Patching with Windows Server 2016
There are exciting changes in Windows Server 2016 which simplifies and streamlines patching. I think you will find Windows Server 2016 will be easier to maintain and help reduce OpEx costs. Let’s discuss some of these key changes.
In Windows Server 2016 the sea of updates has been streamlined and simplified into a single package. All updates released over a given month will be rolled up in a single package. This will remove the guess work and burden to sort through the large number of hot-fixes released through the breadth of different channels trying to identify the ones you need. It will also simplify the test matrix, making your internal verification processes easier as well as increasing quality by ensuring all changes are verified together to confirm interoperability.
The complexity and uncertainty of trying to figure out which updates you may have installed or missed is gone with Windows Server 2016. The monthly packages are cumulative, meaning they will include all previous updates. When you install a new server, no more having to install a long list of updates. If you have the latest monthly update installed, you have all the updates you need… it’s just that simple!
On the second Tuesday of each month (aka. Patch Tuesday) during the mainstream support phase a cumulative update which includes new security and quality fixes will be released for Windows Server 2016. Being cumulative this update will include all the previously released security and quality fixes.
In the second half of each month (generally the 3rd week of the month) a non-security / quality update will be released for Windows Server 2016. Like all our updates, this update is cumulative and includes all quality and security fixes shipped prior to this release. This quality update is ideal for deployment into test environments to get pre-validation prior to adopting the Patch Tuesday update. As an example, our own MSIT’s patch management strategy is to deploy the quality update in their lab and let it run for a few weeks, then deploy the quality + security Patch Tuesday update once released. Another scenario is if you have a known issue and want access to the update sooner. The non-security update will be available on the Microsoft Update Catalog.
Having a predictable cadence for when you can expect updates, enables you to build regular update maintenance and deployment processes. Being able to plan ahead will simplify and streamline your ability to manage Windows Server.
Proactive Patch Discovery
Windows Server 2016 will help you keep it up to date better than it has ever before. Automatic Updates (AU) is enabled by default on Windows Server 2016 and configured to:
Download updates for me, but let me choose when to install them
Windows Server will automatically check Windows Update or a Windows Server Update Services (WSUS) for any relevant updates, and when it finds updates they will be downloaded and you will be notified that there are updates ready to be applied. Updates will not be installed and servers will not be rebooted automatically, as avoiding production downtime is critical for a server. You control scheduling a maintenance window and installing the updates when it is best for your business. The key improvement is that Windows Update will automatically check and proactively notify you when there are updates you should apply. This helps you get the fixes before you encounter issues and avoid downtime before it ever happens.
For customers who prefer the behavior of previous releases Automatic Updates can be easily configured, including being disabled with group policies.
Additionally, there is now a single location where the release history of all updates for Windows Server 2016 can be found. No more wandering the internet!
Windows Server 2016 will reduce costs by delivering:
- Predicable monthly update cadence you can plan for
- Fewer updates to manage
- Cumulative updates that have everything you need
- Proactive notification of updates before they cause downtime
- Simplified test matrix and streamlined verification process
In Windows Server 2016 you will be able to build a simple maintenance plan: One update… once a month… That’s it!
Written by: Elden Christensen, Microsoft