security support VMware Infrastructure 3

The Why’s and How’s of ESX patching

From the new VMware Security Blog, Nand Mulchandani responds to the article by Ron Oglesby and Dan Pianfetti at virtualization.info about the number of patches that VMware has released for VI3.

Link: VMware Security Blog > ESX patching questions.

Recently there was an article on “Patch Tuesday for VMware”
over at Virtualization.info. It is an interesting article that raised
some questions that we thought we might be able to shed some light on.
The article was more focused on patching and not security alone, but
since patching has now been so closely associated with security, so
I’ll jump in and provide a response on our security blog.

As the article points out, "patching is a necessary evil" – and that the existence of ESX patches should not come as a shock to anyone. So let’s talk about the sinister plan behind the increase in ESX patches. …

You should read the whole thing. (Seriously. Nand explains it well.) One gee-whiz part for me is with the new Update Manager — and even pre-3.5 with just DRS and VMotion — how the end-user and admin experience for VI patches is very much not like MS Patch Tuesday. The other gee-whiz is the percent of patches that have been going to the Red Hat-derived Service Console, which of course with 3i is now  gone.