Which have you found works better for keeping Windows Server 2003 guests up to date -- VUM (VMware Update Manager) or WSUS (Windows Software Update Services)??
Why?? Any tips or tricks to share??
Thank you, Tom
If you have licenses for Windows SUS server I would stick with that, if you don´t and are looking at saving on costs VMware Update Manager could be a reasonable alternative. If money is not an issue get your hands on Windows SUS.
If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!
I agree, WSUS is better. VM update is a poor man's WSUS, and it's not the best to manage. For one thing you can target machines by OU or account, or just about anything on your AD. VM updates won't let you do this, you have to decide which machines get which updates, which is a LOT more overhead.
WSUS is the way to go. For small shops with no real AD or Network admin will probably use VM updates for Windows. Besides Windows pretty much manages itself, just turn on automatic updates. I would use Automatic updates before I would let VM update the Windows guests.
WSUS itself does not cost anything -- just the license and time for
setting up a Win2k3 server.
I hope to find out which give more comprehensive updates and is easier
or more efficient to use.
VUM seems to give only security updates but it is much easier than WSUS,
whereas WSUS will also do services packs and the like, for example, but
it is not as easy to use and takes more time than VUM.
Thank you, Tom
VUM seems to give only security updates but it is much easier than WSUS, whereas WSUS will also do services packs and the like, for example, but it is not as easy to use and takes more time than VUM.
You need to pick up a book on Windows 2003 Administration. WSUS isn't that hard, in fact it's easier than VM updates. Everything is done via OU or group policy. WSUS might be harder to setup, but once it's setup properly, you can drop machines into groups, and WSUS can automatically authorize critical updates, and ignore non-criticals, and those machines get patched, with no intervention. Remediation is done in order, WSUS is a parallel update, you can do your entire organization in minutes, whereas VM updates takes longer.
If you do not have a management tools to manage the patch activities, I will suggest to go for VM update manager.
If you already have existing tools to manage it, then you should stick with the existing method
standardization is always helpful for operation management.
Is really depend what is your preference.
Craig
Maybe SP1 makes WSUS a little easier to work with, I hope!!!
I'll wait for more replies to come in today while this thread still has
some freshness, but it looks like WSUS for the Windows updates and VUM
for VMware itself.
I started this thread because I thought it might help not just me but
also other people.
The parallel aspect of WSUS is not something that's immediately obvious,
and it seems helpful.
When I tried WSUS before I had a policy for it to look at the WSUS
server and know what to do, I must look up how to ensure that not all
updates occur all at the same time because some servers depend on other
servers.
Thank you, Tom
When I tried WSUS before I had a policy for it to look at the WSUS server and know what to do, I must look up how to ensure that not all updates occur all at the same time because some servers depend on other servers
Well Microsoft took this into account. WSUS has a built in default of 10 minutes offset. So when updates are triggered, the client randomly select some seconds between 10 and 600 seconds, so they don't ALL start precisely at the same time. Also updates are done via OU, so you should have OU for Domain Controllers, domain machines, Servers, etc.. So that when you do the updates for these different OU they ALL don't get hit, that's why you target at the OU level, because if you do update and it causes that server to go offline it won't take down ALL your production servers at once..
WSUS 3.1 is the latest version, and it's much better than before.
We use WSUS 3.0 to update all our VMs, as we also have physical machines and the client computers are physical so we need it anyway.
In addition WSUS is just better and you cant complain for free (apart from the OS license)
I run WSUS in a server 2008 virtual machine
Andy, VMware Certified Professional / VMware vExpert Award 2009
If you found this information useful please award points using the buttons at the top of the page accordingly.
Interesting comment about Windows Server 2008.
Can Windows Server 2008 servers exist in a Windows 2003 domain??
Is it necessary to add more TS CALs etc. specifically for the Win2k8
server(s)??
Thank you, Tom
Can Windows Server 2008 servers exist in a Windows 2003 domain??
Of course! Why not? It depends on your AD forrest / Domain level. You can set it to Windows 2000 or Windows 2003.
Windows 2008 can certainly be a member server on the domain in either of those. It's only the AD components, and it's between the DC not the member servers that makes the difference.