Patch for Windows® Servers, powered by Shavlik
•For information on using virtual machine templates in patch scans
•The type of virtual machine template (server template, workstation template, etc.) does not matter, they are all supported by Ivanti Patch for Windows® Servers.
•Only virtual machine templates that are hosted on a VMware server are supported by Ivanti Patch for Windows® Servers. The templates are added to a machine group using the Hosted Virtual Machines tab. Virtual machine templates that reside on individual workstations are not supported.
•As with anything that involves components on a network, errors can occur if connections go bad, if servers are shut down, if a template is modified while being accessed by Ivanti Patch for Windows® Servers, etc. In general, the templates should not be touched at any time during the scanning or patch deployment process.
•When you initiate a patch
•During a scan, a template will be accessed using the VMware server credentials. Any individual credentials supplied for the template are ignored.
•You should supply online credentials for any virtual machine template that will be included in a patch deployment process. During the patch deployment process the template is converted to a virtual machine and powered on -- Ivanti Patch for Windows® Servers will need the supplied credentials in order to access the online virtual machine.
When deploying patches to a virtual machine template, the following VMware server permissions are required in order to manage snapshots and to perform the deployment:
•When you initiate a patch deployment to a virtual machine template, Ivanti Patch for Windows® Servers will do the following:
1.Convert the virtual machine template to an offline virtual machine.
2.(Optional) Take a snapshot if the patch deployment template is configured to take a pre-deployment snapshot.
3.(Optional) Delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
4.Push the patches to the offline virtual machine.
5.Reconfigure the following on the offline virtual machine:
•Disable the network adaptor'sConnect at power onoption. This is done so that the machine is isolated from the network when the patch process is run.
•If Sysprep is scheduled to run, disable it so it will not automatically configure the machine's operating system when the machine is first powered on.
6.Power on the virtual machine.
7.Install the patches.
8.Power down the virtual machine.
9.Reset the machine configuration to its original network connection and Sysprep settings.
10.(Optional) Take a snapshot if the patch deployment template is configured to take a post-deployment snapshot.
11.(Optional) Delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.
12.Convert the offline virtual machine back to a virtual machine template.
•The patch deployment template you use must not specify the use of a distribution server. The offline virtual machine will be disconnected from the network and unable to download the patches from the distribution server.
•The patch deployment template you use should not specify a pre-deploy reboot (the program will be unable to initiate the reboot because the machine will be offline) and it should always perform a post-deploy reboot (this is a "best practice" when deploying patches). For deployments to virtual machine templates it is recommended you use the Virtual Machine Standard deployment template.
•During a patch deployment, a virtual machine template that may normally be available only to an administrator will become visible to other users. This is because during the patch deployment process the template is temporarily converted to a virtual machine and powered on.
Was this article useful?
The topic was:
Not what I expected
Copyright © 2017, Ivanti. All rights reserved.