In my recent article about the realities of managing a virtualised infrastructure, I mentioned the need to patch offline virtual machine images. Whilst many offline images will be templates, they may still require operating system, security or application updates to ensure that they are not vulnerable when started (or when a cloned VM is created from a template).
Now Microsoft has a beta for a tool that will allow this – imaginatively named the Offline Virtual Machine Servicing Tool. Built on the Windows Workflow Foundation and PowerShell, it works with System Center Virtual Machine Manager and either System Center Configuration Manager or Windows Server Update Services to automate the process of applying operating system updates through the definition of servicing jobs. Each job will:
- “Wake” the VM (deploy and start it).
- Trigger the appropriate update cycle.
- Shut down the VM and return it to the library.
Although I haven’t tried this yet, it does strike me that there is one potential pitfall to be aware of – sysprepped images for VM deployment templates will start into the Windows mini-setup wizard. I guess the workaround in such a scenario is to use tools from the Windows Automated Installation Kit (WAIK) to inject updates into the associated .WIM file and deploy VMs from image, rather than by cloning sysprepped VMs.