You can get this tool from http://www.microsoft.com/downloads/details.aspx?FamilyId=8408ECF5-7AFE-47EC-A697-EB433027DF73&displaylang=en
To use this tool, your environment must has
a) VMM 2008 or VMM 2008 R2
b) Patch management system such as WSUS 3.0 SP1 or 3.0 with SP2 or SCCM
c) Active Directory Domain Services and DNS. All servers and virtual machines must be domain joined.
This tool can update the following guest virtual machine
a) Windows 7
b) Windows XP with SP2 or SP3
c) Windows Server 2003 with SP2
d) Windows Server 2003 R2 with SP2
e) Windows Vista with SP1 or SP2
f) Windows Server 2008 with SP2
g) Windows Server 2008 R2
Your supported host server must be running
a) Virtual Server 2005 R2 SP1
b) Hyper V
c) Hyper V R2
Now let into how this stuff work!
On the VMM Server side:-
1. Install Offline Virtual Machine Servicing Tool on the same server as VMM administrator console.
2. Set Windows Powershell execution policy on the VMM to remotesigned.
Type:-
get-executionpolicy
By default, it is set to "Restricted".
Change to remotesigned by typing this command "set-executionpolicy remotesigned"
3. Download PSExec from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx . Put the files into
4. Store a Virtual machine into VMM Library
5. Maintenance host groups created.
On the Virtual machine side:-
1. DHCP is enabled
2. Integration services component is installed
3. Enable the following Windows Firewall exceptions:
a) File and Printer Sharing
b) Windows Management Instrumentation (WMI)
c) Remote Administration
d) Incoming Echo Request for ICMP v4/v6.
4. Agent for software update management system installed
On Domain controller side:-
1. If using WSUS, you need to define group policy for intranet update service location
On the WSUS/SCCM server side:-
1. Approved an update and update has downloaded.
Once all the above requirement has set, you can start to configure Offline Virtual Machine Servicing Tool.
Task 1: Configure Offline Virtual Machine Servicing Tool
1.Click on Configure Tool on Action pane.
2.Enter VMM Server computer name and WSUS server/ SCCM Server computer name.
Make sure the VMM, SCCM or WSUS server is online.
3. Select maintenance host server that available for servicing job.
4. Enter the time-out limit for moving a virtual machine and updating a virtual machine in minutes. Specify enough time for the VM to perform updating.
Task 2: Create a Virtual Machine Groups
This process is optional. But it is recommended when you have a group of Virtual machine that you would like to patch.
1. Click on Virtual Machine Group and select New Group.
2. Enter Virtual machine group name and select your offline Virtual machine which stored in VMM Library.
Task 3: Create Servicing jobs
Servicing jobs perform the actual work of updating virtual machine. You need to setup new servicing jobs each time you would like to keep your virtual machine compliant.
1.Click on Servicing Jobs and select New Servicing Jobs
2. Enter the servicing jobs name and select software update management system.
3.Select Virtual Machine Group
4.Select Network that you would like Servicing jobs to use. For better security, "Use an isolated virtual LAN".
5. Select Maintenance hosts that you would like to use for Servicing Jobs.
6. Enter an account with administrative permission for Virtual machine, VMM Server and software update management server.
7. You can run the servicing job immediately or schedule the servicing jobs.
8. Click Finish to complete the servicing jobs.
When Servicing Jobs is running, virtual machine in VMM Library is deploy to maintenance hosts and start it. Software update is trigger and update process is running from software update management server to virtual machine. After the update is complete, the updated virtual machine is shut down and return its to the VMM Library.