none
Coordinating Windows Update/WSUS/SUS patching of host with guests RRS feed

  • 질문

  • Hello,

    Any thoughts or advice on how to coordinate windows update/WSUS/SUS patching of the Hyper-V host OS with patching of the guests?  Any need to do the host first (or last)?  Are people planning manual shutdowns of the guests or relying on H-V to save/shutdown the guests before a patch restart?

    thanks!

    Martin
    2008년 4월 9일 수요일 오후 4:47

답변

  • Hi Martin,

     

    For installing and applying the update patches from Windows update or WSUS, I would like to suggest that you install and apply update patches on the parent partition first.

     

    Assume that you have installed the Windows Server 2008 with Hyper-V beta, it is possible that the Hyper-V RC update will be applied to the system through Windows Update. In this situation, virtual machines that were created on the beta version of the Hyper-V role cannot start on the new updated Hyper-V RC box. You can use the existing virtual hard disk (.vhd) file to create the new virtual machine with Hyper-V RC role. And then you may configure the virtual network settings of all the virtual machine and make them connect to the "External" virtual network switch (that can be exposed to corp network). After that, you can boot the virtual machine to install the patches through "External" virtual network. You need to manually shutdown and restart both the parent partition and child partition after applying the update patches.

     

    Hope it helps.

    2008년 4월 10일 목요일 오전 10:34
  • Martin - you should be safe in allowing Hyper-V to save-state the virtual machines during the physical machine shutdown, and restore them on reboot. This is the default settings for virtual machines. Of course, if you find a scenario where this doesn't work, please report it as a bug.

     

    Thanks,

    John.

     

    --------------------------------------------------------------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.

     

    2008년 4월 10일 목요일 오후 6:09
  • The only updates that you rally need to be aware of are those directly relates to Hyper-V.

     

    In this case the beta -> RC0 upgrade modified items relates to Integration Components and the underlying virtualization stack (maybe even the Hypervisor itself).

     

    the other Windows patches you should approach with the same prudence as in the past.

     

    Some administrators are patch phobic, and others just install them all without thinking (not just the Important ones) or paying attention to the potential impact.

     

    When dealing with Hyper-V you need to be aware of what the patch pertains to.  If it pertains to Hyper-V make sure that the person applying the patchs is aware of it and has a plan of attack.

     

    Right now, there are people not paying much attention to the RC0 patch and just installing it - then having problems.

    That scenario will repeat when the Hyper-V RTM appears and if there is another RC in between.

     

    2008년 4월 11일 금요일 오후 4:35
    중재자

모든 응답

  • Hi Martin,

     

    For installing and applying the update patches from Windows update or WSUS, I would like to suggest that you install and apply update patches on the parent partition first.

     

    Assume that you have installed the Windows Server 2008 with Hyper-V beta, it is possible that the Hyper-V RC update will be applied to the system through Windows Update. In this situation, virtual machines that were created on the beta version of the Hyper-V role cannot start on the new updated Hyper-V RC box. You can use the existing virtual hard disk (.vhd) file to create the new virtual machine with Hyper-V RC role. And then you may configure the virtual network settings of all the virtual machine and make them connect to the "External" virtual network switch (that can be exposed to corp network). After that, you can boot the virtual machine to install the patches through "External" virtual network. You need to manually shutdown and restart both the parent partition and child partition after applying the update patches.

     

    Hope it helps.

    2008년 4월 10일 목요일 오전 10:34
  • Martin - you should be safe in allowing Hyper-V to save-state the virtual machines during the physical machine shutdown, and restore them on reboot. This is the default settings for virtual machines. Of course, if you find a scenario where this doesn't work, please report it as a bug.

     

    Thanks,

    John.

     

    --------------------------------------------------------------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.

     

    2008년 4월 10일 목요일 오후 6:09
  • David,

    Is your recommendation specific to the beta->RC updates, or do you think it would apply to other windows update patches as well (those unrelated to Hyper-V)?

    thanks

    Martin
    2008년 4월 11일 금요일 오후 1:55
  • The only updates that you rally need to be aware of are those directly relates to Hyper-V.

     

    In this case the beta -> RC0 upgrade modified items relates to Integration Components and the underlying virtualization stack (maybe even the Hypervisor itself).

     

    the other Windows patches you should approach with the same prudence as in the past.

     

    Some administrators are patch phobic, and others just install them all without thinking (not just the Important ones) or paying attention to the potential impact.

     

    When dealing with Hyper-V you need to be aware of what the patch pertains to.  If it pertains to Hyper-V make sure that the person applying the patchs is aware of it and has a plan of attack.

     

    Right now, there are people not paying much attention to the RC0 patch and just installing it - then having problems.

    That scenario will repeat when the Hyper-V RTM appears and if there is another RC in between.

     

    2008년 4월 11일 금요일 오후 4:35
    중재자
  • Brian,

    I agree that any Hyper-V specific patches must be handled with special care.

    But for non-Hyper-V patches, your thinking is that whether you patch host first or VMs first, or shut down VMs vs Save State, won't really matter?

    thanks

    Martin
    2008년 4월 11일 금요일 오후 7:30
  • any non-hyper-v pathes are to the WS08 server itself, not potentially to the Hypervisor (under it all) or to the virtualization stack (controlling it all) and should be treated as any traditional Windows patch.

     

    Of couser if it is a clustering patch and you run hyper-v in a failover cluster then you have considerations, but consideration no different than if you were patching clustering without Hyper-v

     

    It all comes down to the patches specific to a specific role and how that role is used.

     

    In the case of Hyper-V Microsoft has done an excellent job at integrating with and exploiting other WS08 functions to add value to Hyper-V.

    Is failover clustering a hyper-v specific function - no, so it has different implications

    Is VSS snapshotting a running VM a hyper-v specific function - no, it has backup implications.

     

    The entire thing is very modular when you look at the other components, all exploiting and hooking into each other, yet they also can stand alone as a product.  This is very much the System Center model of doing things - let the interfaces and capabilities of products bring all the bits together - don't rebuild, reuse.

     

     

     

    2008년 4월 11일 금요일 오후 8:00
    중재자
  • Hi Brian,

    Is it possible to write a powershell script which will run on the hyper-v host and search and apply updates to the VMs?
    I want to do this without using SCVMM.


    Thanks

    Sudip
    2009년 1월 13일 화요일 오전 9:47