Patching with Windows Server 2016


There are exciting changes in Windows Server 2016 which simplifies and streamlines patching.  I think you will find Windows Server 2016 will be easier to maintain and help reduce OpEx costs.  Let’s discuss some of these key changes.

Updated Consolidation

In Windows Server 2016 the sea of updates will be streamlined and simplified into a single package.  All updates released over a given month will be rolled up in a single package.  This will remove the guess work and burden to sort through the large number of hot-fixes released through the breadth of different channels trying to identify the ones you need.  It will also simplify the test matrix, making your internal verification processes easier as well as increasing quality by ensuring all changes are verified together to confirm interoperability.

Cumulative

The complexity and uncertainty of trying to figure out which updates you may have installed or missed will be gone with Windows Server 2016.  The monthly packages will be cumulative, meaning they will include all previous updates.  When you install a new server, no more having to install a long list of updates.  If you have the latest monthly update installed, you have all the updates you need… it’s just that simple!

Predictable Cadence

On the second Tuesday of every month (aka. Patch Tuesday) during the mainstream support phase a cumulative update which includes new security fixes will be released.  Being cumulative this update will include all the previously released security and quality fixes.

Around the fourth Tuesday of every month a cumulative update will be released which includes new quality fixes.  Being cumulative this update will include all the previously released security and quality fixes.

You can then have the flexibility to choose the security only update, or the quality update to build your patch management strategy around.  Having a predictable cadence for when you can expect updates, enables you to build patch maintenance processes.  Being able to plan ahead will simplify and streamline your ability to manage Windows Server.

Proactive Patch Discovery

Windows Server 2016 will help you keep it up to date better than it has ever before.  Automatic Updates (AU) is enabled by default on Windows Server 2016 and configured to:

Download updates for me, but let me choose when to install them

Windows Server will automatically check Windows Update or a Windows Server Update Services (WSUS) for any relevant updates, and when it finds updates they will be downloaded and you will be notified that there are updates ready to be applied.  Updates will not be installed and servers will not be rebooted automatically, as avoiding production downtime is critical for a server.  You control scheduling a maintenance window and installing the updates when it is best for your business.  The key improvement is that Windows Update will automatically check and proactively notify you when there are updates you should apply.  This helps you get the fixes before you encounter issues and avoid downtime before it ever happens.

Updates will first be published to Windows Update as optional, this enables you to explicitly ‘check for updates’ and elect to obtain updates.  After two weeks the updates will be moved to recommended and included in the next cumulative update and automatically notified by Automatic Updates that updates are available.  This predicable behavior gives time to test updates such as in your lab, before being notified across the broader set.  Even if notified, ultimately you are in control on what you choose to install.

Automatic Updates will not be enabled on Nano Server.  Additionally, for customers who prefer the behavior of previous releases Automatic Updates can be easily configured, including being disabled with group policies.

Reduced Footprint with Nano Server

In Windows Server 2016 a new installation type called Nano is being introduced which will deliver the smallest Windows Server footprint ever!  Having a smaller operating system footprint results in fewer binaries to patch.  Having less to patch simplifies keeping your servers current.  See this blog for more information about Nano Server:  https://blogs.technet.microsoft.com/windowsserver/2016/07/12/windows-server-2016-new-current-branch-for-business-servicing-option/

Key Takeaways

Windows Server 2016 will reduce costs by delivering:

ü  Predicable monthly update cadence you can plan for

ü  Fewer updates to manage

ü  Cumulative updates that have everything you need

ü  Proactive notification of updates before they cause downtime

ü  Simplified test matrix and streamlined verification process

ü  Reduced updating with Nano Server

In Windows Server 2016 you will be able to build a simple maintenance plan:

One update…  once a month… That’s it!

 Written by: Elden Christensen, Microsoft


Comments (2)

  1. jobc says:

    What happens when a single cumulative update causes a problem with a server application.
    What are the contingency plans to get the security updates to those users as soon as possible?
    What is MS commitment to its corporate users?

  2. Michal_F says:

    I have mixed feelings about this approach. What about zero-day vulnerability patches, they will need to wait one month ?
    This is ok for Desktop OS, but enterprise system are different. I prefer specialized solution over universal that fit all but are not so good in many situations. I am ok with CBB update model for Home users, but LTSB is must have for Enterprise (Desktop and Systems).

Skip to main content