An increasingly large number of patches are being issued for VMware's ESX Server, and system administrators could be struggling to keep up, so says a virtualization blog site Virtualization.info.
The authors, Ron Oglesby Director of Architecture-Virtualization Services at GlassHouse Technologies and Dan Pianfetti, principal consultant also at GlassHouse, undertook an analysis of the number of days between patches coming out of VMware for the supposedly robust ESX Server. It found that patches used to be issued on average every 60 days, but now take fewer than 20 days per patch.
The authors undertook the research after they started looking at a network issue some VMs were having. They then discovered the quantity of patches for system administrators to install for ESX Server.
"Whatever the reason it is starting to become a trend in some ESX environments; not all patches are installed by the admins," the authors wrote. "The reason for this is pretty simple; we already have patch Tuesday for Microsoft Servers we are dealing with, patches for applications that app owners install, SQL, Exchange, etc patches and of course desktops patching. Sorting through ESX patches is often a secondary job for Windows administrators tasked with maintaining ESX, and if ESX is working, patching it, falls to the bottom of the pile."
To be rational about their assertion, the authors started by looking at the available data on patches for ESX. They couldn't get data all the way back to ESX 1.5 since VMware's website has been revamped several times and those patches are no longer available.
However, they did find 68 patches for ESX 3.0.1, in the course of about a year. They were released in about 11 groups, at an average of about 7 patches per release date (per the VMware website).
Of those 68 patches; 17 were considered Critical patches (an average of 1.4 per release), 21 were security related (average of 1.75 per release) and 30 General patches averaging 2.5 patches per release date.
The authors also noticed that besides the sheer number of patches, the frequency at which patches were released has decreased significantly. They compiled a chart found here, that calculated average number of calendar days between patches by version of ESX Server.
The authors also researched a hypothetical server built on 2 July 2007, 5 months ago. Since being built on that day and put into production that server would have been put into maintenance mode and patched/updated eight times. This means the server would have been put into maintenance mode on an average of every 19 calendar days (less than three weeks) over 5 months.
The authors say that the point of their research is to discover what is behind the increase in the number and frequency of patches for ESX, which supposedly needs very little patching when compared to Windows.
They conclude that in VMware's quest to support more hardware, add more features, and keep Redmond at bay with their advanced technology, VMware seems to be focusing more on "which whiz-bang can we put in today", rather than "how can we make this the most stable enterprise platform available?"
They do not dispute the need for patching, but worry that sooner or later if this current trend continues, VMware will need to follow in Microsoft's footsteps with a Patch Tuesday.
"Obviously patching is a necessary evil, and maybe because we are so used to it in the Windows world, we have ignored this so far," the authors state. "But a patch every 18.75 days for our 'hypothetical' server is a bit much..."
"We haven't double-checked the numbers, but it is pretty obvious (the patches) are due to increasing popularity and relevance of virtualization," said Martin Niemer, VMware's senior product marketing manager for EMEA, speaking to Techworld. "More people are looking at, and exploiting the products, and we have taken action to improve product quality."
"It is important to remember that patching does not mean downtime," he added. Niemer also pointed out that version 3.5 comes with an upgrade manager, which is an automated tool for patching.
In September, VMware launched a new, embedded version of its flagship ESX Server hypervisor. "With the embedded product, we have removed the (Red Hat Enterprise Linux) service console," said Niemer, "which was responsible for about 50 percent of patches."