Home > Blogs > VMware Go Blog


Have a Happier Patch Tuesday with VMware Go Pro

By: Matt Sarrel

Patch Tuesday is the name we use to refer to that blessed day when Microsoft rains patches down on us from above.  OK, technically it is the second Tuesday of each month and the patches come across the Internet, but for an IT administrator it may feel like it’s raining patches.

This month Patch Tuesday is May 8.  Microsoft issued a notice yesterday that three of the patches are critical and four are important.  The three critical patches focus on preventing remote code execution attacks as do two of the important patches.  The other two important patches are intended to prevent privilege escalation.  These patches should be applied to all current versions of Windows.

The secret to surviving Patch Tuesdays is to have solid patch management policies and procedures in place beforehand.  VMware Go Pro is tremendously helpful in establishing and maintaining a strong patch management program.  IT Advisor scans the network to discover physical and virtual assets, and then inspects them to find missing Microsoft and third party patches.  Missing patches are prioritized based on the risk they present and then deployed.

Plus, the whole thing can be automated, which gives me a small shameful pleasure at how easy deploying patches has become.  I remember having to run around and apply patches from floppy disks, so this kind of set and forget functionality is light years ahead of that.  Automated patching can save a tremendous amount of time and resources for many small businesses.

After scanning my test workstation, I can easily see what needs to be patched and how important that patching is.  The Patch Summary screen presents this info concisely and shares the latest News from Patch Patrol.  Please note that these screen shots do not include the patches for May 8, 2012 because I’m writing this post in advance.

  1

I simply click the Deploy Missing Patches button and VMware Go Pro walks me through the process.  First I choose machines to target:

  2

It’s worth noting that I can put machines in groups and then schedule scans and deployment on a group level, for example, all desktops get scanned and patched on Tuesday night, all laptops get scanned and patched on Wednesday morning when they return to the office.  I’m only going to patch one machine for now, and I’m going to apply all the patches; if I wanted to I could select them patch by patch.

The last step is deciding how the patches should be deployed.  It’s a good practice to reboot machines after deployment so I’ll leave that checked.  And I might as well go ahead and deploy using my current credentials because they’ll work on my test machine.

3
 
After clicking the Start Patch Deployment button I’m asked to verify my settings, plus VMware Go makes it very clear that machines will reboot!  I can sit back and watch, or go get another double espresso. 

4

I can tell that it is running because I see this at the top of the screen:\

  5

And clicking on the “1” displays more information:

  6

It seems like the next logical step is to schedule patch deployment so I don’t have to do this manually from now on.  I click Schedule Deployment and I’m prompted to create a new schedule.

7

My installation is simple so I don’t have any machine groups, but it’s a good idea to start creating them.  When I’m running VMware Go for my whole lab it will make sense to have machine groups to spread the load around a little. 

8

This is so easy, all I have to do is select a day and a time for the job to start.  I’ve selected Tuesday at 2 AM.

9
 
Now Patch Tuesday should be fully automated.  No more users complaining on Wednesday morning about waiting for all the patches to deploy.