ra2 studio - Fotolia
How do physical and virtual desktop patch deployment differ?
Patching virtual desktops and PCs isn't exactly the same. VDI puts more strain on your storage system, and read-only virtual desktop images often erase patches at the end of a user's session.
Patching virtual desktops brings up two potential issues that administrators don't have to worry about with PCs: You must be careful not to overload the network and make sure that patches for nonpersistent desktops don't disappear.
The first difference has to do with resource management. When patch management first became popular, administrators discovered that the process consumed an excessive amount of Internet bandwidth because each PC downloaded its own patches. Eventually, vendors came up with patch management tools that allowed admins to centrally download patches, and then distribute them to desktops to reduce bandwidth consumption.
This same philosophy applies to virtual desktop environments, but you must also plan around storage IOPS. If your company places all of its virtual desktops on a single storage array, you should avoid simultaneously patching all of them. That could cause the patch deployment version of a VDI boot storm, overwhelming the storage network with too many requests.
The other big difference between virtual and physical desktop patch deployment is that some companies use nonpersistent desktops, where the base virtual desktop images are read-only. Nonpersistent desktops are good for shared environments, because they don't retain user settings. But if you install patches using a mechanism such as Windows Update, you might lose those patches at the end of the user's session when the virtual desktop resets.
As such, you may need to apply patches at the desktop-image level, rather than applying patches directly to the end user's desktop operating system. You can then use these images to build new, fully patched virtual desktops. Of course, given the time and effort required to build and deploy brand new desktop images, some organizations do not apply virtual desktop patches as frequently as they might with physical PCs.
Obviously, every administrator has their own way of handling patch deployment, and there is no go-to technique that works best in 100% of VDI deployments. If your organization is transitioning from physical to virtual desktops, you can certainly continue using many of the same patch management strategies, but also keep in mind the storage and image considerations.
What are the biggest software patching myths?
An introduction to automated patch management
Why patching is critical to endpoint management
Dig Deeper on Virtual and remote desktop strategies
Related Q&A from Brien Posey
Pros and cons of building up VDI in the current market
Determining how to host and manage desktops for an entire organization is a major task, so business leaders need to understand the modern VDI market ... Continue Reading
What are the Microsoft 365 password requirements?
When IT administrators manage passwords for Microsoft 365 accounts in Azure AD, they can deploy and remove critical policies that can improve overall... Continue Reading
Can composable infrastructure and computational storage mix?
'Composable' and 'computational' are often said in the same breath, but how exactly are they related -- or not? While there are differences, a ... Continue Reading