Server update with Azure Update Management

Fanfare

Manually Deploying and Removing Agents

You can also connect servers to Azure Update Management by manually installing the agent. To do this, go to the download page for the agent in the Log Analytics workspace in Overview via Managing Windows and Linux Agents . You can download the agent here and pick up the IDs that are required to link it to Log Analytics and thus to Update Management. You can install the agent either manually or in a scripted process. An agent is also required on Linux servers. You can download it with the command:

wget https://raw.githubusercontent. com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w 3a25ad6b-cf60-47a9-a61c-6ba32aa70779 -s WF8SXVgDaDQXmF8NZbSBertX72H2fhLTGCbmyNfLIOTsZt53QshdNd1/2rOrI9TOlSVKp7qweD6qy7tfj8vbNm8ldg== -d opinsights.azure.com

In this example, the command includes the IDs that are required when installing on Linux. It looks different for each subscription. It is also possible to script the connection here. If you want to remove machines manually from Update Management, you just need to remove the agent with appwiz.cpl. The operation then also erases the server from the Log Analytics area. After refreshing the view, you can then control updates again without Azure Update Management.

Management in the Azure Portal

In the Azure Update Management web portal, you can use Update Management to see which servers are not up to date by clicking on the automation account created for Azure Update Management in the resource group where you integrated it and then selecting Update management . Here you will see all the servers that are not compliant (i.e., missing updates), as well as the compliant servers and other information (Figure 3).

Figure 3: The Azure portal tags servers without current updates as Non-compliant.

Connecting machines to Azure Update Management was the first step in providing patches to the respective servers. You can then create your own server groups with update deployment in Azure Update Management and release updates by rules on the basis of those groups, which means that you can orchestrate the rollout of updates without having to run local servers for patch management. As mentioned, it does not matter where the connected servers are located.

In the Update Management Overview , below the update management account, you will see several menu items for the individual computers that play an essential role in management. Under Machines you can first check out an overview of the connected computers and their important information, including the number of missing updates and whether the management agent on the server can currently connect to Azure. You will also see the installed operating system and whether the computer is an Azure VM or an external computer. The Missing updates tab shows you which patches are currently not yet installed on the computers. Azure Update Management also shows you the number of computers on which the updates are missing.

Creating Update Schedules

A deployment schedule automates update control on connected devices and lets you define schedules, enable specific updates, and specify the patches you want the servers to install automatically. You can create schedules from Schedule update deployment under Update management in the Update management Dashboard. First, give the schedule a name (e.g., Monthly Patchday ). After that, select whether it applies to Windows or Linux computers. You can create different schedules in this way.

Next, select the computer groups you want to connect. Under Groups to update , you define whether you want to link VMs from Azure or from outside. Groups can be filtered by subscription, resource group, storage location, and tag. After defining the groups, you then select the machines you want to update with the schedule.

One important aspect is the selection of individual update classifications. For example, traditional updates, rollups, security updates, critical updates, and feature packs are available for selection. You can exclude or include individual updates from the installation on the basis of Knowledge Base IDs.

You also specify the timing here. Besides one-off execution, you can perform regular updates. To create the update schedule, specify whether computers will reboot. As part of setting up a schedule, you also store any scripts you want to run on the computers before and after installing the patches here. Once saved, the update schedule is activated and the connected computer should appear as Compliant . Updates differ at this point between updates for Windows and Linux.

Deployment schedules are under Scheduled update deployments . You can create multiple schedules, and they will all appear at this point. Clicking on a deployment schedule lets you customize its settings. You can see in the History whether the deployment schedules are working on the computers and under Missing updates the exact update IDs. If you simply click on an update, Microsoft's support page opens with detailed instructions on the corresponding update. If you double-click on the line of an update, the window changes to the Log Analytics area for update management.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Manage updates and configuration with Azure Automation
    Microsoft Azure Automation provides a cloud-based service for handling automation tasks, managing updates for operating systems, and configuring Azure and non-Azure environments. We focus on VM update management and restarting VMs.
  • Private cloud with Microsoft Azure Stack
    Azure Stack is an Azure extension that implements an on-premises data center for consistent hybrid cloud deployments.
  • Monitor Active Directory with Azure AD Connect Health
    Microsoft cloud service Azure Active Directory Connect Health supports monitoring of Active Directory, especially in large and distributed environments, but the tool is also useful for monitoring hybrid landscapes using Azure Active Directory.
  • SQL Server 2022 and Azure
    SQL Server 2022 focuses on even closer collaboration between on-premises SQL servers and SQL functions in Azure, including availability and data analysis. We highlight the innovations of the database server and the interaction with versatile and powerful Azure services.
  • Azure AD and AD Domain Services for SMEs
    Azure Active Directory Domain Services is a Microsoft product, distinct from Active Directory and Azure Active Directory, that offers centralized directory services in the cloud in place of an often convoluted on-premises operation.
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.