Microsoft has began a preview of computerized visitor VM patching on Azure.
Which sounds attention-grabbing, as a result of whereas cloud operators care for racking, stacking, energy, cooling and different information centre drudgery, preserving the VMs you hire alive stays your downside.
Whereas this new service is computerized, it isn’t magical: it really works on Home windows Server Datacenter, solely applies rated “Vital” or “Safety” and will reboot a VM after patching.
Even these patches will solely be utilized within the 30-day post-patch-Tuesday window throughout which Microsoft will do the replace. However you don’t get to decide on when the patches are utilized, however Microsoft guarantees the updates will occur “throughout off-peak hours within the VM’s time zone.” Which can ease the ache of these reboots however nonetheless leaves you with a 30-day interval throughout which Microsoft will apply crucial patches at a time of its selecting.
Patches will roll out all over the world on totally different days, which has the upside of not breaking all of your VMs without delay and the draw back of leaving your fleet in an inconsistent state.
You may override Microsoft and get it achieved quicker in order for you.
The service additionally gained’t relieve you of handbook patching chores, as a result of enabling auto-patches disables native Computerized Updates on the Home windows digital machine to keep away from duplication. So whilst you’ll get some patches, less-vital updates will want both handbook intervention or the creation of a customized patching regime.
To make use of the automated service you’ll additionally want to put in the Azure VM Agent in your VMs.
Microsoft at the moment recommends not utilizing the service for manufacturing workloads and given the above it’s not onerous to see why.
Hopefully the ultimate service irons out just a few kinks, as a result of complete and well timed auto-patching could possibly be very helpful certainly. ®