VMware Protect - What Is It and How Can It Help You?
What if I told you that VMware had a patching and software update solution not only for virtual machines but also for your physical servers as well? You would probably tell me that I was wrong or thinking of another company. Likely, I would have said the same thing a month or so back. However, it was then that I was introduced to VMware Protect.
Certainly, every VMware admin has heard of VMware doing software updates. Back in vSphere 4.x, VMware Update Manager was a great product. In fact, I wrote a number of articles about it here, at virtualizationadmin.com. Since then, with the release of vSphere 5.x, VMware renamed their “VMware Update Manager” product (aka, “VUM”) to “vSphere Update Manager”, also aka “VUM”. The difference between the two products, vSphere 4.x VUM to vSphere 5.x VUM, is that the previous version would perform software patching of 3rd party software applications, across all virtual machines. The new “vSphere Update Manger”, with vSphere 5 and greater, just updates vSphere ONLY (as the name suggests). Thus, the latest version can update ESXi, vCenter, and VMware Tools.
If you are interested in learning about the latest version of vSphere Update Manager, I wrote all about it in this three part series:
- vSphere Update Manager (VUM) – Part 1 – Introduction
- vSphere Update Manager (VUM) – Part 2 – Installation
- and, vSphere Update Manager (VUM) – Part 3 – How To Use It
However, in this article, we aren’t talking about updating vSphere. We are talking about updating all third party software applications in the datacenter. It would be that you have tried something like Microsoft Software Update Services in the past but haven’t been that happy the fact that it only updates Microsoft applications as well as the number of limitations and inflexibility that it offers.
Fortunately, VMware purchased Shavlik Technologies. Shavlik was initially the partner that brought us VMware Go (and later Go Pro). The VMware Go products are still available but those are for new admins who don’t use vCenter and who need a very simple interface.
Shavlik’s solutions were not only turned into VMware Go and Go Pro, they have also been retooled and rereleased as VMware vCenter Protect.
VMware Protect (or just “Protect” as I will call it) is a solution for keeping not only virtual machines up to date with third party patches and updates but it also does the same thing for physical servers.
What VMware Protect Does
Here’s what VMware Protect offers you and your company:
- Asset Inventory – inventory all your assets, physical or virtual, so that you know what you truly have
- Patch Management – keep software applications current and secure to better protect your company’s IT infrastructure
- IT Scripts – not a scripter? That’s ok as the built-in scripting tools and library of pre-built scripts make it easy
- Anti-virus protection – use the same anti-virus tool across physical and virtual servers
- Power-On Management (Wake-on-LAN) – automatically powers down computers when not in use to save the company money
With most companies having virtualized more than 50% of their servers and with most of those servers being virtualized with VMware vSphere (according to Gartner Group and VMware.com at this news story), it makes perfect sense to use an application patch management tool that supports both physical and virtual servers.
VMware Protect Editions
There are actually three different versions of VMware Protect, broken down into standard, advanced, and essentials government edition. Here’s how the feature list between each breaks down:
Figure 1: VMware Protect Editions
The main difference between standard and advanced is that you don’t receive anti-virus, power management, and IT scripts. Even if your budget doesn’t allow for advanced, just having asset inventory and patching across virtual and physical infrastructures would be a huge benefits to every company out there.
What Makes vCenter Protect Unique
The first thing that makes Protect unique from other traditional physical server asset management and patching tools is that, on the virtual infrastructure, it can actually patch virtual machines with no (or little) downtime thanks to the use of snapshots as well as the ability to patch virtual machines that aren’t even powered on. Of course, there is always a danger of a server being powered off when patches roll out and then later being brought back online with a major security hole. VMware Protect doesn’t let that happen as it can patch the virtual machine no matter its state – virtual (on or off) or physical.
The benefit of vCenter Protect automatically using snapshots before applying patches to virtual machines is that, in a newly-applied patch or update can sometimes crash or corrupt systems. By automatically using patches, vCenter Protect Advanced allows roll back to snapshots immediately before patching, stores backups of all VMs and enhances disaster recovery capabilities.
Taking vCenter Protect for a Spin
I wanted to try vCenter Protect for myself (I love trying anything that is new and from VMware). VMware offers a free evaluation of it and, surprisingly, NO, you don’t even have to be using VMware vSphere for virtualization. You could just have physical server or you might be using Hyper-V or XenServer and you can still use VMware vCenter Protect. The evaluation form for vCenter Protect Advanced is here.
Of course, one of the most important features is whether or not it fulfills the basic need of asset management and inventory. Here, you can see Protect inventorying a Windows host that is a member of a Windows workgroup (not a domain).
Figure 2: Asset Management of a Server’s Local Storage
As you can see, Protect also inventories software that is installed on the managed host (physical or virtual), showing the applications, install version, language, install date, and more.
Figure 3: Software Asset Management in Protect
Gartner says that unpatched vulnerabilities are the primary infection method of network threats, and that for 90% of exploits, a patch was previously available. That’s why it’s so important to keep your Microsoft and other third party patches up to date.
Figure 4: vCenter Protect Scan Summary Results
Patches are what prevent attackers from being able to exploit holes in your OS and applications. However, in June 2011, Gartner reported that 1 and 276 email messages had a virus. Properly applied patches are going to help prevent viruses (as viruses exploit holes) but an equally important security measure in physical and virtual infrastructures is to use anti-virus software. vCenter Protect Advanced includes anti-virus for physical and virtual infrastructures.
One thing that is important to point out here are some agentless anti-virus solutions for vSphere that utilize the vShield Endpoint protection API. Those solutions don’t load anti-virus agents onto each virtual machine (also called host-based). Today, vCenter Protect’s anti-virus solution isn’t agentless. While the potential downside may be that it uses agents, on the plus side, vCenter Protect’s anti-virus does cover both physical and virtual servers (something that the agentless anti-virus solutions can’t do).
Besides anti-virus and asset management, another solution offered by Protect Advanced is IT Scripts. This includes dozens of pre-built scripts for automating and scheduling common IT management tasks (e.g. deleting temp files, defragging hard drives).
The last major feature of vCenter Protect is power management for physical and virtual servers. According to VMware, in the U.S. alone, more than $2.8 billion is wasted annually by not powering down computers. Powering off computers at night and on weekends can save the typical customer up to $60 per machine per year. vCenter Protect Advanced can schedule power downs of your servers when they aren’t needed and then remotely bring them back online when needed or when patches need to be applied.
I enjoyed learning and testing vCenter Protect. It’s amazing what a mature product it is and what all it can do for both physical and virtual infrastructures (of course, that’s because it was bought from Shavlik and it has been around for a long time under another name). Now, with further integration with VMware vSphere, Protect makes a great addition for management and protection of your physical and virtual infrastructure. More information (and the free trial) on vCenter Protect can be found at the VMware vCenter Protect homepage.