How does Azure Update Management handle patching?
Microsoft built Azure Update Management for administrators who require a centralized tool to automate patches for systems both on premises and in the cloud.
Patching takes time to do properly; otherwise, there's a chance a misstep could incapacitate critical systems.
Today, administrators have to apply security updates to operating systems in on-premises and cloud environments, making this work even more of a challenge. Microsoft developed Azure Update Management, a sub-service of Azure Automation, to automate patching and track the status of each system. Administrators can manage updates for Windows and Linux computers in the data center, and virtual machines in Azure or other cloud providers.
How Azure Update Management works
Administrators access Azure Update Management via the Azure Automation account or the Windows Admin Center to find available updates, schedule installation and verify the proper deployment of updates. The service connects with Azure Log Analytics to handle several tasks, including making assessments and checking update availability.
Azure Update Management works with different configurations to perform assessments and deploy updates, including the Microsoft Monitoring Agent for Windows and Linux systems; PowerShell Desired State Configuration for Linux systems; Automation Hybrid Runbook Worker, Microsoft Update or Windows Server Update Services for Windows machines.
Azure Update Management checks the state of each system, where each system should be, and what security and feature updates are available for the system.
Agents on each Windows system run a status scan every 12 hours. Linux systems run a scan every three hours. Azure Log Analytics ingests these reports to record each system's status.
Finally, each system synchronizes with an update source. Windows systems use Microsoft Update or Windows Server Update Services. Linux systems use a public or local repository. The data from the update sources represents where each system should be.
Azure Update Management uses runbooks for deployment
Azure Update Management compares each system's status to the available updates and then reports the differences. Administrators can then schedule deployments on individual systems or a group of systems.
When administrators schedule updates, Azure Automation creates a master runbook to update systems in Azure. The master runbook also starts a child runbook on each local or non-Azure system to install the required updates.
Azure Update Management scans systems just before the scheduled deployment to confirm the system needs the update. After deployment, the service scans the systems to determine whether other updates or patches are required.
Dig Deeper on Windows Server OS and management
Related Q&A from Stephen J. Bigelow
What is data separation and why is it important in the cloud?
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading
NAS vs. object storage: What's best for unstructured data storage?
There are advantages and disadvantages to using NAS or object storage for unstructured data. Find out what to consider when it comes to scalability, ... Continue Reading
Do hypervisors limit vertical scalability?
Knowing hardware maximums and VM limits ensures you don't overload the system. Learn hypervisor scalability limits for Hyper-V, vSphere, ESXi and ... Continue Reading