How to install and manage Azure Stack Updates
At itnetX, we help customers to implement as well as to operate Azure Stack. One part of operating Azure Stack is keeping it up-to-date. This means installing Microsoft Azure Stack Updates, hotfixes as well as OEM update packages like drivers and firmware. In this blog post I will cover all the information you need to keep your Azure Stack up-to-date.
Why should you update your Azure Stack
This may sound like a simple question, but a lot of people ask for it. First of all, Microsoft and the hardware vendors are obviously delivering quality fixes and security updates to keep Azure Stack stable and secure. But Microsoft also adds new functionality with their updates packages to keep up with the rapid cloud development on Azure. This is important if you want that your Azure Stack stays consistent with Azure in terms of functionality.
Another important reason to stay current is to stay supported. You are allowed to be behind two major versions of Azure Stack, which means 2-3 months. You basically should update monthly, to make sure that you are secure and stable, however there are reasons why you might have to defer an update. For example, this can happen for some companies, when they are in a freeze period where they are not allowed to do changes in their systems. If you are more than 3 major versions behind, your Azure Stack is considered out of support and will not be supported from Microsoft, until you have the at least required version installed.
You can read more about the Azure Stack servicing policy on the Azure Stack documentation site.
Updates for the Azure Stack Integrated System
As mentioned before, there are basically three types of updates to Azure Stack. The monthly Azure Stack Update Packages from Microsoft, Hotfixes and OEM updates.
- Microsoft software updates – Microsoft is responsible for the end-to-end servicing lifecycle for the Microsoft software update packages. These packages can include the latest Windows Server security updates, non-security updates, and Azure Stack feature updates. These update packages are non-cumulative updates and need to be installed one after the other. These updates are fully automated and will update the complete Azure Stack infrastructure.
- OEM hardware vendor-provided updates – Azure Stack hardware partners are responsible for the end-to-end servicing lifecycle (including guidance) for the hardware-related firmware and driver update packages. In addition, Azure Stack hardware partners own and maintain guidance for all software and hardware on the hardware lifecycle host.
- Microsoft hotfixes – Microsoft provides hotfixes for Azure Stack that address a specific issue that is often preventative or time-sensitive. Each hotfix is released with a corresponding Microsoft Knowledge Base article that details the issue, cause, and resolution. Hotfixes are downloaded and installed just like the regular full update packages for Azure Stack. Other the the major updates, Azure Stack hotfixes are cumulative per iteration.
|Release||Cumulative||Where to find|
|Microsoft Software Updates||Monthly (4th Tuesday of very month)||No||Release Notes|
|OEM Hardware Vendor Updates||Depending on OEM||Depends||OEM Website|
|Microsoft Hotfixes||When needed||Yes||Knowledge Base article|
By the way, you can only update Azure Stack multi-node systems, the Azure Stack Development Kit needs to be redeployed.
How to find out about Azure Stack Updates
For major Microsoft Azure Stack update packages you will find them on the Azure Stack release notes page
Microsoft provides an RSS feed where you find the latest updates (major and hotfixes) listed. This is especially handy for Azure Stack hotfixes, since they are not regularly released.
|Azure Stack Update Feed|
You can also always find this feed here, just select “Azure Stack” from the drop-down here.
For the OEM updates you will need to check with your OEM, how you will get notified about new updates.
Planning the Azure Stack Update
Even most of the updates do not affect tenant workloads or portal operations, in some cases they can. Because of that Microsoft recommends that you are scheduling a maintenance window, if possible during non-business hours, and notify your users of the scheduled maintenance.
The next step is to read the release notes for the updates and the hotfixes. In these you will find the new features, which issues are fixed, and which are known issues after the installation. You will also find some planning steps with prerequisites, known issues and actions during the update process and post-update steps like for example hotfixes which you should install after that update, if there are any.
Before you start the update, you should also check for any active alerts in Azure Stack as well as run Test-AzureStack which runs some basic validation of your Azure Stack integrated system.
How to update Azure Stack
When you have finished the planning steps you will be able to update your Azure Stack. To download the update you can use the Azure Stack Updates Downloader tool.
UPDATE: If you are running Azure Stack 1807 or higher in a connected installation. Azure Stack will download the update by it self. However, you will still need to trigger the update process.
This allows you to download the source from a machine which has internet access and copy it to an internal network share or USB drive to update your Azure Stack in disconnected as well as connect scenarios.
The Azure Stack update usually contains three file types.
When the download is finished the update you will need to upload the update files to the update storage account called “updateadminaccount” in the Azure Stack portal. You can find this process documented on the Microsoft documentation page: Apply updates in Azure Stack
After that, your updated will show up as available in the Azure Stack portal. and you can then start the update from the portal. The process of the update is completely automated. The update resource provider will take care of checking the health of the infrastructure before and after a component gets updated. It will also automatically move workloads from one Azure Stack node to another one before updating the host and it will also process the update of all components in the right order.
How to Monitor Azure Stack Updates
During the update process, you can monitor the update in several different ways. One of the most common ones is using the Azure Stack Administration portal. Here you can also download the log file which you will need if you have any issues during the update.
Quick tip: The file output is a JSON file on a single line, if you want to make it more human readable, open it in Visual Studio Code right click the text and select “format document”.
Links to Azure Stack Update resources
I hope this blog gave you a little bit of an overview how updates in Azure Stack work. Microsoft is always improving Azure Stack as well as the Azure Stack update process, so we will see some changes and improvements in the future.
Updating Azure Stack is one of the services we offer at itnetX in our Managed Azure Stack solution. So if you are interested in having an Azure Stack appliance in your datacenter, but managed and operated by itnetX, feel free to contact me.
Thanks to Justin Incarnato, Microsoft Azure Stack PM which owns Azure Stack Updates, for the help.