I think SCVMM + HyperV may have some offline patching capabilities (not certain, though). Detecting in use, just thinking out loud, you can trigger scheduled tasks on startup/shutdown and logon/logoff events (and I bet screen lock/idle maybe). You might be able to leverage that to do some basic accounting.
Thanks, Brian Desmond w – 312.625.1438 | c – 312.731.3132 -----Original Message----- From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Monday, May 2, 2016 5:02 PM To: ntsysadm <ntsys...@lists.myitforum.com> Subject: [NTSysADM] Looking for some ideas All, $Company has a set of support engineers whose job it is to connect with customer sites which run our product. There are over 50 of these customer sites, and of course we hope to get more. Our systems at the customer sites are not normally the customers' main set of IT resources, but are usually critical to their operations, so their IT staffs have their own opinions on how to grant access for us to their environments. Therefore, each site has different requirements for remote access, having a multitude of different VPN units (Sonicwall, Juniper, Cisco, etc.) and requirements for different brands of Antivirus installation, and whether or not split tunneling is allowed, etc. Currently our support engineers are using 3 desktop machines with varied OSes, and using a set of VMs running in VMware player, but not nearly enough of them, so that there are frequent conflicts in the configurations of the VMs, what with different versions of VPN and AV software. I expect normally no more than 4 or 5 VMs to be in use at a time - and usually only 1 or 2. My thought currently is to have a set of VMs (one per customer) on a small cluster in a DMZ - our support engineers would be able to access the host, start the required VM, and be on their way. My solution starts to run into conceptual problems, however, when I think about how to power down VMs that aren't in use, and also how to wake up VMs periodically so that they keep patches and antivirus updates. Are there products our there for a given platform that will detect VMs not in use and shut them down, and that will also wake those not running, to let them get patches and AV updates, then shut them down? I'm platform agnostic - we run both VMware (production) and Hyper-V (DMZ) here, and I don't care which one I implement. Of course, whatever solution is proposed should detect machines in use, and not shut them down. Thoughts, input, suggestions? Thanks, Kurt
