Hey guys - wondering what you do in this instance? We have a few hundred VMs all split between all completely different application types - some vendor systems, some in house apps, some client facing, and so on. We're working in a patch management strategy but with the applications and their owners able to dictate their own schedules it becomes kind of cumbersome - even more so when vendors say they only support RHEL 5.8 and nothing higher
We're doing patch management through satellite but its mostly one offs and as needed. Ideally a strategy is put in place where we can get updates rolled out without impacting applications. Maybe we just push out security updates and no kernel updates?
[link][10 comments]