How Patch Deployment Works For Hosted Virtual Machines And Templates

Version 3

    Purpose

     

    This document provides information about how patch deployment works with hosted virtual machines and templates.

     

    Description

     

    Shavlik Protect has the ability to deploy patches to hosted virtual machines (VMs) in either an online or offline state, as long as they have been added to a machine group via the 'Hosted Virtual Machines' tab. Additionally, VM templates can be patched using this method.

    Untitled.jpg

     

    Assuming you have already performed a scan, below is the expected behavior and steps taken for deploying patches:

     

    Deploy Immediately

    • Online Hosted VM
      • Push files and initiate deployment immediately. The process is the same as a physical machine except that snapshots will be taken as directed by the deployment template.
    • Offline Hosted VM
      1. (Optional) Take a snapshot if the deployment template is configured to take a pre-deployment snapshot and delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
      2. Copy the patches to the offline virtual machine.
      3. Reconfigure the following on the offline virtual machine:
        1. Disable the network adapter's Connect at power on option. This is done so that the machine is isolated from the network when the patch process is run.
        2. Disable Sysprep so it will not automatically configure the machine's operating system when the machine is first powered on.
      4. Power on the virtual machine.
      5. Install the patches.
      6. Power down the virtual machine.
      7. Reset the machine configuration to its original network connection and Sysprep settings.
      8. (Optional) Take a snapshot if the deployment template is configured to take a post-deployment snapshot and delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
    • VM Template
      1. Convert the virtual machine template to an offline virtual machine.
      2. (Optional) Take a snapshot if the deployment template is configured to take a pre-deployment snapshot and delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
      3. Copy the patches to the offline virtual machine.
      4. Reconfigure the following on the offline virtual machine:
        1. Disable the network adapter's Connect at power on option. This is done so that the machine is isolated from the network when the patch process is run.
        2. Disable Sysprep so it will not automatically configure the machine's operating system when the machine is first powered on.
      5. Power on the virtual machine.
      6. Install the patches.
      7. Power down the virtual machine.
      8. Reset the machine configuration to its original network connection and Sysprep settings.
      9. (Optional) Take a snapshot if the deployment template is configured to take a post-deployment snapshot and delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
      10. Convert the offline virtual machine back to a virtual machine template.


    Scheduled Deployment

    • For all instances when deploying to a hosted virtual machine, whether it be online, offline, or a template; Protect will set up the scheduled deployment on the Protect console.
    • At the scheduled time (or, for 'Install at next reboot' deployments, when the machine is restarted), the scheduled deployment will be initiated.
    • At the time of the deployment, it will use the same steps as listed above for patching of the hosted VM. (Treat as an immediate deployment at time of schedule)
    • This is designed as a fail-safe in case the state of the VM is changed prior to the scheduled deployment taking place so that the scheduled deployment will not fail.

     

    Additional Information

     

    Please refer to these Help documents for further/related information:

    Shavlik Protect Help: Deploying Patches to Virtual Machines and to Virtual Machine Templates

    Virtual Machine Template Patching Requirements & Informational Document

     

    Affected Product(s)

     

    Shavlik Protect 9.x