When you manually install guest operating systems and applications on a virtual machine, you introduce a risk of misconfiguration. By using a template to capture a hardened base operating system image with no applications installed, you can ensure that all virtual machines are created with a known baseline level of security.

About this task

You can use templates that can contain a hardened, patched, and properly configured operating system to create other, application-specific templates, or you can use the application template to deploy virtual machines.

Procedure

Provide templates for virtual machine creation that contain hardened, patched, and properly configured operating system deployments.

If possible, deploy applications in templates as well. Ensure that the applications do not depend on information specific to the virtual machine to be deployed.

What to do next

You can convert a template to a virtual machine and back to a template in the vSphere Web Client, which makes updating templates easy. For more information about templates, see the vSphere Virtual Machine Administration documentation.

You can use vSphere Update Manager to automatically patch the operating system and certain applications in the template. See the vSphere Update Manager documentation.