Azure – You now have more control on when updates are being deployed

As you may already know, you have the ability to automatically deployed updates on virtual machines running on Azure (for both Windows and Linux operating systems).

Well, while this helps you managing and controlling your virtual machines update process, you did not had control on the host update process, meaning for Azure Dedicated Host or isolated VM you may had experience a short/temporary service disruption.

The good news is now you can better manage this by using the new maintenance control for platform updates feature (now in preview), allowing you to control impactful updates on the underlying host by either (up to 35 days delay)

  • if the maintenance does not require a restart, temporarily paused the virtual machine while the host is being updated or live migrate it to an already updated host
  • if the maintenance do requires a restart, to get notified and then be able to manage your self the update within the time window provided

This new feature is particularly interesting for highly sensitive to disruption workloads running on Azure Dedicated Host or single/isolated VM.

This is not (yet?) available for workloads deployed on shared hosts.

The principle is to create a maintenance configuration and associate it with your resources and then manage the maintenance

image_thumb

To start using this feature, you will need to use either Azure PowerShell, Az Cli, Rest API, .Net or Azure SDK; this is not yet available through the portal (you can know more about the maintenance for Azure virtual machine here https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates).

You need first to get the Az.Maintenance PowerShell module using the command

Install-Module -Name Az.Maintenance –AllowPrerelease

image_thumb[1]

  • You will need to create a resource group as a container for the maintenance configuration; this step can be performed with any of the management tools (including the portal off course); you can also reuse an existing resource group if you want

New-AzResourceGroup –Location <location of your resource group> -Name <name of your resource group>

  • Create a custom maintenance configuration; the name of the configuration must unique across your subscription and located in the same region than the resource group

$config = New-AzMaintenanceConfiguration -ResourceGroup <the resource group created above> -Name <your custom maintenance configuration name> -MaintenanceScope host -Location <location – should be the same as your resource group>

image_thumb[2]

You can get all maintenance configuration using the command

Get-AzMaintenanceConfiguration | Format-Table -Property Name,Id

image_thumb[3]

  • Assign the configuration to either the isolated VM or dedicated host

Isolated VM

New-AzConfigurationAssignment -ResourceGroupName <the resource group created above> -Location <location of your resource group> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute -ConfigurationAssignmentName $config.Name -MaintenanceConfigurationId $config.Id

Dedicated host

New-AzConfigurationAssignment -ResourceGroupName <the resource group created above> -Location <location of your resource group> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute -ConfigurationAssignmentName $config.Name -MaintenanceConfigurationId $config.Id

  • Check for pending updates

Isolated VM

Get-AzMaintenanceUpdate -ResourceGroupName <the resource group created above> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute | Format-Table

Dedicated host

Get-AzMaintenanceUpdate -ResourceGroupName <the resource group created above> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute | Format-Table

  • Apply updates

Isolated VM

New-AzApplyUpdate -ResourceGroupName <the resource group created above> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute

Dedicated host

New-AzApplyUpdate-ResourceGroupName <the resource group created above> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute

  • Remove the configuration

Remove-AzMaintenanceConfiguration -ResourceGroupName <resource group of your maintenance configuration> -Name $config.Name

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies