It’s been a long time since I have updated my blog but then I thought it’s a great time to catch up with IT Professionals. A lot of things happening around with Microsoft in the private cloud space as well as public cloud space. I will be in touch with you on a regular basis going forward.
Just to give a background on this post. I work in New York City with Microsoft Enterprise customer. Every now and then I receive different types of questions. This time one of customer reached out to us asking about how are we doing patch management within Windows Server in current release and in vNext. Have we done anything to reduce the number of reboots per server yoy. And how do we compare the patches/reboots compared to Windows Server 2008/R2 & current release. So I thought I would share some of the thoughts that I shared with customer using some data point from various Microsoft Engineering teams shared with us…
Microsoft always tries to make sure that in every release we have efficient update & patch management we try to suppress number of reboot as much as possible for maximum uptime. This can be achieved using various technologies included in the recent releases of Windows Client and Server operating systems. For example Cluster Aware Update feature in Windows Server 2012 would reduce the application downtime significantly by pro-actively migrating the workloads on other nodes before running update on each node and restores it after the update is completed on each node. More info here http://blogs.technet.com/b/mspfe/archive/2013/02/06/what-is-cluster-aware-updating-in-windows-server-2012.aspx
Using Server Core it is possible to achieve a 40-60% reduction in patches based on historical data. In one of the blog posts we could also find a comment from Engineering teams..
Yes, Server Core does require fewer reboots than Server with a Gui. As we’ll explain in some upcoming blog posts, you’d have (by default) at least a 50% reduction in reboots due to patching. That roughly equates to one reboot every two months. Here are few of the excellent articles from engineering that highlights the update improvements and how impacted reboots historically.
Some relevant articles in this space.
Microsoft aims to reduce Windows Update restarts (An article from ZDNet)
Here is an excellent blog that explains different types of patches that we refer within Engineering. Each has its own significant purpose during the operating system’s lifecycle like update, patches or hotfixes will fix any vulnerabilities, Patch Tuesday offers critical patches every second Tuesday including security bulletin etc. And then we have Service Packs, Update Roll ups etc.
Then there was a query around do the patches grow a lot as OS becomes older n older. Well, the patches are nothing but when Engineering team finds any bugs or vulnerabilities or if these bugs/vulnerabilities/zero day exploits reported by people (customers, partners, IT Professionals, Developers, security researchers etc.)
So the number patches will continue to come as the software is made of millions of lines of code, as and when it is detected or identifies we try to release the update or patch based upon the critical nature of the bug or vulnerability.
As we move towards the next generation we are trying to offer various option for customers to reduce the overall attack surface by reducing the size of the operating system using different installation option. Server Core is classic example, which does not include GUI, Start, Internet Explorer, Control Panel etc. that means that code is not present in an OS so no patches/updates needed for those components. With the vNext releases, like Windows Server 2016, we have introduced Nano Server installation option that has a total footprint less 500 MB of an entire Server OS it means less attack surface and less patches/updates meaning less number reboot cycles in the long run.
In the recent preview release we have published some numbers around the overall experience with number of patches/reboots in the release.
Nano Server will allow customers to install just the components they require and nothing more. The initial results are promising. Based on the current builds, compared to Server, Nano Server has:
- 93 percent lower VHD size
92 percent fewer critical bulletins
80 percent fewer reboots
You can find more around Nano Server here http://blogs.technet.com/b/windowsserver/archive/2015/04/08/microsoft-announces-nano-server-for-modern-apps-and-cloud.aspx
Again, this post is my general observation while working with customers and with my personal experience. I am not using any fancy engineering terms but just trying to share the observation in simple for everyone to understand how are we heading in this space.
Hope it helps.
Aviraj Ajgekar – Technical Specialist for Datacenter & Cloud covering Microsoft New York City.