VMware Update Manager

VMware Logo

Accomplishments

  • Designed the Update Manager plug-in, the first plug-in to the vSphere architecture, from scratch
  • Worked on this project through three releases

The Scenario:

It’s 2006 and VMware is growing  faster than any tech company (except Oracle) in recent history.  The core enterprise product, vSphere, (known then as VI3) was in its third version.  IT admins the world over are utilizing this desktop application in their datacenters to manage their growing virtual infrastructure.  VMware continues to add new, amazing functionality that these users desperately need.

VMware Update Manager (casually known as VUM) is a plug-in to VMware vSphere™, an enterprise-level infrastructure management tool.  VUM is an automated patch management solution that addresses one of the most significant pain points for every IT department – tracking patch levels and applying security and bug fixes.

The Problem:

The number of virtual machines being managed by vCenter is growing by leaps and bounds.  It is becoming necessary to provide a tool that allows the IT administrator to patch and update both their GSX and ESX servers (hosts) as well as the operating systems running on the virtual machines (known as Guest Operating Systems or GOS).

How can we provide a tool that allows the user to patch both hosts and virtual machines that is easy to use?

Use Cases:

User: IT or security admin whose job it is to maintain their department’s ESX hosts.

  • Create baselines (determine which updates admin is interested in – all patches, critical only, all critical except ones admin knows has bugs, a specific set, etc.)
  • Run security scan against baseline (ignore patches admin doesn’t care about)
  • Remediate host of guest OS to apply patches and bring to compliance

What We Explored:

When this project first began in 2006, it was still undecided what level of integration was needed.  Myself and a colleague were asked to mock up some ideas for both a loosely and tightly integrated solution.

Design 1: Tight Integration  – Scans are first-class objects that live in the inventory (on left – along with datacenters, hosts, and virtual machines.)  main view shows virtual machines with a security status column.

VUM Tight Integration - Separate Section and First Order Objects for Baselines

VUM Tight Integration – Separate Section and First Order Objects

Design 2: Loose Integration – Update status is a tab on a VM or host object showing a column for compliant and non-compliant VMs for a given baseline.  This tab is only visible if the VUM plug-in is installed.

VUM Loose Integration - Object Tab and Second Order Objects

VUM Loose Integration – Object Tab and Second Order Objects

The Solution:

The company decided to provide VUM as a plug-in, design 2.  I created a clickable mockup using Microsoft PowerPoint that allowed the user to explore, in a limited way, what this plug-in would look like and how it would behave.

How this solution fit into the product:

The plug-in model worked well with the product because it just added an additional tab to the existing host and VM views and was easy to see it’s relationship to the object.  The downside of the plug-in model was that the user couldn’t define the baselines at an object level, they had to be done outside the confines of the inventory so they could be applied to any object.  Based on the user testing, we added a link between the definition window and the object windows so the user could easily go back and forth.

This was a good solution because:

  • The compliance view is rich with information
  • The newly introduced concept of “baselines” was well received, however, the term itself was unclear (used differently in other products)
  • Users liked the concept as a whole – the more information we can provide and the more complete it is, the better they liked it.

Other Study findings:

  • Users expressed the desire for more accurate and complete information at the expense of speed.  This information helped the engineers make completeness/speed trade-offs.
  • Users wanted the ability to print the compliance report.

Explorations and Future Releases

Following are some examples of explorations tried on later releases.

1 & 2 Early Graphical Designs – showing overall picture of compliance (2007)

1 & 2 Early Graphical Designs – showing overall picture of compliance (2007)

 

3 & 4  Overall Compliance with choice to select specific baselines (2008)

3 & 4 Overall Compliance with choice to select specific baselines (2008)

 

5 & 6  Browser and portal designs (2010)

5 & 6 Browser and portal designs (2010)

© Copyright 2011-2013 - Deanna McCusker