In 2003, Microsoft began regularly releasing security patches for Windows on the second Tuesday of each month - an event that became known as Patch Tuesday. In addition to the dozen Tuesdays each year, emergency “out-of-band” (OOB) patches can be released by Microsoft at any time. A few patches every month doesn’t sound so bad ... until you realize there is a serious problem that makes Patch Tuesday suck IT resources the way a Hoover eats dust. That problem is image sprawl.
What is Image Sprawl?
Image sprawl has been around since the dawn of the Windows PC. It occurs in physical desktop environments because of the many different hardware configurations and BIOS versions used by different manufacturers. The Windows operating system has these settings baked-in, so different Windows images are required for each hardware type. As you start buying desktops from different PC makers, you end up with more and more images to patch on Patch Tuesday.
Why is Image Sprawl Still an Issue with VDI and RDSH?
Most of you probably thought image sprawl would go away if you went virtual. Ha! Not so fast. IT organizations that try to scale Windows virtual desktop (VDI) or session host (RDSH) deployments often find that image sprawl is still a major problem. Here's why:
- App virtualization issues force IT pros to bundle apps with Windows.
Virtualizing apps is hard, and many IT organizations lack the time and skills required to do it efficiently. Also, many apps aren't compatible with legacy app virtualization. The only remaining option is to build apps into the Windows image. However, since IT doesn't want to license apps to users who don't need them, or rebuild all desktops and session hosts every time an app needs to be updated, they resort back to creating multiple gold images with different combinations of apps built-in.
- Every cloud platform adds image management overhead.
VDI requires Citrix XenDesktop, Microsoft RDS, or VMware Horizon. Shared sessions require Citrix XenApp or Microsoft RDSH. Apps and desktops can be published from the cloud with Amazon, Azure, or Google. You now have to keep Windows patched in more places than ever before. And every platform has its own tool and method of doing it.
- Image management is too difficult for Tier 1 IT or Helpdesk staff.
Anti-virus baked-in? EMR? Office? ERP? Printer drivers? Even if the app itself can be installed quickly, now you have to re-test the entire Windows image and keep track of all the variants. These highly manual processes are hard to transition to junior IT staff.
What All This Patching Costs You
In the past 12 months, Windows has required patching 13 times. On average, each patch takes 3 to 4 hours to install, deploy to a few test users, test, make changes, and re-deploy before going into full production. Assuming you have 25 gold images, patching them would require 1000+ hours per year, resulting in almost $80,000 in OPEX costs!
Experience Patch-Once Efficiency with Unidesk
More than 1200 Unidesk customers have put an end to clumsy baked-in application workarounds, wasteful image sprawl, and marathon Patch Tuesdays. With Unidesk’s “layer” building blocks, you only patch Windows and your apps once across your VDI, session, and cloud environments. One OS layer to manage means patch-once efficiency, massive OpEx savings, and time back for other IT projects.
Patch Tuesday, plus Baked-In Apps, plus Image Sprawl can cost an IT department hundreds of thousands of dollars a year. This infographic shows how much it costs to keep your Windows environment up to date, and how much you can save by being more efficient. Download your infographic today!