ra2 studio - Fotolia
Patching virtual desktops brings up two potential issues that administrators don't have to worry about with PCs: You must be careful not to overload the network and make sure that patches for nonpersistent desktops don't disappear.
The first difference has to do with resource management. When patch management first became popular, administrators discovered that the process consumed an excessive amount of Internet bandwidth because each PC downloaded its own patches. Eventually, vendors came up with patch management tools that allowed admins to centrally download patches, and then distribute them to desktops to reduce bandwidth consumption.
This same philosophy applies to virtual desktop environments, but you must also plan around storage IOPS. If your company places all of its virtual desktops on a single storage array, you should avoid simultaneously patching all of them. That could cause the patch deployment version of a VDI boot storm, overwhelming the storage network with too many requests.
The other big difference between virtual and physical desktop patch deployment is that some companies use nonpersistent desktops, where the base virtual desktop images are read-only. Nonpersistent desktops are good for shared environments, because they don't retain user settings. But if you install patches using a mechanism such as Windows Update, you might lose those patches at the end of the user's session when the virtual desktop resets.
As such, you may need to apply patches at the desktop-image level, rather than applying patches directly to the end user's desktop operating system. You can then use these images to build new, fully patched virtual desktops. Of course, given the time and effort required to build and deploy brand new desktop images, some organizations do not apply virtual desktop patches as frequently as they might with physical PCs.
Obviously, every administrator has their own way of handling patch deployment, and there is no go-to technique that works best in 100% of VDI deployments. If your organization is transitioning from physical to virtual desktops, you can certainly continue using many of the same patch management strategies, but also keep in mind the storage and image considerations.
What are the biggest software patching myths?
An introduction to automated patch management
Why patching is critical to endpoint management
Dig Deeper on Virtual and remote desktop strategies
Related Q&A from Brien Posey
Without a Windows 11 registry backup, IT risks breaking the OS by making edits. Find out how easy it is to back up the Windows 11 registry. Continue Reading
While Google Cloud Storage has several limitations, these three are among the most prevalent -- but users have straightforward ways to get around ... Continue Reading
Unpredictable user behavior and boot storms can cause VDI resource usage fluctuations throughout the day. IT can take steps to identify and curtail ... Continue Reading