How often do you patch vmware?

azjag

I'm working on an SOP for patching our virtual environment. I wanted to see how others were handling this as it is not windows/linux os patching.

I'm the type of person that will patch vmware via update manager on a monthly basis and firmware (Blade Chassis) on a quarterly basis. My teammate would rather patch vmware every 6 months and firmware every year or two.

What do you think is a good mix of keeping up to date vs. not living on bleeding edge of updates?

Thanks,

kriscamaro68

REMOVED UNNECESSARY QUOTE

Quarterly unless is a critical then ASAP.

pwjohnston

We only patch when we upgrade to a new vSphere version. :P This is not my choice though. I work with a lot of Linux types who think that if it's stable don't mess with it. They even resist patching when the vendor advises it if they can't find a reason for the patch in the change log...

cyberguypr

Unfortunately my environment is very reactive so only when our vulnerability management products alerts of missing patches.

Verities

kriscamaro68 wrote: »

Quarterly unless is a critical then ASAP.

We do the same.

jibbajabba

Barely. We tend to 'never break a running system'. VMware sometimes tend to introduce a series of bugs which keeps affecting us so when it works, it works. Another problem is compatibility and required upgrade sequence.

We use so many VMware features (vCloud, vShield and whatnot) that patching and upgrades can be a nightmare.

Different thing with PCI-DSS environments of course. There you need to patch every three months or so.

iBrokeIT

jibbajabba wrote: »

Barely. We tend to 'never break a running system'. VMware sometimes tend to introduce a series of bugs which keeps affecting us so when it works, it works. Another problem is compatibility and required upgrade sequence.

This is our mentality after a few lessons learned the hard way. Also, wait at least a quarter before upgrading to a new version. 5.1 and SSO, enough said.

kj0

jibbajabba wrote: »

We use so many VMware features (vCloud, vShield and whatnot) that patching and upgrades can be a nightmare.

Just make sure you do it in the right order


We patch only if we really need to, we work the same times as the business is in operation and don't get much time in "Off-Business" seasons to do so.

jibbajabba

kj0 wrote: »

Just make sure you do it in the right order .

jibbajabba wrote: »

Another problem is compatibility and required upgrade sequence.

I rember we were between a rock and a hard place once. One bug was fixed with patch #a but patch #b had a known issue which also affected customers. So do you leave a broken system or upgrade to a broken system

kj0

jibbajabba wrote: »

Silly Jibbs ... I meant if you do it in the correct order you shouldn't have an issue.

jibbajabba

Well D'ur

I just mean it can be a right pain if you hit build numbers where you run into compatibility issues. A lot of people sometimes even forget what they have in their environment and that you need to check every piece of the puzzle (Oh look, Dataprotection stopped working weeks ago - and how about that Usagemeter ).

So a simple update can mean you are busy for several nights

kj0

REMOVED UNNECESSARY QUOTE

]Stop everything > clean install > restore from Veeam > Partay!

bertieb

iBrokeIT wrote: »

.............. Also, wait at least a quarter before upgrading to a new version. 5.1 and SSO, enough said.

I'm still crying from that one