Updating a web site to apply a security patch with the help of Hyper-V

With the release of the latest security updates, it made me think about how painful it is to have to reboot a server because of applying a security update.  You have to balance the need to stay secure, with keeping your server up and running.  This is extremely important when it comes to a web server, especially a public facing server.

So how should we go about updating the server?  Well there are a number of ways that you can do this, but I wanted to touch on one method which is using Virtualization, namely Hyper-V.

So let me give a bit of background, prior to the security patches being released, there is a key step that you should do if you are running your web server as a virtual machine.  That step is making sure to have a second copy of the virtual machine.

For the purposes of this post, let’s assume that you are currently running one virtual machine per server and that virtual machine is hosting your web site.

The reason that we make a copy of the virtual machine is that with that, we can start up another virtual machine which is an exact copy of the first machine.  This will allow us to download and apply the patch to this 2nd copy of the virtual machine and reboot it.  All the while, not affecting any users currently hitting the site.  When the 2nd server comes back up from rebooting, we can then add it to the web farm so it will start taking load.  We then take the original server out of the farm using the standard methods to drain the existing requests.  We can then apply the security patches to the original server and reboot it.

This allows us to always have all of our servers in the rotation and we never have the case of one of the servers in the farm is rebooting so our load is balanced over less machines.

And yes, before it is asked, we can run two virtual machines on a single server and that will allow us to patch the host OS and reboot that and when it comes back, add it back to the farm and shut down one of the virtual machines on the other server.

This is just one of the subtle advantages of using a virtual machine to host your web site.  I hope that this was useful to everyone and I look forward to your thoughts or opinions.

Comments

  • Anonymous
    November 28, 2008
    Updating environments with Hyper-V can be more of a challenge compared to updating an environment that