Fog Creek Software
Discussion Board

Running your server in a VM? Still need to patch..

Even if your host server's OS wasn't running IIS or anything, would you not still need to keep the host OS  up to date with patches?

Tuesday, June 3, 2003

You would. Especially if it's security patches that affects the networking stack. Your guest OS might be relying on the host OS for firewalls, VPNs, and other network services. So you might end up having to update both. After all what's the use of running a secure and reliable guest os on a completely unhardened and unpatched host os?

Li-fan Chen
Tuesday, June 3, 2003

You would need far fewer patches, possibly zero.

The host VM is not running any applications. So you don't have to patch IIS (Apache) or Sendmail (Exchange).

The host VM can ignore incoming packets from ANYWHERE. It can be 100% firewalled.

The only thing you have to patch on the host VM is the bridged networking component itself.

Joel Spolsky
Tuesday, June 3, 2003

Wouldn't it be a good deal smarter to do this kind of thing with User Mode Linux?

Chris Davies
Tuesday, June 3, 2003

*  Recent Topics

*  Fog Creek Home