Hi expert,
If some patches of OS for security vulnerablity are released, the blueprint architect need to update the VM template for blueprints.
I think we have to follow the step written below:
1. reconvert the template to VM
2. power on VM
3. apply the patch to VM (Sometimes we have to pay attention to the library dependency.)
4. shutdown VM
5. convert the VM to template
Updating template can be painful task so it really helpful if I can automate this from handring template to applying the patch.
Is there any good idea to solve this? How does vRA user reflect the frequent patch release to the vRA blueprint?
I would like to know whether we can use useful tools or need to write scripts.
Ideally you have a patch management server handling this for you on first boot. That way, the template itself only needs to be updated around four times per year.
Hi Grant,
Thank you for your reply. Why four times per year? I think it's depend on security vulnerability release.
That's just personal preference from my days in operations. You would have a base template no older than three months, which should mean minimal time patching on boot through WSUS or SCCM.
The ongoing updates or approved updated on WSUS/SCCM would be much more regularly approved of course.
OK, personal preference.
In your case, it is enough to update the template four times per year, and users apply patches to vm just during power-on.
On the other hand, I tried to find the solution to fully automate the update task of template timely.
Anyway Thanks.