For most of the usage, Azure Update Management helps to improve your patch management. However, clusters are not handled for the moment (a shame for my S2D clusters). Some features are missing such as run an update process “now” and the information are not assessed immediately after an update. Despite all these lacks, I use only Azure Update Management to handle Windows Update in my lab and I try to convince my customers to use this product instead of WSUS. In this topic I’ll show you how to deploy and use Azure Update Management.

Azure resources creation

The following Azure resources are required to deploy Azure Update Management:

• Log Analytics workspace
• Azure Automation Account

So I create these resources from the Azure Marketplace.

Then, once you created the Azure Automation Account and the Log Analytics workspace, open the Azure Automation Account blade and navigate to Update Management. Select the Log Analytics workspace and click on Enable.

Connect on-prem machines to Azure Update Management

Open Log Analytics Workspace blade. In overview pane, locate Connect a data source. Then click on Windows, Linux and others sources.

Then download the Windows Agent. Copy the workspace ID and the primary key: you need these information to complete the agent installation.

Once you downloaded the agent binaries, run the installation. Check the box saying Connect the agent to Azure log analytics (OMS).

Next specify the workspace ID and key. Select Azure Commercial.

N.B: You can also install the agent by using a command line:

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID= OPINSIGHTS_WORKSPACE_KEY= AcceptEndUserLicenseAgreement=1

It can take a while before information are pulled up in Azure. Once the agent is detected in Azure Update Management, you should get a message saying that a machine does not have “Update Management” enabled. Click on the link beside.

Choose the option you want and click on OK.

Once you have enabled update management of machines, you should get information about update states on your On-Prem computers.

Create an update deployment

Now that machines are well reported in the Update Management portal, we can create an update deployment to install the updates. Click on Schedule update deployment. First provide a name for this update deployment. Then, select machine to update and click on Machines. Select machine you want to upgrade.

Then configure the schedule. For this rule I choose to run it once a time. As you can see also in the below screenshot, you can specify a pre and post script.

Finally, specify the maintenance window and the reboot options as specified in the following screenshot.

Once the schedule update is created, you can retrieve it in scheduled update deployments tab.

Create a recurring update deployment

You can also create a recurring update deployment to install automatically updates each month. Create a new update deployment and this time in schedule settings choose recurring.

Several scheduled update deployments can be created as you can see in the following screenshot.

When a deployment update is running, you can see the progression in Update Deployments tab.

Finally, when update process is finished, you have to wait almost 30mn to get the new assessment from on-prem machines. After updates are installed you should get all your machines compliant.

The post Getting started with Azure Update Management to handle Windows updates appeared first on Tech-Coffee.

Dell Repository Manager

To follow this topic, you need to install Dell Repository Manager. The installation is pretty easy: Next, Next, Install. This application enables you to connect to an online repository to download drivers and firmware and to create custom bundles. Dell Repository Manager is able to connect to an iDrac to detect the hardware. You can also choose the server reference from a list. When you open for the first time Dell Repository Manager, you can only add a repository.

Then provide a name to your repository and choose Enterprise Server Catalog. Next I choose the repository type called Integration and I select iDrac.

Specify the IP address of the iDrac and the credentials.

Then your server is detected (the service tag as well).

Now that the repository is added, you should get two bundles: one for Linux and the other one for Windows. I select the Windows bundle and I click on Export.

Create the custom SUU

Once you have clicked on export, select SUU ISO. If you use Dell Repository Manager for the first time, the application should warn you that plugins are required. Just install plugins to be able to export as SUU ISO. Select SUU ISO and specify a location. Click on Export to start the process.

If you click on Repository Manager (in the top of application), you can select Jobs. From this view, you are able to monitor the job status.

When the export process is finished, you should the SUU ISO.

Now that the SUU ISO is created, you can copy it to the server you want to upgrade. When you mount the ISO on a Windows Server, you can run SUU.cmd -e and SUU will take care to upgrade your drivers and firmware itself.

Conclusion

When you have dozens of servers, the server upgrade process can be a pain and take a lot of time. SUU helps to automate the firmware upgrade but the full ISO can take a long time to copy past because of its size. Thanks to Dell Repository Manager, you can create a custom SUU with just enough firmware and drivers for your systems. It’s free, enjoy

The post Create a custom SUU to update Dell firmware appeared first on Tech-Coffee.

Requirements

To follow this guide, you need an up and running Veeam Backup & Replication 9.5 infrastructure. To write this guide, I updated from a Veeam Backup & Replication 9.5 Update 2 solution which consists of a single server. Another server hosts a Veeam console. To update Veeam to update 3, you need to download it from the Veeam portal:

Update Veeam Backup & Replication

Before updating Veeam Backup & Replication, you have to disable all backup jobs. Open the Veeam console and navigate to the backup jobs. Select them all and right click. Then select Disable.

Ensure that all jobs are disabled before closing the Veeam console.

Next copy the update to your backup server and run it.

On the first screen, just click on Next.

Enable the checkbox Update remote components automatically to update all components during this wizard. Click on Install to deploy the Update 3.

During the update process, Veeam backup all previous installation files. When the progress bar is finished, Veeam is updated. The update process took me almost 25mn.

When the update process is finished, you should get this screen.

Open the Veeam console from the backup server, navigate to jobs, select them all and right click. Select Disable to enable all jobs.

In the below screenshot, you can see one of the new Veeam features: the central management of Veeam Agent for Windows / Linux instance. You can now centralize the backup of physical servers for example. I’ll do a topic about that later.

Update Veeam Backup & Replication console

If like in my environment you have a server dedicated to remote management, you have to update the Veeam console installed on it. The process is easy, open the Veeam console and connect to the Veeam Backup & Replication server.

The following message is raised: click on Yes to update the Veeam Console. After several minutes, you are connected to Veeam Backup & Replication Update 3.

The post Step-by-Step: Update Veeam Backup & Replication 9.5 to Update 3 appeared first on Tech-Coffee.

VMM can be connected to an upstream or a downstream WSUS but not to a WSUS replica. Moreover, if you have System Center Configuration Manager (SCCM) already connected to a WSUS, you can use the same on VMM.

For example, in my lab, I have a server that hosts SCCM and the WSUS. This server is called VMCMG01. So I will connect my VMM to VMCMG01 to manage fabric servers updates from Virtual Machine Manager.

Add an Update server to VMM

First of all, add a RunAs account to the local Administrators group on the WSUS server:

Next, open the VMM console and navigate to the fabric. Right click on Update Server and select Add Update Server.

Specify the WSUS server hostname, the TCP port of WSUS (by default: HTTP: 8530, HTTPS: 8531) and the RunAs account. Don’t forget to tick the checkbox if you use SSL to communicate with WSUS.

Once you have clicked on Add, a job is launched to add the Update Server.

Once it is finished, you should have an Update Server in responding state.

Create and assign a baseline

Now that Virtual Machine Manager is connected to a WSUS, the update catalog should contain updates. To open the update catalog, navigate to the library and Update Catalog and Baselines.

By default, no baseline is assigned to fabric servers. So I will create a baseline that will contain only security updates. So I right click on Update Baselines and I select new baseline.

First specify a name and a description of the baseline.

In updates screen, click on Add to add updates to the baseline.

At the top of the window you can specify a filter to display only updates you want. So I type Security and I select all updates. Then I click on Add.

Once the updates are added to the baseline, you can click on next.

Next select on which fabric servers you want to apply the baseline. Because I have created this baseline for Hyper-V, I select all host groups.

To finish, click on … finish J.

At the end, my baseline is assigned to one host group (the top level host group) and contains 177 updates.

Check the compliance

Now open the fabric tab and navigate to your host groups. Right click on a Hyper-V host. You should see Scan, Remediate and Compliance Properties:

• Scan: enables to check the compliance status to verify if all updates are installed;
• Remediate: install the updates to be compliance with the baseline;
• Compliance Properties: open a view to verify the compliance status regarding baseline

Below the Compliance Properties window on the hyperv01 Hyper-V host. Because no compliance scan has been run on this Hyper-V host, the compliance status is unknown.

So I run a compliance scan on HyperV01 by clicking on Scan.

When the compliance scan is finished, I come back to the compliance properties and I can see that my HyperV01 is compliant.

You can have an overview on the compliance status of the fabric servers by selecting the Compliance view as below:

My HyperV02 is non compliant, so I decide to run a remediation. I right click on the Hyper-V host and I select Remediate. In the update remediation window I select my baseline and I just click on Remediate.

$managedComputer = Get-SCVMMManagedComputer -ComputerName "hyperv02.home.net"
$baseline = Get-SCBaseline -Name "HomeCloud Security Baseline"
Start-SCUpdateRemediation -VMMManagedComputer $managedComputer -Baseline $baseline –RunAsynchronously

And after some time, my HyperV02 is compliant J

The post Manage fabric servers updates from Virtual Machine Manager 2012R2 appeared first on Tech-Coffee.

• Virtual Machine Manager: KB2992024
• Service Provider Foundation: KB2992021
• Operations Manager: KB2992020
• Service Reporting: KB2992025
• Data Protection Manager: KB3009516
• Service Manager: KB2989601
• Windows Azure Pack: KB2992027
• Windows Azure Pack Websites: KB2992029

I will try these updates this week-end so stay tuned

The post Update Rollup 4 released for System Center 2012R2 and Windows Azure Pack appeared first on Tech-Coffee.