News Stay informed about the latest enterprise technology news and product updates.

VMware users eye changes to Update Manager

No one’s heartbroken that VMware Update Manager won’t patch guest OSes after vSphere 4.1, but some users have suggestions for the product’s continued development.

The fact that VMware vCenter Update Manager will no longer patch guest operating systems as of the next vSphere release is fine by most users, but some have suggestions for the product’s remaining functions -- patching VMware Tools and virtual machine (VM) hardware.

VMware vCenter Update Manager (VUM) is a tool packaged with vCenter Server that provides automatic patching in Windows environments for guest OSes as well as automatic updates to underlying drivers from VMware, including VMware Tools and VM hardware modules.

After vSphere 4.1, according to VMware’s release notes, Update Manager will no longer patch the guest OS:

VCenter Update Manager 4.1 and its subsequent update releases are the last releases to support scanning and remediation of patches for Windows and Linux guest operating systems and applications running inside a virtual machine. The ability to perform virtual machine operations such as upgrade of VMware Tools and virtual machine hardware will continue to be supported and enhanced.

Users say good riddance to bad patching scenarios
Many users hadn’t relied on Update Manager for guest patching anyway. There are better options, said virtualization pros and consultants.

“In most cases Microsoft knows better how to deal with patching its operating systems anyway,” said Christian Mohn, network manager for Seatrans, a Norwegian shipping company. “I don’t see why VMware should try to be doing that. I’m happy that they’re going to be removing that feature from Update Manager.”

Marcel van den Berg, a virtualization consultant from the Netherlands, said most of his customers use Windows Server Update Services (WSUS) for patching guests instead.

“Using both VUM and Microsoft WSUS for patching Windows hosts is not efficient,” van den Berg wrote in an email. “System administrators are used to managing Windows patches using Microsoft WSUS and continue to use it for their virtual machines because it is doing a good job.”

One VUM feature van den Berg will miss is the ability to patch powered-off VMs.

“You want to keep these up to date without too much work. WSUS is a less efficient tool for this,” he said.

Johnny Figueroa, an architect for a healthcare company in the Southwest, had used Update Manager to patch guests, but ran into organizational as well as technical headaches.

Figueroa’s company fields 10 data centers and 7,000 servers. The virtualized Windows environment consists of some 700 VMs on 52 physical hosts. Shortly before a  vSphere 4.0  upgrade prompted Figueroa to update VM hardware through VUM, the company implemented a separate workflow process for patching servers, necessitated by the organization’s intolerance for downtime.

“I might be touching servers in the emergency room,” Figueroa said.

With a separate workflow to patch both physical and virtual servers, Update Manager was like a square peg in a round hole, Figueroa said. “What do I do? Turn over Update Manager to the regular server administrator that may know nothing about virtualization? Or make it part of their security patch cycle? Or do I let Update Manager do everything, meaning our shop changes the way we patch?”

Another, more minor, technical issue was the fact that VUM did not go back and “clean out” old drivers once the update process finished. In Figueroa’s experience, old drivers lingering on systems has led to some support issues in the past with other vendors.

“[I’m] looking forward to what types of different improvements will go into VUM,” Figueroa wrote later in an email. “Perhaps a cleaner way to upgrade the virtual machine hardware, I hope.”

Room for improvement, especially in Linux environments
Other users in large shops who also work in Linux environments say there’s plenty to be done when it comes to patching VMware Tools and VM hardware under Linux OSes, including the type of automation available under Windows.

“The installation of VMware Tools on the Windows side can be orchestrated/automated by VMware, from the installation of the files, to the reboot of the VM, and then the subsequent virtual hardware upgrade,” virtualization evangelist Jason Boche, who manages virtual infrastructure in a large enterprise environment, said via email.

This type of orchestration doesn’t happen on the Linux side, Boche said.  “In fact, the Linux OS may be missing a required [component] to even install the tools, whereas with Windows the tools will install on a brand new vanilla OS … Linux administrators can also be picky about what VMware Tools components they want installed.”

Another wrinkle for large shops running Linux is that the RPM Package Manager (RPM) -- a command-line package of utilities used to install, uninstall and update Linux software -- is no longer recommended by VMware, according to the ESX 4.1 Patch Management Guide.

A question in the FAQ at the end of the Patch Management Guide asks “When an RPM on my ESX host has a Linux equivalent, can I use the Linux RPM to update my system?” The answer is: “No. VMware recommends that you update your ESX 4.1 host with RPMs supplied by VMware.”

Maish Saidel-Keesing, a virtualization administrator for an Israeli technology company, said this will add to an already time-consuming process of updating VM hardware under Linux OSes.

For Mohn, who manages  a number of satellite servers aboard a fleet of 20 vessels, remote access to patch repositories for both Linux and Windows systems would also be preferable to the current version, which pushes patches through a central management system.

Centralized management is fine, Mohn said, but he’d like to see satellite servers hang on to a local repository of patches, which can then be applied with a command from the central server, rather than having to replicate the patches themselves from the central server. Alternatively, cloud-based patch repositories that could be accessed by satellite servers could be a good option, Mohn said.

Shavlik relationship lives on in VMware Go
Shavlik Technologies LLC, the OEM partner behind the current version of VUM, will continue to see its products integrated with new VMware Go packages for SMBs.

This is welcome news for users in smaller organizations, who prefer a one-stop shop for patching and don’t have to deal with organizational complexities like a larger organization does.

“It’s probably good for [VMware that it’s] not in the [guest OS] patch management business,” said Dwayne Lessner, regional manager of IT operations for a healthcare organization in the Pacific Northwest. “As long as [it] can provide APIs into Update Manager that coordinate pre-patch snapshots [with Shavlik], I think [VMware Go] seems worthwhile. I’m interested to see how this will pan out for smaller companies.”

Beth Pariseau is a senior news writer for Write to her at

Dig Deeper on VMware management tools

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.