part, parhaps I would need to
   run sshd daemons on the machines to be able to run command remotely, or
   is this possible via VMware tools?)

What is your opinion on this? How do you do this in your enterprise? Are there any better ways than the above ones to do the patching?

Thanks,

Prema