Security Investigate

Best Practices for Patching VMware ESX/ESXi

Download now Free registration required

Executive Summary

VMware ESX is a versatile and complex software product that immensely benefits from the patches that VMware offers between ESX version releases. There are two kinds of patching: Proactive patch management is intended to prevent unplanned downtime. Reactive patching occurs in response to an issue that is currently affecting the running system and that needs immediate relief. The most immediate and common response to an issue/problem is to apply the latest patch or patches, which might seem capable of fixing the issue or problem. Either approach requires detailed investigation of the proposed fix. Basically, patch bundle contains a set of software changes for bug fixes, new features, new hardware support, or some combination of these changes. Patch bundles contain two types of data: the metadata in XML format and the binary in RPM format. A patch bundle can contain one or more RPMs and can require the user to apply one or more prior patch bundles. The increasing sophistication of today's software market, whether an operating system or an enterprise application, means occasional improvements are needed to defend against new variants of security risks, provide feature enhancements, and correct bugs. These improvements or updates can come in different forms such as patches or updates and are delivered using multiple vehicles. If the user is not familiar with the definitions and usage of the patching procedures and options available, software complexity may make the patch process seem complex. Some features like VMware Infrastructure administrator, the user can compare hosts and virtual machines against baselines to identify systems that are not in compliance.

  • Format: PDF
  • Size: 233.4 KB