none
Patching of RRAS servers

    Question

  • Hi all,

    I am currently designing our DC VPN connectivity into MS Azure for our running workloads, and am looking to terminate our DC end onto 2x 2016 RRAS servers load balanced using NLB.  One thing I am unsure of however is that in the event of our monthly patching cycle, each of these servers will be rebooted (not at the same time), but what would the impact be for the tunnels during this planned failover?  Is it a Powershell line to fail them over gracefully without packet loss?  Are there any design considerations I should take into account to make this transparent?  I don't want it to be the case where the business has Azure service outage every month due to our best practice security patching :)

    Any advise or guidance you could offer would be greatly appreciated.

    Thanks

    Sunday, June 24, 2018 9:14 AM

All replies

  • Hi,

    Have a nice day! Thanks for your question.

    According to your post, would you like to know that what would the impact of monthly patching on RRAS failovers for VPN tunnels? Is there a best practice method of this security patching without impacts? If I misunderstand your desired, please don’t hesitate to let me know.

    Based on my experience, I suggest you could update for RRAS servers manually at the non-production time. Please refer to the following official links for win2016 patching, we can manually patch the OS with MS month rollup.

    Updates for Windows 10 version 1607 and Windows Server 2016

    https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history

    Furthermore, Windows Server Update Services (WSUS) is recommended to push the update notifications for clients which is desired to patch for this implementation actually. If the resources is sufficient, we can try this procedure by the following MS article.

    Deploy Windows Server Update Services

    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services

    Hope this helps. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, June 25, 2018 3:19 AM
  • Hi,

    Just checking in to see if the information provide was helpful. Please let us know if you would like further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, June 28, 2018 3:05 PM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, July 2, 2018 2:28 PM
  • Hi Michael,

    Thanks for your reply, however I'm content with the patch management process, we have that process matured.  I was really referring to the impact on the Site to Azure traffic connectivity during the reboot (as with most MS patches).  Does RRAS cluster fail over statefully or will all active connections disconnect and have to re-connect via the fail over cluster RRAS server therefore causing noticeable outage to users.

    Thanks again for your help.

    Chris

    Wednesday, July 11, 2018 7:27 AM