Patch for Windows® Servers, powered by Shavlik

> Quick Start > How to Manage Your Virtual Machines > Notes About Virtual Machine Templates

Notes About Virtual Machine Templates

General Notes

For information on using virtual machine templates in patch scans, asset scans, and patch deployments, see Roadmap of Tasks.

The type of virtual machine template (server template, workstation template, etc.) does not matter, they are all supported by Ivanti Patch for Windows® Servers.

Only virtual machine templates that are hosted on a VMware server are supported by Ivanti Patch for Windows® Servers. The templates are added to a machine group using the Hosted Virtual Machines tab. Virtual machine templates that reside on individual workstations are not supported.

A unique icon () is used to identify virtual machine templates. You will see this icon when adding a template to a machine group and when viewing scan results in Scan View and in Machine View.

As with anything that involves components on a network, errors can occur if connections go bad, if servers are shut down, if a template is modified while being accessed by Ivanti Patch for Windows® Servers, etc. In general, the templates should not be touched at any time during the scanning or patch deployment process.

When you initiate a patch or an asset scan of a virtual machine template, Ivanti Patch for Windows® Servers will scan the template in its current state and will report the results the same way it does for virtual machines and physical machines.

During a scan, a template will be accessed using the VMware server credentials. Any individual credentials supplied for the template are ignored.

You should supply online credentials for any virtual machine template that will be included in a patch deployment process. During the patch deployment process the template is converted to a virtual machine and powered on -- Ivanti Patch for Windows® Servers will need the supplied credentials in order to access the online virtual machine.

Patch Deployments

  • When deploying patches to a virtual machine template, the following VMware server permissions are required in order to manage snapshots and to perform the deployment:

VirtualMachine.State.CreateSnapshot

VirtualMachine.State.RemoveSnapshot

VirtualMachine.Provisioning.MarkAsTemplate

VirtualMachine.Provisioning.MarkAsVM

When you initiate a patch deployment to a virtual machine template, Ivanti Patch for Windows® Servers will do the following:

1.Convert the virtual machine template to an offline virtual machine.

2.(Optional) Take a snapshot if the patch deployment template is configured to take a pre-deployment snapshot.

3.(Optional) Delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.

4.Push the patches to the offline virtual machine.

5.Reconfigure the following on the offline virtual machine:

Disable the network adaptor'sConnect at power onoption. This is done so that the machine is isolated from the network when the patch process is run.

If Sysprep is scheduled to run, disable it so it will not automatically configure the machine's operating system when the machine is first powered on.

6.Power on the virtual machine.

7.Install the patches.

8.Power down the virtual machine.

9.Reset the machine configuration to its original network connection and Sysprep settings.

10.(Optional) Take a snapshot if the patch deployment template is configured to take a post-deployment snapshot.

11.(Optional) Delete old snapshots if one of the snapshot thresholds defined on the patch deployment template is exceeded.

12.Convert the offline virtual machine back to a virtual machine template.

The patch deployment template you use must not specify the use of a distribution server. The offline virtual machine will be disconnected from the network and unable to download the patches from the distribution server.

The patch deployment template you use should not specify a pre-deploy reboot (the program will be unable to initiate the reboot because the machine will be offline) and it should always perform a post-deploy reboot (this is a "best practice" when deploying patches). For deployments to virtual machine templates it is recommended you use the Virtual Machine Standard deployment template.

During a patch deployment, a virtual machine template that may normally be available only to an administrator will become visible to other users. This is because during the patch deployment process the template is temporarily converted to a virtual machine and powered on.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other