It is a security best practice recommendation to ensure that all your VMs are fully patched before they are turned on in production. One way you can do this is to create a designated " maintenance host " that is off the production network, but has access
