Azure Update Management
Vložit
- čas přidán 26. 07. 2024
- A look at the two main Azure-native solutions for patching of Windows and Linux OS instances (in Azure and beyond).
00:00 Introduction
00:40 Patch responsibility for Azure services
03:05 Azure Update Management
04:42 Supported OS and patch sources
09:22 Primary steps of patching
10:05 Demo of Azure Update Management and configuration
18:37 Pain points today
19:14 Automatic VM-guest patching
23:10 Going forward
24:35 Summary - Věda a technologie
Great stuff John, especially the details on automatic management and the concepts behind update center
Truly appreciated what you do John. It so amazing information delivery on various Azure topics. Thank you for keeping it up. Really a fan of yours. Cheers
A very good video, which gives me a good contrast to the quarterly maintenance we do with all our servers on-premises and in Azure.
Excellent thorough overview as always John - many thanks!
My pleasure
I always like your videos, your explanations are clear and right to the point
Thank you
Thanks, John for making it so simple.
Great to see what is planned. Update Center sounds very useful and I can definitely see customers wanting to use this going forward.
Update Manager is here today and has the functionality. You just need log analytics and azure automation.
excellent video John. thank you.
A couple of quirks I've found using update manager in the past.
If you're doing one time patching. you have to specify more than about 7 minutes in the future, you can't do immediately.
the details you get in the history tab, can be misleading. it may say "success" however, looking at the machine tab, it says "not compliant"
The Machine tab is the source of truth.
the "success" simply means, it ran successfully, not it installed updates successfully. FYI for anyone else who comes across this.
Hey John this is great, thanks for putting this together, was very helpful!
Glad it was helpful!
Fantastic as always John, Thank you!
Thanks!
the way you explain... it's amazing.
thank you
Thank you for making your videos freely available. The content is so much better than most of the paid courses. Appreciate your spirit of giving back..
Glad you like them!
Great video! Very detailed explanation and with examples
Glad it was helpful!
enjoying this video for today learning, thanks a lot!
Happy to hear that!
Thanks for the explanation 🔥
Thanks for an amazing explanation!!
merci John. Great stuff.
Very clear as allways. Thank you!
Glad it was helpful!
wrong place for this comment but wanted to thank you for the overview in cloud security podcast.. great breakdown and interview
Thank you!
Outstanding video
Thank you
Thanks again John!
You bet!
I hope Update Center can be leveraged for on-prem services. I would love to see 3rd party patches baked into it as well
Excellent video as always John. Quick question on updates for ScaleSet VMs if I can? I just need to know how I can monitor missing updates for ScaleSets VMs (as they don't' seem to have the MMS agent by default), is there anyway to query missing updates from each VMScaleSet VM or is this not possible?
If its AKS then right it won't have the regular VMSS log agent because it is managed by AKS. It is AKS job to update the images and there are various AKS options to auto update when there are new AKS image versions. You don't patch the scaleset, you can see it, but its AKS>
Thank you very much for this very interesting video. I have so much questions ;-)
Is it possible to use Update Management with an on-prem disconnected environment (physical and virtual machines) to avoid each machine having Internet access ?
If I understand well the doc, the Log Analytics Gateway can be used for both the Log Analytics Agent and the Hybrid Runbook Workers. So it should be possible, am I correct ?
In the Update Management, when you configure an Update Deployment schedule, is there a way to configure the deployment to allow only one machine reboot at a time and also defining an order for the machines ?
Like MECM allows you with Orchestration group with 'Allow a number of the machines to be updated at the same time' and 'Specify the maintenance sequence'.
Glad you like the video. it needs to get to log analytics and to azure automation. there are certain private link services you could look at to remove Internet then use on-premises stores like WSUS etc. You could create groups based on tag and tag machines based on maintenance window etc to avoid too many running etc. There are those pre scripts as well so you could do clever things.
@@NTFAQGuy Thanks for your answer, I will try to do a poc at work.
Hi John, great video as always, thanks. Out of curiosity any idea why Windows client OS VMs aren't supported please?
Clients would normally be part of a VDI solution so would have its own method to update or use a client update technology like MEM.
Hey John, I've implemented this quite recently and run into an interesting one... ARC joined machines count as Azure machines and can be added as workstations. You can however not add them as group using Tag as criteria. Guessing this is due to the actual resources not technically being part of the subscription. Weird one.
For Update Management purposes you need to follow the non-Azure machine path for Arc. There is no Arc & Log Analytics integration directly. docs.microsoft.com/en-us/azure/automation/update-management/enable-from-automation-account#enable-non-azure-vms
if i have 2012 X1,2016X1, Redhat X1, CentOS x1, how many update deployment should I create? 1 windows + 1 Linux?
Yes that would work
Hi John, How do I get patch report through update management
Docs cover compliance scans and log analytics data
Do you have carry license for those guns?
Concealed carry 😉💪🤙
How does all of this relate to azure automanage?
automanage does far more than just patching and i'll cover it in detail once its further down the path.
@@NTFAQGuy Awesome looking forward to it!
I'm gonna get fired the day this guy deletes his youtube account
ROFL