How often do you patch vmware?
azjag
Member Posts: 579 ■■■■■■■□□□
I'm working on an SOP for patching our virtual environment. I wanted to see how others were handling this as it is not windows/linux os patching.
I'm the type of person that will patch vmware via update manager on a monthly basis and firmware (Blade Chassis) on a quarterly basis. My teammate would rather patch vmware every 6 months and firmware every year or two.
What do you think is a good mix of keeping up to date vs. not living on bleeding edge of updates?
Thanks,
I'm the type of person that will patch vmware via update manager on a monthly basis and firmware (Blade Chassis) on a quarterly basis. My teammate would rather patch vmware every 6 months and firmware every year or two.
What do you think is a good mix of keeping up to date vs. not living on bleeding edge of updates?
Thanks,
Currently Studying:
VMware Certified Advanced Professional 5 – Data Center Administration (VCAP5-DCA) (Passed)
VMware Certified Advanced Professional 5 – Data Center Design (VCAP5-DCD)
VMware Certified Advanced Professional 5 – Data Center Administration (VCAP5-DCA) (Passed)
VMware Certified Advanced Professional 5 – Data Center Design (VCAP5-DCD)
Comments
-
kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□REMOVED UNNECESSARY QUOTE
Quarterly unless is a critical then ASAP. -
pwjohnston Member Posts: 441We only patch when we upgrade to a new vSphere version. :P This is not my choice though. I work with a lot of Linux types who think that if it's stable don't mess with it. They even resist patching when the vendor advises it if they can't find a reason for the patch in the change log...
-
cyberguypr Mod Posts: 6,928 ModUnfortunately my environment is very reactive so only when our vulnerability management products alerts of missing patches.
-
Verities Member Posts: 1,162kriscamaro68 wrote: »Quarterly unless is a critical then ASAP.
We do the same. -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Barely. We tend to 'never break a running system'. VMware sometimes tend to introduce a series of bugs which keeps affecting us so when it works, it works. Another problem is compatibility and required upgrade sequence.
We use so many VMware features (vCloud, vShield and whatnot) that patching and upgrades can be a nightmare.
Different thing with PCI-DSS environments of course. There you need to patch every three months or so.My own knowledge base made public: http://open902.com -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□jibbajabba wrote: »Barely. We tend to 'never break a running system'. VMware sometimes tend to introduce a series of bugs which keeps affecting us so when it works, it works. Another problem is compatibility and required upgrade sequence.
This is our mentality after a few lessons learned the hard way. Also, wait at least a quarter before upgrading to a new version. 5.1 and SSO, enough said.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
kj0 Member Posts: 767jibbajabba wrote: »We use so many VMware features (vCloud, vShield and whatnot) that patching and upgrades can be a nightmare.
We patch only if we really need to, we work the same times as the business is in operation and don't get much time in "Off-Business" seasons to do so. -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Just make sure you do it in the right order .jibbajabba wrote: »Another problem is compatibility and required upgrade sequence.
I rember we were between a rock and a hard place once. One bug was fixed with patch #a but patch #b had a known issue which also affected customers. So do you leave a broken system or upgrade to a broken systemMy own knowledge base made public: http://open902.com -
kj0 Member Posts: 767jibbajabba wrote: »
-
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Well D'ur
I just mean it can be a right pain if you hit build numbers where you run into compatibility issues. A lot of people sometimes even forget what they have in their environment and that you need to check every piece of the puzzle (Oh look, Dataprotection stopped working weeks ago - and how about that Usagemeter ).
So a simple update can mean you are busy for several nightsMy own knowledge base made public: http://open902.com -
kj0 Member Posts: 767REMOVED UNNECESSARY QUOTE
]Stop everything > clean install > restore from Veeam > Partay! -
bertieb Member Posts: 1,031 ■■■■■■□□□□.............. Also, wait at least a quarter before upgrading to a new version. 5.1 and SSO, enough said.
I'm still crying from that oneThe trouble with quotes on the internet is that you can never tell if they are genuine - Abraham Lincoln