Virtualizing out of monthly Patch Tuesday problems

The monthly Patch Tuesday event contains a less-than-average haul of security vulnerability patches, with Exchange Server, Internet Explorer, Hyper-V, and Windows 10 subject to one or more of the 55 flaws found by researchers over the last month in the Microsoft canon.

The patch treadmill is familiar to any systems administrators or helpdesk staff wherever big-name software is deployed: Adobe and Oracle also time their CVE (common vulnerabilities and exposures) announcements for the same day each period, making this week a busy one for many IT professionals.

Some organizations prefer to outsource this most menial yet important task in running fleets of servers and endpoints to an MSP or specialist service provider. There are options, too, for at least partial automation of the work by third-party software.

End-users tend to notice little difference in the day-to-day operations of their computing platforms around this part of the month – assuming that the administrators and back-office staff are on the ball. But for many IT decision-makers, the resource drain that running the more common software instances entails is very noticeable.

Me, walking into this week like…#ColonialPipeline #PatchTuesday #salesforceoutage pic.twitter.com/AyRODi3Bv7

— Rachel Pepple is vaccinated 👏👏👏 (@rachelpepple) May 11, 2021

Increasing numbers of IT managers are exploring the possibilities of outsourcing their users’ desktops to third parties, thereby adding the daily operating environment to the virtualized space already commonplace in the form of VPSs (virtual private servers) that run services remotely.

Known as VDC or VDE (virtual desktop computing or virtual desktop environments), single instances of a medium-powered Windows desktop tend to cost between $60 to $110 per month, per user, with economies of scale in effect as numbers rise. Although virtual machines with one processor and a couple of gigabytes of RAM are sufficient for simpler server deployments, Windows 10 Pro machines tend to need more muscle to give employees an experience that isn’t constantly frustrating.

Annual fees for virtualized Windows desktops are – as a general rule of thumb – about the same as the retail price for a new, reasonably-specced desktop or laptop. Providers of these types of services include the big-name cloud providers like AWS (Workspaces), and of course, Microsoft Azure. Smaller, independent players include (this list is by no means exhaustive):

Kamatera – with nine global points of presence and offering various remote servers in Linux and Windows variants in addition to Windows 10, Windows 8, and Linux desktops.

V2 Cloud – a Windows 10-only offering, also with nine data centers around the globe.

Shells – primarily a Linux desktop virtual machine provider, with distributions in the usual flavors (Debian, Ubuntu, Manjaro) and KDE, Gnome, and XFCE desktop environments. Shells also offers a bring-your-own Windows license platform and the option to upload and deploy users’ own disk images.

In most Patch Tuesday cases (the exception being Shells’ Windows-only-if-you-absolutely-must model), cybersecurity issues around the Microsoft desktop product are dealt with by the provider, with SLAs with regards to availability and uptime available for enterprise customers. Office 365 can usually be pre-installed, with license activation left to the commissioning organization, or rolled into the monthly fee.

Of course, all providers’ server availability would be a moot point if any user’s internet connections were to fail, but with the possibility of working from anywhere on just about any connected device, all but the most prolonged outage should cause little discomfort for most. Having said that, the desktop experience on a small smartphone screen plus a 3G connection are hardly ideal.

At the higher end of the computing spectrum, many cloud providers and data center operators are offering racks of GPUs designed for machine learning and heavy computation uses, as well as more “traditional” containerized app platforms and virtual servers. Virtualized desktops in the modern sense have yet to find mass-market appeal, but the paradigm is familiar to most IT professionals: mainframe plus terminal, thin client plus server, and latterly, cloud-based virtual desktop plus whatever connects to the internet.

The market for VDC is still emerging, and it seems that until the new remote/on-site working situation settles down over the next few months, a clear trend might not emerge. But using virtualized desktops for large Windows fleets is one way out a good deal of the monthly Patch Tuesday maelstrom.