We've historically used MS SCCM to keep Windows servers patched. Our patch baseline has always been defined as all patches with severity ratings of "Critical" and "Security". Now that we're 80% virtualized, I'd like to use VUM to patch vm's, then take a second pass with SCCM to patch physical servers.
The problem I've encountered is that VUM and SCCM don't seem to agree on the baseline selection criteria. I haven't done a complete comparison between the two baselines, but it appears that SCCM's baseline set includes updates not found in VUM's baseline set. Since we use SCCM to report baseline compliance, I suspect vm's updated with VUM will still show as non-compliant.
Has anyone taken a look at this? Any thoughts on how to reconcile the two baseline sets?
Thanks.
TG