Patching
your Fabric with SCVMM 2012
One
superb feature in SCVMM is that you are now able to patch the resources in the
Fabric, which also includes your Hyper-V Clusters.
How are
you usually patching your Hyper-V Cluster? You have to initiate the Maintenance
mode, patch the node, stop Maintenance mode, and so the story continues with
the next node.
SCVMM
2012 will do this automatically for you, so that you can spend your valuable
time with more important tasks, like focusing on pro-active management and best
practices.
Let`s take a walkthrough
First,
you`ll need a WSUS-server in your domain to serve the Fabric with the defined
updates.
You can
1.
Install
WSUS on the SCVMM server
2.
Install
WSUS on a dedicated server
3.
Share
the WSUS server that you`re already using with SCCM
In this
walkthrough we`re going to use a dedicated WSUS server.
1.
Enable
the WSUS role on your Windows Server 2008 R2 via ServerManager
2.
Schedule
the synchronization
3.
Only enable
the required updates (If you only have Windows Server 2008 R2 machines in the
Fabric, you`ll not need updates for Windows Server 2003/Outlook etc. So do not
synchronize these ones.)
5.
Restart
the System Center Virtual Machine Manager service (net stop SCVMMService / net start SCVMMService )
6.
Navigate
to the Fabric in SCVMM, select Update Servers, right click, and add
your WSUS server. Specify the FQDN name, and the TCP port the server is
listening on. If you have ran the default installation of WSUS and are using
the default Web-configuration, the TCP port should be 80. Use a Run as Account
or specify the required credentials to add your server to SCVMM.
7.
Once
the server is added, you`ll be able to manage it directly from SCVMM. (Right
click the server in Fabric, and select properties. Here you can change updates
classifications, products etc).
Now, you
should have your WSUS server available in SCVMM.
The next
steps will show you how to create Update Baselines for your resources.
An
update baseline contains a set of required updates that is then scoped to an
assignment such as a host group, a stand-alone host, a host cluster, or a SCVMM
management server. A compliance scan that are assigned to a baseline are graded
for compliance with their assigned baselines. When a computer is found
noncompliant, an administrator will bring the computer into compliance through
update remediation.
You can
configure update baselines to host groups and to individual computers based on
their role in SCVMM.
(If you move a host from one host group to
another, the baselines for the new host are applied to the host)
We`re
going to assign computers to a built-in update baseline:
1.
In
the Library pane, expand the Update Catalog and Baselines, and click
on Update Baselines
You should see two built-in baselines named Sample Baseline for Security Updates
and Sample Baseline for Critical Updates
2. Click Sample Baseline for Security Updates
3.
On
the Home page in the Properties
group, click Properties. (On the
left, click Updates to open the Updates page)
4.
Here
you can add/remove update baselines from the baselines that are listed.
5.
Click
Assignment Scope to open the
Assignment Scope and select host groups, host clusters, and computers to add to
the baseline. All computers are represented by the roles they have in SCVMM. To
apply a baseline to all hosts, you have to select the All Hosts root host group.
6.
Click
OK to save the changes you`ve made.
You can
also create a new update baseline in SCVMM.
Repeat
step 1 and in the Home page in the Create group, click Baseline so the Update
Baseline Wizard starts. This wizard will take you through the required steps to
build a baseline and let you select the updates you want. Create the baseline
and select the correct Assignment Scope for the updates (Hyper-V updates for
Hyper-V hosts, and so on).
If
you`ve done this right, you should be able to see the update baseline in the
Library pane, expand Updates and Baselines Catalog, and then click Baselines.
Now,
let`s navigate back to the Fabric,
and check if our resources are compliant.
1.
Select
a Host group, click the Home tab, and select a host.
2.
Click
Compliance and initiate a Scan with the scan button.
3.
If
some of the hosts are not compliance, select Remediate.
4.
SCVMM
will now initiate an orchestrated workflow which:
1.
Start
maintenance mode (Live Migrate VMs to other nodes in the Hyper-V Cluster)
2.
Install
updates
3.
Reboot
computer
4.
Check
if the computer is compliant
5.
Stop
maintenance mode
6.
Repeat
all the 5 steps on each and every node in the cluster.
Brilliant!
Now I can spend more time in the TechNet Forums and on twitter :-)
Cheers,