Patching your Fabric with SCVMM 2012
One superb feature in SCVMM is that you are now able to patch the resources in the Fabric, which also includes your Hyper-V Clusters.
How are you usually patching your Hyper-V Cluster? You have to initiate the Maintenance mode, patch the node, stop Maintenance mode, and so the story continues with the next node.
SCVMM 2012 will do this automatically for you, so that you can spend your valuable time with more important tasks, like focusing on pro-active management and best practices.
Let`s take a walkthrough
First, you`ll need a WSUS-server in your domain to serve the Fabric with the defined updates.
1. Install WSUS on the SCVMM server
2. Install WSUS on a dedicated server
3. Share the WSUS server that you`re already using with SCCM
In this walkthrough we`re going to use a dedicated WSUS server.
1. Enable the WSUS role on your Windows Server 2008 R2 via ServerManager
2. Schedule the synchronization
3. Only enable the required updates (If you only have Windows Server 2008 R2 machines in the Fabric, you`ll not need updates for Windows Server 2003/Outlook etc. So do not synchronize these ones.)
4. Install the WSUS console on your SCVMM server (download from here and install only the console)
5. Restart the System Center Virtual Machine Manager service (net stop SCVMMService / net start SCVMMService )
6. Navigate to the Fabric in SCVMM, select Update Servers, right click, and add your WSUS server. Specify the FQDN name, and the TCP port the server is listening on. If you have ran the default installation of WSUS and are using the default Web-configuration, the TCP port should be 80. Use a Run as Account or specify the required credentials to add your server to SCVMM.
7. Once the server is added, you`ll be able to manage it directly from SCVMM. (Right click the server in Fabric, and select properties. Here you can change updates classifications, products etc).
Now, you should have your WSUS server available in SCVMM.
The next steps will show you how to create Update Baselines for your resources.
An update baseline contains a set of required updates that is then scoped to an assignment such as a host group, a stand-alone host, a host cluster, or a SCVMM management server. A compliance scan that are assigned to a baseline are graded for compliance with their assigned baselines. When a computer is found noncompliant, an administrator will bring the computer into compliance through update remediation.
You can configure update baselines to host groups and to individual computers based on their role in SCVMM.
(If you move a host from one host group to another, the baselines for the new host are applied to the host)
We`re going to assign computers to a built-in update baseline:
1. In the Library pane, expand the Update Catalog and Baselines, and click on Update Baselines
You should see two built-in baselines named Sample Baseline for Security Updates and Sample Baseline for Critical Updates
2. Click Sample Baseline for Security Updates
3. On the Home page in the Properties group, click Properties. (On the left, click Updates to open the Updates page)
4. Here you can add/remove update baselines from the baselines that are listed.
5. Click Assignment Scope to open the Assignment Scope and select host groups, host clusters, and computers to add to the baseline. All computers are represented by the roles they have in SCVMM. To apply a baseline to all hosts, you have to select the All Hosts root host group.
6. Click OK to save the changes you`ve made.
You can also create a new update baseline in SCVMM.
Repeat step 1 and in the Home page in the Create group, click Baseline so the Update Baseline Wizard starts. This wizard will take you through the required steps to build a baseline and let you select the updates you want. Create the baseline and select the correct Assignment Scope for the updates (Hyper-V updates for Hyper-V hosts, and so on).
If you`ve done this right, you should be able to see the update baseline in the Library pane, expand Updates and Baselines Catalog, and then click Baselines.
Now, let`s navigate back to the Fabric, and check if our resources are compliant.
1. Select a Host group, click the Home tab, and select a host.
2. Click Compliance and initiate a Scan with the scan button.
3. If some of the hosts are not compliance, select Remediate.
4. SCVMM will now initiate an orchestrated workflow which:
1. Start maintenance mode (Live Migrate VMs to other nodes in the Hyper-V Cluster)
2. Install updates
3. Reboot computer
4. Check if the computer is compliant
5. Stop maintenance mode
6. Repeat all the 5 steps on each and every node in the cluster.
Brilliant! Now I can spend more time in the TechNet Forums and on twitter :-)