ra2 studio - Fotolia

How do physical and virtual desktop patch deployment differ?

Patching virtual desktops and PCs isn't exactly the same. VDI puts more strain on your storage system, and read-only virtual desktop images often erase patches at the end of a user's session.

Patching virtual desktops brings up two potential issues that administrators don't have to worry about with PCs: You must be careful not to overload the network and make sure that patches for nonpersistent desktops don't disappear.

The first difference has to do with resource management. When patch management first became popular, administrators discovered that the process consumed an excessive amount of Internet bandwidth because each PC downloaded its own patches. Eventually, vendors came up with patch management tools that allowed admins to centrally download patches, and then distribute them to desktops to reduce bandwidth consumption.

This same philosophy applies to virtual desktop environments, but you must also plan around storage IOPS. If your company places all of its virtual desktops on a single storage array, you should avoid simultaneously patching all of them. That could cause the patch deployment version of a VDI boot storm, overwhelming the storage network with too many requests.

The other big difference between virtual and physical desktop patch deployment is that some companies use nonpersistent desktops, where the base virtual desktop images are read-only. Nonpersistent desktops are good for shared environments, because they don't retain user settings. But if you install patches using a mechanism such as Windows Update, you might lose those patches at the end of the user's session when the virtual desktop resets.

As such, you may need to apply patches at the desktop-image level, rather than applying patches directly to the end user's desktop operating system. You can then use these images to build new, fully patched virtual desktops. Of course, given the time and effort required to build and deploy brand new desktop images, some organizations do not apply virtual desktop patches as frequently as they might with physical PCs.

Obviously, every administrator has their own way of handling patch deployment, and there is no go-to technique that works best in 100% of VDI deployments. If your organization is transitioning from physical to virtual desktops, you can certainly continue using many of the same patch management strategies, but also keep in mind the storage and image considerations.

Next Steps

What are the biggest software patching myths?

An introduction to automated patch management

Why patching is critical to endpoint management

Dig Deeper on Virtual and remote desktop strategies

Enterprise Desktop
Cloud Computing