A few questions about Update Manager (pardon me if these have already been addressed):
1. How does VUM figure out if a server is missing patches? Does it scan the files that it knows the patches contain for compliance? Does it look in the registry or crawl the drive for the Q folders?
2. Does VMware release an XML or some other file that tells VUM that there are new / updated files or does it pull this information from MS?
We currently use WSUS and I want to make sure that if one or the other is used for patching that their techniques are different enough to be a good validation for the other to make sure all my patches are installed.
1. Not completely sure how that works.
2. VMWare has a repository and they also have an agreement with shavlik.com that keeps a database of available updates for various products and both repositories are scanned for updates.
We have used VUM to update one of our virtual machines and VUM reports only one missing patch - MSWU-116. WSUS reports 6 missing patches (none of which are MSWU-116). Why would there be a discrepancy between these two tools in determining what needs to be remidiated?
For windows patches, VUM uses Shavlik API's to scan the windows vm's for missing patches. Shavlik uses a variety of methods to determine missing patches, including file comparison of patch file updates. So it is pretty thorough, and does a pretty good job. We used to use Shavlik NetChk protect and VUM is very similar to what NetChk does as a stand-alone.
-KjB