Update IoT Edge for Linux on Windows

Applies to: yes icon IoT Edge 1.1 Other versions: IoT Edge 1.3, IoT Edge 1.4

Applies to: IoT Edge 1.3 checkmark IoT Edge 1.3 IoT Edge 1.4 checkmark IoT Edge 1.4 Other versions: IoT Edge 1.1

As the IoT Edge for Linux on Windows (EFLOW) application releases new versions, you'll want to update your IoT Edge devices for the latest features and security improvements. This article provides information about how to update your IoT Edge for Linux on Windows devices when a new version is available.

With IoT Edge for Linux on Windows, IoT Edge runs in a Linux virtual machine hosted on a Windows device. This virtual machine is pre-installed with IoT Edge, and has no package manager, so you can't manually update or change any of the VM components. Instead, the virtual machine is managed with Microsoft Update to keep the components up to date automatically.

The EFLOW virtual machine is designed to be reliably updated via Microsoft Update. The virtual machine operating system has an A/B update partition scheme to utilize a subset of those to make each update safe and enable a roll-back to a previous version if anything goes wrong during the update process.

Each update consists of two main components that may get updated to latest versions. The first one is the EFLOW virtual machine and the internal components. For more information about EFLOW, see Azure IoT Edge for Linux on Windows composition. This also includes the virtual machine base operating system. The EFLOW virtual machine is based on Microsoft CBL-Mariner and each update provides performance and security fixes to keep the OS with the latest CVE patches. As part of the EFLOW Release notes, the version indicates the CBL-Mariner version used, and users can check the CBL-Mariner Releases to get the list of CVEs fixed for each version.

The second component is the group of Windows runtime components needed to run and interop with the EFLOW virtual machine. The virtual machine lifecycle and interop is managed through different components: WSSDAgent, EFLOWProxy service and the PowerShell module.

EFLOW updates are sequential and you'll require to update to every version in order, which means that in order to get to the latest version, you'll have to either do a fresh installation using the latest available version, or apply all the previous servicing updates up to the desired version.

To find the latest version of Azure IoT Edge for Linux on Windows, see EFLOW releases.

Important

This is a Public Preview version of Azure IoT Edge for Linux on Windows continuous release (EFLOW CR), not intended for production use. A clean install may be required for production use once the final General Availability (GA) release is available.

To find out if you're currently using the continuous release version, navigate to Settings > Apps on your Windows device. Find Azure IoT Edge in the list of apps and features. If your listed version is 1.2.x.y, you are running the continuous release version.

Update using Microsoft Update

To receive IoT Edge for Linux on Windows updates, the Windows host should be configured to receive updates for other Microsoft products. By default, Microsoft Updates will be turned on during EFLOW installation. If custom configuration is needed after EFLOW installation, you can turn this option On/Off with the following steps:

  1. Open Settings on the Windows host.

  2. Select Updates & Security.

  3. Select Advanced options.

  4. Toggle the Receive updates for other Microsoft products when you update Windows button to On.

Update using Windows Server Update Services (WSUS)

On premises updates using WSUS is supported for IoT Edge for Linux on Windows updates. For more information about WSUS, see Device Management Overview - WSUS.

Offline manual update

In some scenarios with restricted or limited internet connectivity, you may want to manually apply EFLOW updates offline. This is possible using Microsoft Update offline mechanisms. You can manually download and install an IoT Edge for Linux on Windows updates with the following steps:

  1. Check the current EFLOW installed version. Open Settings, select Apps -> Apps & features search for Azure IoT Edge LTS.

  2. Search and download the required update from EFLOW - Microsoft Update catalog.

  3. Extract AzureIoTEdge.msi from the downloaded .cab file.

  4. Install the extracted AzureIoTEdge.msi.

  1. Check the current EFLOW installed version. Open Settings, select Apps -> Apps & features search for Azure IoT Edge.

  2. Search and download the required update from EFLOW - Microsoft Update catalog.

  3. Extract AzureIoTEdge.msi from the downloaded .cab file.

  4. Install the extracted AzureIoTEdge.msi.

Managing Microsoft Updates

As explained before, IoT Edges for Linux on Windows updates are serviced using Microsoft Update channel, so turn on/off EFLOW updates, you'll have to manage Microsoft Updates. Listed below are some of the ways to automate turning on/off Microsoft updates. For more information about managing OS updates, see OS Updates.

  1. CSP Policies - By using the Update/AllowMUUpdateService CSP Policy - For more information about Microsoft Updates CSP policy, see Policy CSP - MU Update.

  2. Manually manage Microsoft Updates - For more information about how to Opt-In to Microsoft Updates, see Opt-In to Microsoft Update.

Special case: Migration from HCS to VMMS on Server SKUs

If you're updating a Windows Server SKU device previous to 1.1.2110.0311 version of IoT Edge for Linux on Windows to the latest available version, you need to do a manual migration.

Update 1.1.2110.0311 introduced a change to the VM technology (HCS to VMMS) used for EFLOW Windows Server deployments. You can execute the VM migration with the following steps:

  1. Using Microsoft Update, download and install the 1.1.2110.0311 update (same as any other EFLOW update, no need for manual steps as long as EFLOW updates are turned on).

  2. Once EFLOW update is finished, open an elevated PowerShell session.

  3. Run the migration script:

    Migrate-EflowVmFromHcsToVmms
    

Note

Fresh EFLOW 1.1.2110.0311 MSI installations on Windows Server SKUs will result in EFLOW deployments using VMMS technology, so no migration is needed.

Migrations between EFLOW LTS and EFLOW CR trains

IoT Edge for Linux on Windows doesn't support migrations between the different release trains. If you want to move from the 1.1LTS or 1.4LTS version to the Continuous Release (CR) version or viceversa, you'll have to uninstall the current version and install the new desired version. To migrate between EFLOW 1.1LTS to EFLOW 1.4LTS, check EFLOW LTS migration.

Next steps

View the latest IoT Edge for Linux on Windows releases.

Read more about IoT Edge for Linux on Windows security premises.