When Steve and I were on tour talking about Microsoft Virtualization, we were asked similar questions about Server 2008’s virtualization several times: “Since this is running on Windows, you still need to patch it, right ?”. To which the answer is “Yes”. If Hyper-V is running on server core there are fewer things to be patched; and we’ve reduced the number of patches which need re-boots. Windows VMs will need patching at the same time and with proper management the whole process can be streamlined. But there is no getting away from it. A few people seemed to think that VMware doesn’t need patching.
Virtualization.info quoted me the a few days ago and I’d like to return the compliment. They have a story “Patch Tuesday for VMware” which explains how a couple of VMware experts realised that “it is starting to become a trend in some ESX environments; not all patches are installed by the admins” … “this is VMware’s ESX server! The product that we used to tell people didn’t need patching that often since there wasn’t much code to have to patch.”
It makes an interesting read – so go read it!. Although they point a server built 5 months ago would have been patched 8 times (once every three weeks), the authors say they’re not out “to beat VMware over the head for patching/updating their product.” so it would be a cheap shot for me to do so. But I will observe that getting patching right for all the products you use is a key part of any IT managers job. Don’t get to thinking there are any you can ignore, whatever their advocates might have you believe.