Private Cloud Management with VMM 2012 (Part 3): Adding an update server and enable orchestrated update management

  • Article

See the first two parts of this series here:
Private Cloud Management with VMM 2012 (Part 1): What's new with System Center Virtual Machine Manager 2012
Private Cloud Management with VMM 2012 (Part 2): Creation of a Hyper-V Cluster Using VMM 2012

(Post courtesy Iftekhar Hussain)

In my last blog post, we saw how to create a Hyper V Cluster using the VMM 2012 cluster creation wizard as a part of preparing a fabric for the cloud.

Virtual Machine Manager 2012 also provides a feature by which you can manage updates for your virtual machine hosts, library servers, PXE servers, the Windows Server Update Management (WSUS) server, and the VMM server itself in the VMM console.

When you perform update remediation on a host cluster, VMM orchestrates the updates, in turn placing each cluster node in maintenance mode, migrating virtual machines off the host by using intelligent placement, and then installing the updates. If the cluster supports live migration of Windows Server-based virtual machines, live migration is used. If the cluster does not support live migration, VMM saves state for the virtual machines and does not migrate them.

To manage updates in VMM 2012, you need a WSUS server

Here are the prerequisites:

  1. You must install the 64-bit version of Windows Server Update Server (WSUS) 3.0 Service Pack 2 (SP2).
  2. VMM requires a single, dedicated WSUS root server; downstream servers are not supported.
  3. If you install WSUS on a remote server, you must install a WSUS Administrator Console on the VMM management server and then restart the VMM service.
  4. Before you install the WSUS server ensure that the server meets all WSUS prerequisites described on the Windows Server Update Services 3.0 SP2 download page

Once you have configured the WSUS server, lets add the WSUS server in VMM 2012.

1. Open the Fabric workspace.

2. On the Home tab, in the Add group, click Add Resources, and then click Update Server.

clip_image002

3. My WSUS server name is sccm.dd181028.com, hence I have put SCCM as Computer name with port number and credentials.clip_image003

4. Once the WSUS server is added, click on Synchronize to sync the WSUS updates with VMM.

clip_image005

5. You will all the update metadata showing on your VMM

clip_image007

Create Baseline

After you enable update management in VMM, you are ready to prepare for patching by configuring update baselines. An update baseline contains a set of required updates. During a compliance scan, computers that are assigned to a baseline are graded for compliance to their assigned baselines. After a computer is found noncompliant, an administrator brings the computer into compliance through update remediation.

clip_image009

6. Provide a Name and Description for your Baseline

clip_image011

clip_image013

7. Add the updates to your baseline against which your Hyper V hosts will be compared.

clip_image015

8. Assign the Baseline to the host groups.

clip_image017

9. Finish the wizard

clip_image019

10. You’ll see your newly created Baseline

clip_image021

To find out the compliance status for each baseline, you must scan the computer for compliance. When a computer is scanned for compliance, WSUS checks each update in the assigned update baselines to determine whether the update is applicable and, if the update is applicable, whether the update has been installed.

After a compliance scan, each update has a compliance status of Compliant, NonCompliant, Error, or Unknown.

clip_image022To scan computers for compliance

1. In Compliance view of the Fabric workspace, select the computers that you want to scan.

2. On the Home tab, in the Compliance group, click Scan.

While the scan is in progress, the compliance status changes to Unknown. After the compliance scan completes, the computer's compliance status of each update is Compliant, NonCompliant, or Error.

clip_image024

clip_image026

Perform Update Remediation

To perform update remediation, the target computers must be noncompliant. To make a compliant computer noncompliant, you might need to use Add and Remove Programs to temporarily uninstall one or more of the updates listed in Compliance view.

On the Home tab, in the Compliance group, click Remediate. (The Remediate task is only available when the selected objects are noncompliant.)

If you select the host cluster by its cluster name, VMM orchestrates remediation of the hosts in the cluster.

VMM rolls through the host cluster, remediating one cluster node at a time. If a cluster node is compliant, VMM bypasses that node.

Before VMM begins remediating a host, it places the host in maintenance mode and migrates all virtual machines to other hosts in the cluster. If the cluster supports live migration, live migrations are performed. If the cluster does not support live migration, VMM saves state before migrating virtual machines.

If you prefer to restart the computers manually after remediation completes if any updates require a restart, select the Do not restart the servers after remediation check box.

clip_image027

Once the remediation is over, you’ll see your Hyper V cluster hosts as Compliant.

clip_image029

Hope this post was helpful for some of you who are evaluating VMM 2012 its update management feature.

In my next post, we’ll configure the rest of the fabric components like Logical Network, Storage and Load Balancers.

Stay tuned.

Iftekhar