Windows Updates Delivery Solutions

Question

Windows Updates Delivery Solutions

Razzi29 341

Hoping for some guidance here. I am looking for couple of best alternatives for managing patching on Windows Servers and Linux, but primarily Windows. I have a mix of different environments, I have a bunch on Azure cloud, a few workloads on AWS and a few more on-prem running on VMware. The primary requirements is that I need to be able to set it and forget it but also be able to fine tune to exclude feature packls or SPs, etc. Ability to email report if possible, and a single pane of glass will be nice. All these environments are isolaed, meaning different Ad/ domains with no trust or connectivity to eachother. I am fully aware of a few options such as GPO, SCOM, Intune, ManageEngine; but none of those are options we want to expore. As per Azure, does anyone know if the Azure Windows UPdate offering can work on-prem as well, and how good is it and steps to configure ? Thanks community.

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Stanislav Zhelyazkov 29,586 MVP Volunteer Moderator

Hi,
Azure Update management Center (Preview) is the latest service to be able to patch servers. For servers located outside of Azure you can use Azure Arc for servers to have the same functionality you have for Azure servers. You can create schedules to apply updates to apply specific categories of updates. Update management Center provides single pane of glass on updates across multiple servers no matter if they are located in Azure or outside of it. On reporting you will have to make something custom to query the data and e-mail the results. Azure offers different kind of services for automation like Azure Automation, Logic App or Functions. You can also check Azure Update Management which works in similar way, but it requires creating Azure Automation and Log Analytics resources. Azure Update management Center (Preview) will replace Azure Update Management at some point but currently missing some features that are available in the latter service.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Razzi29 341 Reputation points

2022-10-26T17:31:12.087+00:00

Thanks, @Stanislav Zhelyazkov I will further look into this offering.
Stanislav Zhelyazkov 29,586 Reputation points MVP Volunteer Moderator

2022-10-27T06:00:56.98+00:00

Great. One additional thing. Azure Update Management does not rely on Azure Arc for servers but still can update servers in non-Azure environments. There you install agent manually.
Razzi29 341 Reputation points

2022-10-31T13:12:56.23+00:00

Just have an additional question here.. I have SQL clusters, what is the best approach to update the OS layer on those? I am doing those manually by changing roles and applying updates. I want to be able to automate this process.
Stanislav Zhelyazkov 29,586 Reputation points MVP Volunteer Moderator

2022-10-31T13:21:43.627+00:00

Hi,
It is always better when you have new questions to open new threads but I will provide an answer to this anyway. When you have clusters it is best to have two or more deployment schedules which do not overlap. Will give example with 2 node cluster. In such case the start time + maintenance window if the first deployment schedule does not overlaps with the start time of the second deployment schedule. With the first deployment schedule you patch the first node and with the second the second one. You also will need to use pre/post tasks. These tasks basically execute scripts. The scripts can move the resources between nodes so when you update the first node there are not active resources on it and when you update the second one there are no active resources on it.

Share via

Windows Updates Delivery Solutions

0 additional answers

Your answer