It seems the only time I come here to post anything is when I am procrastinating on something else. For example, right now I should be working on my slide deck for my talk coming up next Saturday. If you are interested in watching me hopefully not suck too bad, come to BSidesCT 2016 at Quinnipiac University next Saturday July 2016. Some evil person decided to put me right after the Keynote (no pressure). So come see me if you want to learn how to deal with the business moving apps and services into Microsoft Azure from an information security standpoint.
If you want more up-to-date InfoSec write-ups feel free to check out my other blog over at NutmegInfoSec.com. There are some interesting things about malicious JavaScript downloaders and replacing humans with technology. For now it is back to my slide deck.
-Dewser
Showing posts with label Updates. Show all posts
Showing posts with label Updates. Show all posts
Sunday, July 10, 2016
Wednesday, April 30, 2014
Keeping Your Hyper-V Environment Patched
In the last post I covered a brief overview of Hyper-V vs ESXi. Today I will share with you my experiences in keeping this environment patched. Hold onto your seats, this is going to be a wild ride...
So before I go further, I would like to send you over to the following blog - http://windowsitpro.com/hyper-v/easily-maintain-hyper-v-template-image. John Savill writes up the process pretty well. His example hints at just doing this in Hyper-V and excludes mention of SCVMM. This isn't too far off though since, even with SCVMM, performing certain tasks on either the Hyper-V host or the Hyper-V manager app is still much easier than trying to do it in SCVMM. Also I found that even with the Hyper-V Management feature installed on SCVMM, the powershell modules still don't work correctly. At Step 6, make sure you choose the Generalize option for SYSPREP. This will make it so the image can be used by SCVMM during the Create Virtual Machine from template. Otherwise you will get a big ol' error during a build. Step 8 I ran from the Hyper-V host as it was just easier to keep everything local. Once the export completed, I copied the file over to the SCVMM Library server directory so it can be connected to the Template Image. Once that is all set, you should be good to go for building more updated VMs. It would be best to incorporate this into your patch management process and perform this on a monthly basis. I'm sure if you are smarter than I, you can automate much of this process. I am also sure this is documented somewhere in some Technet blog but probably requires that you are using System Center for patching rather than WSUS.
The next post I will have up some steps to easily deploy a VM from template through a script...
So before I go further, I would like to send you over to the following blog - http://windowsitpro.com/hyper-v/easily-maintain-hyper-v-template-image. John Savill writes up the process pretty well. His example hints at just doing this in Hyper-V and excludes mention of SCVMM. This isn't too far off though since, even with SCVMM, performing certain tasks on either the Hyper-V host or the Hyper-V manager app is still much easier than trying to do it in SCVMM. Also I found that even with the Hyper-V Management feature installed on SCVMM, the powershell modules still don't work correctly. At Step 6, make sure you choose the Generalize option for SYSPREP. This will make it so the image can be used by SCVMM during the Create Virtual Machine from template. Otherwise you will get a big ol' error during a build. Step 8 I ran from the Hyper-V host as it was just easier to keep everything local. Once the export completed, I copied the file over to the SCVMM Library server directory so it can be connected to the Template Image. Once that is all set, you should be good to go for building more updated VMs. It would be best to incorporate this into your patch management process and perform this on a monthly basis. I'm sure if you are smarter than I, you can automate much of this process. I am also sure this is documented somewhere in some Technet blog but probably requires that you are using System Center for patching rather than WSUS.
The next post I will have up some steps to easily deploy a VM from template through a script...
Subscribe to:
Posts (Atom)