A good solution is to create so-called maintenance hosts. A maintenance host is a machine that you reserve for patching stored VM images before they are released to production. The notion of maintenance hosts is also supported in VMM.
Microsoft also provides a special tool called the Offline Virtual Machine Servicing Tool to help customers adequately patch VM images. The Offline Virtual Machine Servicing Tool manages the workflow for updating large numbers of offline VMs. The tool works with VMM and with Microsoft's enterprise-level software update management systems WSUS and SCCM. You can learn more about how to set up maintenance hosts in the TechNet article "Planning for Hosts." You can download the Offline Virtual Machine Servicing Tool from Microsoft.
Ensuring High Availability
Patching your VMs is important, but it's equally important to ensure the high availability of your virtualization servers and their VMs. Clusters are a typical answer to the high-availability question. In Server 2008, Microsoft includes important changes for its Windows-based failover cluster support, WFC. The WFC enhancements include simplifications in cluster setup and configuration, and enhancements in the areas of reliability, stability, scalability, networking, and security. In Server 2008, Microsoft also makes it easy to leverage WFC for building clustered Hyper-V servers.
If you're not familiar with clustering terminology, a failover cluster is a group of computers that work together to provide high availability for applications and services. The clustered computers (known as cluster nodes) are interconnected via physical cables and software. If one of the cluster nodes fails, the cluster logic ensures that another cluster node automatically starts to provide the service. The process of switching between nodes is called cluster failover.
Using Server 2008 WFC you can, for example, set up a two-node cluster for the Hyper-V parent partition and configure the VMs as cluster resources. The VMs can then fail over to a different node when one of the cluster nodes fails. More information about how to set up a clustered Hyper-V server is available in the TechNet article "Hyper-V: Using Hyper-V and Failover Clustering."
You can also benefit from WFC for performing maintenance and servicing tasks on your Hyper-V server's parent partition (the host OS) with minimal production disruption. For example, if you want to apply the latest security patches on the active node of your Hyper-V cluster, you can manually fail over the cluster to the passive node. Microsoft refers to this as Hyper-V Quick Migration. For more information about Quick Migration, see the Microsoft white paper "Quick Migration with Hyper-V." Even though WFC Quick Migration is nice from a high-availability point of view, it's not the same as migrating a machine in its running state. Microsoft includes live migration support in the Server 2008 R2 version of Hyper-V. Live migration can also be done with other virtualization solutions, such as VMware's VMotion or XenServer's XenMotion.
Virtually Secure
I've given you a basic understanding of Server 2008 Hyper-V architecture and illustrated how Microsoft designed Hyper-V with security and defense-in-depth in mind. I also pointed out some areas in which securing VMs is somewhat different or more complex than securing physical machines.
This isn't an exhaustive list of the security measures you should take for your virtualization servers. For example, I didn't emphasize that on a VM, it's as important to run antivirus and antispyware tools, and to keep these tools up-to-date, as it is on your physical machines. Microsoft plans to include an exhaustive list in an upcoming release of the Windows Server 2008 Security Guide. In the meantime, this article and the links to further information give you numerous tools to better protect your Hyper-V virtualization infrastructure.
Related Reading: