How To Handle Patch Management in vCloud Director

I have gotten this question a few times and I have seen it on a number of emails.  I wanted to take a moment to address this because there seems to be some confusion on just how to manage your deployed vApps, but also the ones in the vCloud Catalogs.  For the time being we can leave out the Fast Provisioning aspect and assume that everything has been deployed from a full copy.

Patching Deployed vApps

This is pretty simple and I am not sure why I see the question that often.  These are virtual machines, just like any other.  They are on the network and can be patched the same as you always did.  You can use agents, windows update, CRON jobs, whatever you like to patch them.  There is no magic in vCloud Director that helps you patch your vApps, but people seem to think there is.  Bottom line, business as usual here and there is nothing new you need to do.

Patching Catalog Items

Now this can be a little more tricky.  Many of us new to vSphere have been spoiled by the template functionality.  With that, the ability to flip a vShpere Template to a virtual machine, power it on, patch it, and flip it back to a template.  That is easy in vSphere, but not quite the same in vCloud Director.  Remember Catalog vApp templates are NOT marked as a vSphere template, they are in fact just a powered off virtual machine.  For us old guys, this is the same as it used to be in ESX 2.5 with Virtual Center.  The basic process is as follows:

1. Deploy the vApp Template as a new vApp to an “Operations Org”
2. Patch the vApp as needed
3. Remove any changes or customization that was run on deployment
4. Shutdown the vApp
5. Copy it back to the Published Catalog
6. Remove the original vApp Template

This is not so much different from the good old days of 2.5, where we deployed, patched, and saved.  I suspect this process may get easier as we move forward, but that remains to be seen.  For now, just remember it’s not impossible to keep your vApp templates up to date, you just need to work at it a little bit.  In fact I myself have to do this process to update my CentOS 6.2 templates in my vCloud Express to make sure they are up to date and ready for the next use.

This may seem obvious to some, but the fact I have seen and heard this being asked made me feel like I needed to post something.  I was just a little astounded by the question as it implied there was some magic mechanism in vCloud Director to patch you’re vCloud based virtual machines.  Of course you could probably use vCenter Orchestrator to workflow some of this once you have your basic processes figured out to handle a lot of vApp Templates.