A common, and perhaps the most common, method for delivering software updates (for example, new software, patches to existing software, data files, antivirus signatures, and the like) to guest software of virtual machines is to treat the virtual machines as physical machines, and to use traditional software delivery techniques. These methods usually fall into two broad categories: agentless and agent-based methods.
In an agentless method, a central update server has access to a repository containing software update payloads. In addition, the central update server has knowledge of client computers on a network it manages. This knowledge is derived through manual user registration, automatic discovery, or a combination of both. The central update server periodically checks which client computers need which updates, if any. Whenever a client computer is in need of an update, the central update server attempts to connect to a guest operating system (OS) running on the client computer. If the connection succeeds, the central update server requests the guest OS to authorize it to carry out operations necessary to deploy the payload onto the client computer. The operations generally include at least (1) copying the payload from the repository over the network into a temporary area in the client computer's disk, and (2) unpacking, applying and/or executing the contents of the copied payload.
One disadvantage associated with the agentless method is unpredictability. For example, the central update server may not be able to connect to unreachable client computers (for example, those that are off the network, or on a different network), and client computers that have accounts and passwords unknown to the central update server, or client computers that have restricted incoming traffic through use of a firewall.
The agent-based method attempts to alleviate these issues arising in the agentless method by installing a specific agent on each client computer that needs to be managed. The central update server communicates with the agent, which then communicates with the local guest OS to coordinate the payload deployment process. The presence of the agent can result in better predictability because it establishes a pre-authorized channel between the central update server and the client computer. Also, by regularly obtaining status from agents, the central update server can detect, and try to resolve, any network or authorization problems before the next deployment operation.
Agents, however, introduce a new management problem because they must themselves be deployed, installed, and updated. It is also common for multiple software applications to provide their own update infrastructure, resulting in a proliferation of agents which compounds the problem. Moreover, there can be increased cost and complexity in deploying and managing additional agents on each virtual machine.
Note that when client computers are virtual machines, more points of potential failure are introduced. For example, a virtual infrastructure administrator needs to ensure that managed client computers are configured to attach to a virtual network that is accessible from the central update server. For example, a popular use of virtual machines is in test and development; in such configurations, virtual machines are commonly placed on isolated virtual networks that may not be accessible to the central update server. Even if a virtual machine's network is properly configured, the virtual machine's virtual NIC (network interface card) must also be set to a “connected” state to communicate on the network.
Also note that delivering software updates to guest software of virtual machines using a traditional server-to-client method can adversely affect network performance when multiple copies of the same software updates are sent to individual client computers. Specifically, it does not scale well to large numbers of client computers.