Fog Creek Software
Discussion Board




Running your server in a VM? Still need to patch..


Even if your host server's OS wasn't running IIS or anything, would you not still need to keep the host OS  up to date with patches?

dmooney
Tuesday, June 03, 2003

You would. Especially if it's security patches that affects the networking stack. Your guest OS might be relying on the host OS for firewalls, VPNs, and other network services. So you might end up having to update both. After all what's the use of running a secure and reliable guest os on a completely unhardened and unpatched host os?

Li-fan Chen
Tuesday, June 03, 2003

You would need far fewer patches, possibly zero.

The host VM is not running any applications. So you don't have to patch IIS (Apache) or Sendmail (Exchange).

The host VM can ignore incoming packets from ANYWHERE. It can be 100% firewalled.

The only thing you have to patch on the host VM is the bridged networking component itself.

Joel Spolsky
Tuesday, June 03, 2003

Wouldn't it be a good deal smarter to do this kind of thing with User Mode Linux?

Chris Davies
Tuesday, June 03, 2003

*  Recent Topics

*  Fog Creek Home