Tag: Updates

Azure IaaS VM enable Update Management

How to Manage Updates for Azure IaaS VMs

As a lot of customers are moving their workloads to Azure and specifically moving virtual machines to Azure Infrastructure-as-a-service (IaaS), the question is how do I manage my Azure virtual machines (VMs) efficiently. The great thing about Azure IaaS, it is not just another virtualization platform. Azure IaaS also offers a lot of other benefits versus classic virtualization. Azure IaaS and Azure Management provide a lot of functionality to it make it more efficient to run and manage virtual machines. One of them is Azure Update Management. In this blog post, I am going to show you how you can efficiently manage updates for your Azure IaaS VMs.

Overview and benefits Azure Update Management ☁

The Azure Update Management solution is part of Azure Automation. And with Azure Update Management you can manage operating system updates for your Windows and Linux computers in Azure, in on-premises environments, or in other cloud providers. That is right, it is not only for your Azure VMs, it also works with all your environment and provides you with a single pane of glass for your Update Management. It allows you to quickly assess the status of available updates on all virtual machines and servers, and manage the process of installing required updates for servers.

  • Azure Update Management works with Azure IaaS VMs, on-premise servers and even servers running at other cloud service providers.
  • Update Management supports Linux and Windows servers
  • It is directly integrated into the Azure portal and onboarding of Azure VMs is very simple.
  • It works with existing update sources like Microsoft Update, WSUS or on Linux with private and public update repositories.
  • Azure Update Management can be integrated into System Center Configuration Manager. You can learn more about Azure Update Management and System Center Configuration Manager integration on Microsoft Docs.
  • You can onboard new Azure VMs automatically to Update Management in multiple subscriptions in the same tenant.
Architecture

Architecture

How to onboard Azure IaaS VMs ✈

Onboarding Azure VMs to Azure Update Management is fairly simple and there are many different ways you can enable Update Management for an Azure VM.

One thing I want to highlight is, that you can set up automatic enablement for future virtual machines. With that Azure virtual machines, you create in the future, will automatically be added to the Update Mangement solution.

Onboarding

Onboarding

Since this blog post is all about managing updates for Azure VMs, I will keep it short, but if you want to add servers running on-premises or at other service providers, you can have a look how you can configure Azure Update management from Windows Admin Center. If you are running Azure Stack, you can also easily add your Azure Stack VMs to the Update Management solution.

Update Assesment 📃

Azure Update Management Compliant Assessment

Azure Update Management Compliant Assessment

After you have enabled and connected your virtual machines, Azure Log Analytics and Update Management start to collect data and analyze it and creates a continuous assessment of your Azure VM infrastructure and the additional servers you added. It will let you know which servers are compliant and which updates are missing. In the Azure documentation for Azure Update Management, you can find the schedules and time new updates will be added to the assessment.

Manage and deploy updates to Azure VMs 🔧

After you know which servers are compliant or not, you can schedule an update deployment, to update your servers.

Update Azure VMs using Update Deployment

Update Azure VMs using Update Deployment

An update deployment configuration is done very easily.

  1. Enter a name for the update deployment
  2. Select which operating system you want to target with the deployment (Linux or Windows)
  3. Choose the machines you want to update. You can select specific Azure virtual machines, non-Azure machines, groups, AD, WSUS, SCCM groups and filters.
  4. Select the Update Classifications you want to deploy
  5. Include or exclude updates
  6. Schedule the deployment. You can also create recurring update deployments for example for monthly patching.
  7. Configure pre- and post-scripts
  8. Configure the maintenance window size
  9. Configure the reboot update after the updates are installed

View update deployments ✔

Update Azure VMs Status

Update Azure VMs Status

During and after the duration of the update deployment, you can see an overview of the deployment, which updates on which machine were installed and if they were successful.

Pricing – What does it cost? 💵

Now I know what you are thinking now, this is great, but I am sure Microsoft is making me pay for this. No! there are no charges for the service, you only pay for log data stored in the Azure Log Analytics service. You can find more pricing information here.

Conclusion and Learn more 🎓

Update Management is a great solution to keep your environment up to date. If you want to know more, check out Microsoft Docs or follow this tutorial to onboard Azure VMs. There is also a very good blog series by Microsoft MVP Samuel Erskine. If you don’t have Azure today, create an Azure Free account.

Create free Azure Account ☁

Create your Azure free account today and get started with 12 months of free services!

If you have any questions, let me know in the comments.



Azure Stack VM Update Management

Using Azure Update Management on Azure Stack

At Microsoft Ignite 2018, Microsoft announced the integration of Azure Update and Configuration Management on Azure Stack. This is a perfect example how Azure services from the public cloud can be extended into your datacenter using Azure Stack. Azure Update and Configuration Management brings Azure Update Management, Change Tracking and Inventory to your Azure Stack VMs. In the case of Azure Stack, the backend services and orchestrator like Azure Automation and Log Analytics, will remain to run in Azure, but it lets you connect your VMs running on Azure Stack.

Azure Update and Configuration Managemen Schemat

Today, the Azure Update and Configuration Management extension, gives you the following features:

  • Update Management – With the Update Management solution, you can quickly assess the status of available updates on all agent computers and manage the process of installing required updates for these Windows VMs.
  • Change Tracking – Changes to installed software, Windows services, Windows registry, and files on the monitored servers are sent to the Log Analytics service in the cloud for processing. Logic is applied to the received data and the cloud service records the data. By using the information on the Change Tracking dashboard, you can easily see the changes that were made in your server infrastructure.
  • Inventory – The Inventory tracking for an Azure Stack Windows virtual machine provides a browser-based user interface for setting up and configuring inventory collection.

If you want to use Azure Update Management and more on VMs on-premise (without Azure Stack) or running at another Cloud Provider, you can do this as well. Have a look at Windows Admin Center, which allows you to directly integrate with Azure Update Management. However, there will be a difference in pricing.



Download Azure Stack Update

How to install and manage Azure Stack Updates

At itnetX, we help customers to implement as well as to operate  Azure Stack. One part of operating Azure Stack is keeping it up-to-date. This means installing Microsoft Azure Stack Updates, hotfixes as well as OEM update packages like drivers and firmware. In this blog post, I will cover all the information you need to keep your Azure Stack up-to-date.

Why should you update your Azure Stack

Azure Stack Update

This may sound like a simple question, but a lot of people ask for it. First of all, Microsoft and the hardware vendors are delivering quality fixes and security updates to keep Azure Stack stable and secure. But Microsoft also adds new functionality with their updates packages to keep up with the rapid cloud development on Azure. This is important if you want that your Azure Stack stays consistent with Azure in terms of functionality.

Another essential reason to stay current is to remain supported. You are allowed to be behind two major versions of Azure Stack, which means 2-3 months. You basically should update monthly, to make sure that you are secure and stable. However, there are reasons why you might have to defer an update. For example, this can happen for some companies, when they are in a freeze period where they are not allowed to do changes in their systems. If you are more than three major versions behind, your Azure Stack is considered out of support and will not be supported from Microsoft, until you have the at least required version installed.

You can read more about the Azure Stack servicing policy on the Azure Stack documentation site.

Updates for the Azure Stack Integrated System

Azure Stack Operations

As mentioned before, there are three types of updates to Azure Stack. The monthly Azure Stack Update Packages from Microsoft, Hotfixes, and OEM updates.

  • Microsoft software updates – Microsoft is responsible for the end-to-end servicing lifecycle for the Microsoft software update packages. These packages can include the latest Windows Server security updates, non-security updates, and Azure Stack feature updates. These update packages are non-cumulative updates and need to be installed one after the other. These updates are fully automated and will update the complete Azure Stack infrastructure.
  • OEM hardware vendor-provided updates – Azure Stack hardware partners are responsible for the end-to-end servicing lifecycle (including guidance) for the hardware-related firmware and driver update packages. In addition, Azure Stack hardware partners own and maintain guidance for all software and hardware on the hardware lifecycle host.
  • Microsoft hotfixes – Microsoft provides hotfixes for Azure Stack that address a specific issue that is often preventative or time-sensitive. Each hotfix is released with a corresponding Microsoft Knowledge Base article that details the issue, cause, and resolution. Hotfixes are downloaded and installed just like the regular full update packages for Azure Stack. Other then the major updates, Azure Stack hotfixes are cumulative per iteration.
 ReleaseCumulativeWhere to find
Microsoft Software UpdatesMonthly (4th Tuesday of very month)NoRelease Notes
OEM Hardware Vendor UpdatesDepending on OEMDependsOEM Website
Microsoft HotfixesWhen neededYesKnowledge Base article

By the way, you can only update Azure Stack multi-node systems, and the Azure Stack Development Kit needs to be redeployed.



Windows Server Semi-annual Channel Overview

Windows Server release information – Windows Server Semi-Annual Channel and LTSC

As mentioned a couple of months ago, Microsoft has updated the Windows Server servicing model. The Semi-Annual Channel is a twice-per-year feature update release with 18-month servicing timelines for each release and the Long Term Servicing Channel (LTSC) will be support for 5+5 years as we know it form previous Windows Server releases as Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. This is similar servicing model as the Windows 10 client.

In short:

The Semi-Annual Channel provides opportunity for customers who are innovating quickly to take advantage of new operating system capabilities at a faster pace, both in applications – particularly those built on containers and microservices – and in the software-defined hybrid datacenter.

Customers also have the option to continue using the Long-Term Servicing Channel releases, which continue to be released every 2-3 years. Each Long-Term Servicing Channel release is supported for 5 years of mainstream support and 5 years of extended support.

You can find more information about the Windows Server Servicing changes in my blog post: What is next for Windows Server and System Center with a faster release cadence

Today Microsoft released a page where you can get an overview about the Windows Server versions and their support end dates.

Windows Server current versions by servicing Overview

This will quickly get you an overview about the Windows Server releases.

 

 



Install Updates on Nano Server

How to install Updates on Nano Server

Microsoft just released Windows Server 2016, which comes with a new deployment option called Nano Server. Nano Server is a very small version of Windows Server which addresses a lot of different issues. Now after the release of Windows Server 2016 Microsoft is releasing the first updates for Windows Server 2016 and Nano Server.

Microsoft released the first Cumulative Update for Windows Server 2016 was released on September 26, 2016 (KB3192366) and the prerequisite for this and future Cumulative Update is the Servicing Stack Update for Windows 10 Version 1607 (KB3176939).

Download

You can download the .msu updates from the Windows Server Catalog:

Folder Structure

Just to make it easier for you, here is the folder structure I use:

  • C:\NanoServer – The Folder where I put all my files and folders to create and manage NanoServer. I copied the NanoServerImageGenerator PowerShell module to this folder
    Nano Server Folder
  • C:\NanoServer\Files – Copied all the files from the Windows Server 2016 ISO file
    Nano Server ISO Folder
  • C:\NanoServer\Updates – Downloaded .msu files and extracted .cab files
    Nano Server Update Folder
  • C:\NanoServer\Images – Created Nano Server Images

Extract the .cab files from the .msu file

For the most update scenarios you will need the .cab update package , which is included in the .msu file. To extract the .cab file from the .msu file you can use the expand command line utility.

In my case renamed the .msu files to for easier identification and copied both files to C:\NanoServer\Updates.

nano Server Epxand MSU Update Files

expand .\KB3176936.msu -F:* C:\NanoServer\Updates\
 
expand .\KB3192366.msu -F:* C:\NanoServer\Updates\

Integrate Updates into a new Nano Server Image

If you create a new Nano Server Image you can simply include the latest updates and cumulative updates while building the image. With that you have a new fresh NanoServer Image which will be fully patched after the first boot.

New Nano Server Image with Updates

Import-Module .\Files\NanoServer\NanoServerImageGenerator\NanoServerImageGenerator.psm1
 
New-NanoServerImage -MediaPath .\Files -BasePath .\Base -TargetPath .\Images\NanoVM.vhd -MaxSize 20GB -DeploymentType Guest -Edition Datacenter -ComputerName "Nano01" -ServicingPackagePath ".\Updates\Windows10.0-KB3176936-x64.cab", ".\Updates\Windows10.0-KB3176936-x64.cab"

Integrate Updates into an existing Nano Server Image

If you already have an existing Nano Server Image you can also updates this one.

Add Updates to Nano Server Image

Import-Module .\Files\NanoServer\NanoServerImageGenerator\NanoServerImageGenerator.psm1
 
Edit-NanoServerImage -TargetPath .\Images\NanoServer.wim -ServicingPackagePath ".\Updates\Windows10.0-KB3176936-x64.cab", ".\Updates\Windows10.0-KB3176936-x64.cab"

Integrate Updates into an VHD or VHDX (offline)

If you have VHD or VHDX templates and you want to integrate new updates you can do this as well using the DISM PowerShell module. You can also update existing Virtual Machines with this if you shutdown the VM (Offline Patching).

Mount-WindowsImage -ImagePath .\Images\NanoVM.vhdx -Path .\Mount -Index 1
 
Add-WindowsPackage -Path .\Mount -PackagePath  C:\NanoServer\Updates
 
Dismount-WindowsImage -Path .\Mount -Save

Install Updates on a running Nano Server (online)

If you have a running Nano Server in a virtual machine or on a physical host you can also use the downloaded .cap files and the DISM PowerShell module to install the patches on a Nano Server. For that you will need to use PowerShell remoting to connect to the Nano Server.

Install Updates on Nano Server

# Copy Update Files to Nano Server
$pssession = New-PSSession -VMName "NanoServer" -Credential (Get-Credential)
Invoke-Command -Session $pssession -ScriptBlock {md C:\Update}
Copy-Item -ToSession $pssession -Path C:\NanoServer\Updates\*.cab -Destination C:\Update\ -Recurse
 
# Install the servicing stack update first (reboot needed)
Enter-PSSession -ComputerName "NanoServer" -Credential (Get-Credential)
Add-WindowsPackage -Online -PackagePath C:\Update\Windows10.0-KB3176936-x64.cab
Restart-Computer
 
# Install update after reboot
Enter-PSSession -ComputerName (Read-Host "Enter Nano Server IP address") -Credential (Get-Credential)
Add-WindowsPackage -Online -PackagePath C:\Update\Windows10.0-KB3192366-x64.cab
Restart-Computer

If the Nano Server is running inside a VM, you can also use PowerShell Direct to connect directly to the Virtual Machine from the Hyper-V host.

Download and Install Updates on a running Nano Server from Windows Update (online from Windows Update)

If you have a running Nano Server VM or physical host, you can use the Windows Update WMI provider to download and install the update from Microsoft Update.

Enter-PSSession -ComputerName "NanoServer" -Credential (Get-Credential)
 
# Scan for updates
 
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}
$result.Updates
 
# Install all updates
 
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
Invoke-CimMethod -InputObject $ci -MethodName ApplyApplicableUpdates
 
Restart-Computer
 
# List Installed Updates
 
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=1";OnlineScan=$true}
$result.Updates

Download and Install Updates on a running Nano Server from Windows Update using the Azure Remote Server Management Tools

You can also use a graphical UI to update Nano Server directly from the Remote Server Management Tools.

Install Updates on Nano Server from Server Management Tools SMT

You can get more information about Updating Nano Server on this Microsoft blog post.

 

 

 

 



Windows Server

List of Recommend Hotfixes and Updates for Hyper-V Network Virtualization (HNV)

I already made some post where I list the websites to recommended hotfixes and updates for Clusters, Hyper-V and File Server such as the Scale-Out File Server for Hyper-V over SMB. Now Microsoft also has an official list for Recommended hotfixes, updates, and known solutions for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments. Which will list hotfixes for Hyper-V, Windows Server and System Center related to Network Virtualization.

You can find the List here on the Microsoft Support Site: KB2974503 Recommended hotfixes, updates, and known solutions for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments



Windows Server

Recommend Hotfixes and Updates for Hyper-V and Failover Clusters

I the last couple of releases I always posted the pages where you could get the list of Recommended Hotfixes and Updates for Windows Server 2012 Failover Clusters and List of Hyper-V and Failover Cluster Hotfixes for Windows Server 2012. I want to upgrade the post with the links for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2. So you can find all updates from a single site.

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Feel free to share this page and I always recommend to get the latest hotfixes when you are deploying a new Hyper-V or Scale-Out File Server environment. And definitely check also Aidan Finns blog from time to time where he does some deeper look at the Knowledge Base articles for Hyper-V.