IT managers fight to keep up with ESX patches

System administrators could be struggling to keep up

An increasingly large number of patches are being issued for VMware's ESX Server, and system administrators could be struggling to keep up, so says a virtualization blog site

The authors, Ron Oglesby Director of Architecture-Virtualization Services at GlassHouse Technologies and Dan Pianfetti, principal consultant also at GlassHouse, undertook an analysis of the number of days between patches coming out of VMware for the supposedly robust ESX Server. It found that patches used to be issued on average every 60 days, but now take fewer than 20 days per patch.

The authors undertook the research after they started looking at a network issue some VMs were having. They then discovered the quantity of patches for system administrators to install for ESX Server.

"Whatever the reason it is starting to become a trend in some ESX environments; not all patches are installed by the admins," the authors wrote. "The reason for this is pretty simple; we already have patch Tuesday for Microsoft Servers we are dealing with, patches for applications that app owners install, SQL, Exchange, etc patches and of course desktops patching. Sorting through ESX patches is often a secondary job for Windows administrators tasked with maintaining ESX, and if ESX is working, patching it, falls to the bottom of the pile."

To be rational about their assertion, the authors started by looking at the available data on patches for ESX. They couldn't get data all the way back to ESX 1.5 since VMware's website has been revamped several times and those patches are no longer available.

However, they did find 68 patches for ESX 3.0.1, in the course of about a year. They were released in about 11 groups, at an average of about 7 patches per release date (per the VMware website).

Of those 68 patches; 17 were considered Critical patches (an average of 1.4 per release), 21 were security related (average of 1.75 per release) and 30 General patches averaging 2.5 patches per release date.

The authors also noticed that besides the sheer number of patches, the frequency at which patches were released has decreased significantly. They compiled a chart found here, that calculated average number of calendar days between patches by version of ESX Server.

The authors also researched a hypothetical server built on 2 July 2007, 5 months ago. Since being built on that day and put into production that server would have been put into maintenance mode and patched/updated eight times. This means the server would have been put into maintenance mode on an average of every 19 calendar days (less than three weeks) over 5 months.

The authors say that the point of their research is to discover what is behind the increase in the number and frequency of patches for ESX, which supposedly needs very little patching when compared to Windows.

They conclude that in VMware's quest to support more hardware, add more features, and keep Redmond at bay with their advanced technology, VMware seems to be focusing more on "which whiz-bang can we put in today", rather than "how can we make this the most stable enterprise platform available?"

They do not dispute the need for patching, but worry that sooner or later if this current trend continues, VMware will need to follow in Microsoft's footsteps with a Patch Tuesday.

"Obviously patching is a necessary evil, and maybe because we are so used to it in the Windows world, we have ignored this so far," the authors state. "But a patch every 18.75 days for our 'hypothetical' server is a bit much..."

"We haven't double-checked the numbers, but it is pretty obvious (the patches) are due to increasing popularity and relevance of virtualization," said Martin Niemer, VMware's senior product marketing manager for EMEA, speaking to Techworld. "More people are looking at, and exploiting the products, and we have taken action to improve product quality."

"It is important to remember that patching does not mean downtime," he added. Niemer also pointed out that version 3.5 comes with an upgrade manager, which is an automated tool for patching.

In September, VMware launched a new, embedded version of its flagship ESX Server hypervisor. "With the embedded product, we have removed the (Red Hat Enterprise Linux) service console," said Niemer, "which was responsible for about 50 percent of patches."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Jowitt
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?