If you’re looking for an in-depth understanding of Azure Update Manager, this guide is precisely what you need. It covers all the essential aspects of the tool, from its features and capabilities to help you manage updates for Azure Virtual Machines. The guide presents critical information in a clear and concise manner. Trust us to equip you with everything you need to know to achieve your goals and have a solid understanding of Azure Update Manager and how it can benefit your organization.
Introduction:
When designing a shared services model in the public cloud, ensuring an efficient and streamlined process for applying patches to virtual machines is paramount. While useful, the Azure update management solution can be complex due to its multiple-step processes and dependencies.
Azure has announced a new patch management solution named Azure Update Manager, previously known as Update Management Center, which is now generally available.
Azure Update Manager is a SaaS solution that helps manage and govern software updates for Windows and Linux machines. The solution can be utilized on Azure, as well as on-premises and in multi-cloud settings. This service simplifies software update deployment on multiple machines. The solution simplifies managing and deploying updates, ensuring all machines are secure and up-to-date.
Overview:
The Azure Update Manager now enables the assessment and deployment of software updates on single or multiple machines, without the need for the Azure Automation and Log Analytics agent. The solution brings features like:
- There need to be no onboarding steps for resources.
- Take advantage of newer technology.
- Azure Update Manager supports multi-subscriptions.
- Deliver a native update solution.
- Granular role-based access control.
- Using Azure Policy to enforce enabling periodic assessments on multiple machines.
- Create custom reports.
- Manage extended security updates (ESUs) for Azure Arc-enabled Windows Server 2012/2012 R2 machines.
How does Azure Update Manager work?:
Azure Update Manager redesigned for new capabilities without Log Analytics or Azure Monitor agents. It now uses the Microsoft Azure VM agent to manage update workflows on Azure VMs and the Azure Connected Machine agent to manage Arc-enabled servers. When a machine undergoes its first update operation, an extension is installed to interact with agents and assess and deploy missing updates.
The native design on Azure Compute and Azure Arc for Servers platform enables zero-step onboarding and simplifies operations on an ongoing basis. Additionally, it helps to secure machines with new ways of patching, such as automatic VM guest patching in Azure, hot patching, or custom maintenance schedules.
When you start an Azure Update Manager operation on your computer, it installs an extension that communicates with the VM agent (for Azure machines) or Arc agent (for Arc-enabled machines) to receive and install updates. Azure Update Manager stores all its data in Azure Resource Graph (ARG). You can create custom reports on the updated data to better understand patterns using Azure Workbooks. By default, Azure Update Manager uses the Windows Update (WU) client running on your computer to receive updates. However, you can configure the WU client to receive updates from the Microsoft Update/WSUS repository and manage patch schedules using Azure Update Manager. Azure Update Manager honours machine settings and installs updates accordingly.
Update Options:
The Azure Update Manager services provide various update options:
- Automatic OS image upgrade – This feature automatically applies the latest OS image to the scale set without user intervention.
- Automatic VM guest patching – Enabling automatic VM guest patching in Azure Update Manager ensures virtual machines are safely and automatically patched for security compliance.
- Hot patching – Hot patching is a feature that enables you to install security updates for your Windows Server Datacenter: Azure Edition virtual machines without the need for a reboot after installation.
- One-time update – Azure Update Manager lets you secure your machines immediately by installing updates on demand.
- Schedule patching – You can create a schedule to automate the process. You can choose the frequency of updates – daily, weekly, or hourly, depending on your needs. Once you set up the schedule, the updates will be installed automatically based on your specifications.
Pricing:
Azure Update Manager is free for Azure VMs and Arc-enabled Azure Stack HCI VMs with Azure benefits enabled. For Arc-enabled servers, the service is priced at $5 per month per server, based on 31 days of usage. The charge is calculated daily at $0.16 per server per day. It is prorated for the days the server is connected and managed by Azure Update Manager. This means an Arc-enabled machine is only charged for the days it is connected and managed by Azure Update Manager.
End notes:
The Azure Log Analytics agent, the Microsoft Monitoring Agent (MMA), will be retired in August 2024. The Azure Automation Update management solution depends on this agent and may face issues once the agent is retired. Additionally, it is essential to remember that the Azure Monitoring Agent (AMA) is not a suitable replacement for the retiring agent and cannot be used as a substitute. Hence, customers must soon migrate the virtual machines to the Azure update manager.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
