ra2 studio - Fotolia
Patching virtual desktops brings up two potential issues that administrators don't have to worry about with PCs: You must be careful not to overload the network and make sure that patches for nonpersistent desktops don't disappear.
The first difference has to do with resource management. When patch management first became popular, administrators discovered that the process consumed an excessive amount of Internet bandwidth because each PC downloaded its own patches. Eventually, vendors came up with patch management tools that allowed admins to centrally download patches, and then distribute them to desktops to reduce bandwidth consumption.
This same philosophy applies to virtual desktop environments, but you must also plan around storage IOPS. If your company places all of its virtual desktops on a single storage array, you should avoid simultaneously patching all of them. That could cause the patch deployment version of a VDI boot storm, overwhelming the storage network with too many requests.
The other big difference between virtual and physical desktop patch deployment is that some companies use nonpersistent desktops, where the base virtual desktop images are read-only. Nonpersistent desktops are good for shared environments, because they don't retain user settings. But if you install patches using a mechanism such as Windows Update, you might lose those patches at the end of the user's session when the virtual desktop resets.
As such, you may need to apply patches at the desktop-image level, rather than applying patches directly to the end user's desktop operating system. You can then use these images to build new, fully patched virtual desktops. Of course, given the time and effort required to build and deploy brand new desktop images, some organizations do not apply virtual desktop patches as frequently as they might with physical PCs.
Obviously, every administrator has their own way of handling patch deployment, and there is no go-to technique that works best in 100% of VDI deployments. If your organization is transitioning from physical to virtual desktops, you can certainly continue using many of the same patch management strategies, but also keep in mind the storage and image considerations.
What are the biggest software patching myths?
An introduction to automated patch management
Why patching is critical to endpoint management
Dig Deeper on Virtual and remote desktop strategies
Related Q&A from Brien Posey
Public bucket access is a prevalent and discussed S3 security issue. However, there are several other important security measures to take, including ... Continue Reading
Tape still plays a key role in backup, including offline protection from ransomware. What are some key improvements that will keep tape backup ... Continue Reading
Cloud-based video surveillance storage can help organizations with compliance and retention. Be mindful, though, as high storage volume can quickly ... Continue Reading