1 / 43

Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS

WSV322. Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS. Mallikarjun Chadalapaka Senior Program Manager Microsoft Corporation. Erin Chapple Partner Group Program Manager Microsoft Corporation. Session Overview.

garrison
Download Presentation

Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WSV322 Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS MallikarjunChadalapaka Senior Program Manager Microsoft Corporation Erin Chapple Partner Group Program Manager Microsoft Corporation

  2. Session Overview • Updating continues to be an important investment area for Windows Server and our customers • Windows Server 2012 contains several enhancements to Windows Server Update Services (WSUS) • Increasing demand on server availability • Introduction of Cluster-Aware Updating (CAU) extends WSUS functionality to enable Zero Service interruption

  3. Windows Server Update Services What’s new in Windows Server 2012

  4. Most Deployed Update Solution in the World! 1+ Million 60+ Million Double • WSUS servers synching against Windows Update • Clients managed by WSUS • Adoption rate of WSUS 3.0 Service Pack 2 over previous release Data based on Opt-in Option to WU/MU reporting

  5. What have we heard from customers? • Difficult to automate WSUS installation and configuration • Not delivered in-the-box • Separate WSUS Setup UI (versus integration with Server Manager) • Many steps manual, e.g. Running WSUS Cleanup • Desire for increased security between Windows Update and WSUS

  6. What’s New with WSUSServer Manager Integration • WSUS now ships with Windows Server 2012 • WSUS setup is fully integrated with the Server Manager UI • Installation options: • local machine • remote machine • to a VHD

  7. What’s New with WSUSPowerShell Support • 12 new cmdlets for common administration tasks • Supported scenarios: • Getting the list of Product WSUS supports • Setting the updates for which WSUS should sync updates • Running WSUS Cleanup • Approving Updates • Allows much simpler automation of basic WSUS tasks

  8. What’s New with WSUSEnhanced Security • WSUS has been enhanced to verify files were not modified during download from WU using SHA256 hashes • Windows 8 Windows Update Agent has been enhanced to use SHA256 • Windows 8 file signature verification has been enhanced to use SHA256 for Windows Components • Overall, system administrators can be more confident that updates are being delivered without tampering

  9. demo Installing and Managing WSUS using PowerShell Name Title Microsoft Corporation

  10. What is CAU? Context, Introduction, Install & Update Types

  11. CAU: Motivation & Introduction • #1 customer ask: Continuous Availability of clusters across Patch Tuesdays • Continuous Availability: survive planned moves or unplanned failures without errors, without losing data & while performing well at scale • CAU with Continuously Available workload Zero service impact, e.g., • Hyper-V (Live Migration) • File Server (Transparent Failover) • CAU is end-to-end cluster update orchestration • without impacting service availability

  12. Positioning CAU Cluster-Aware Updating (CAU)

  13. What is CAU? Apply updates on this cluster • Single-click launch of cluster-wide updating operation • Or a single PS cmdlet • “Updating Run” • Physical or VM clusters • CAU scans, downloads and installs applicable updates on each node • Restarts node as necessary • One node at a time • Repeats for all cluster nodes • Customize pre-update & post-update behavior with PS scripts Updating Run kick-off CAU Windows Update or WSUS . . . Resuming & Failback Draining the node . . . Node 1 Windows Server failover cluster Node n

  14. CAU ≠ Reinventing Server Patching Good News: None of these is changing with CAU! CAU is about update orchestration across the cluster

  15. Update types • Updates (GDRs) from Windows Update or WSUS • Hotfixes (QFEs) from a local File Share • Simple customization that installs almost any software update off a local File Share **GDR = General Distribution Release **QFE = Quick Fix Engineering (nickname for hotfix)

  16. Installing & Launching • Install clustering, and you are set for CAU! • Integration with Failover Clustering • Feature • Tools • Installation • Launch CAU GUI from Server Manager-Tools, or from Failover Cluster Manager

  17. CAU Deep-dive Automation, Modes, Self-updating, Hotfix internals

  18. Cluster Update Automation with CAU Run options • “Run Books” = IT process recipes • E.g. “Cluster Patching” • CAU is automation of your Cluster Updating Run Book • With CAU, clusters are easier to own, update and report on • Designed to leave the cluster with the same workload distribution as at the start Cluster-Aware Updating GUI Cluster-Aware Updating Windows PowerShell cmdlets Node workflows Cross-workflow coordination business logic Cluster workflows . . Exception workflows “Update Coordinator” Failover Cluster

  19. Self-Updating Mode • Requires no real-time user attention • CAU Update Coordinator process runs on a clustered node • Installs updates on a custom schedule • Cluster-in-a-box appliances (hint: branch office scenarios) CAU Update Coordinator Node 2 Node 1 Failover Cluster Node 3 Node 4

  20. Self-Updating Internals • Adds CAU clustered role • Just like any other clustered workload • Resilience to planned and unplanned failures • Not mutually exclusive with on-demand updating • Analogy: Windows Update scan on your PC with AU auto-install • But possible conflicts with Updating Runs in progress • “Configured, but on hold” functionality • Compatible with VCO Prestaging **VCO= Virtual Computer Object

  21. Remote-Updating Mode • CAU Update Coordinator process remotely connects to the cluster • User-initiated Updating Run, allowing real time monitoring • Rich progress updates • Minimal Server Core (no .Net or PS dependency) on nodes Node 1 Node 2 CAU Update Coordinator Failover Cluster Node 3 Node 4

  22. Which Mode When?

  23. “Hotfix” Support Internals • Rich/extensible Hotfix installation • Microsoft QFEs, or third-party driver updates, or even Firmware/BIOS updates… • Select hotfix behavior at start. Two key inputs: • Root Folder: on an SMB File Share • Configuration xml file: defines the Rules • Configuration Rules are the key to flexibility • Easy to specify new Rules • hotfix installer name, install options, reboot behavior, return values etc.

  24. Hotfixes & Security Hotfix ConfigFile Extension Rules <MSU> <MSI> <MSP> Folder Rules <MySwUpdateType> • Strict ACL Checking (Optional) • Kerberos Mutual Authentication (Required) • Data integrity checking (Required) • SMB Signing or SMB Encryption • Privacy with SMB Encryption (Optional) • SMB Encryption is new in Windows Server 2012 CAU Hotfix Root Folder CAUHotfix_All Hotfixes applicable to all nodes MySwUpdateType Special software updates <Node Name1> Hotfixes applicable just to <Node Name1>

  25. demo Continuous Availability with CAU Mallikarjun Chadalapaka Senior Program Manager

  26. CAU Demo Setup Windows Server 2012 File Server Cluster Node 1 Node 2 Demo Objective • SQL app should continue to operate on database stored on an SMB CA (Continuously Available) Share…… • while we update the File Server cluster with CAU Cluster-Aware Updating SMB CA Share SQL Database Database Server

  27. Using & Extending Relating, Building on, and Extending, Deployment

  28. CAU across deployments

  29. Perspectives • With CAU, I can: • Update multiple clusters in parallel • “Tap into” a Run in progress • Deliver on my SLAs with Josh! • With CAU and CA workloads: • No negotiation on planned downtime • No updating-forced downtime • No complex contingency planning Ted, Cluster administrator Josh, LOB app owner

  30. Building on CAU cmdlets Multi-cluster “Patch Tuesday” workflows E2E data center provisioning workflows Cluster-Aware Updating (CAU) PS cmdlets Service Desk and other ITIL automation workflows Check out the PS cmdlet help reference for all other CAU cmdlets.

  31. Extending CAU to work with your patch Solution “Update Coordinator” Windows Server 2012 computer • “Plug-in” is functionality that can be added on to shipping feature • Get-CauPlugin • Register-CauPlugin • Unregister-CauPlugin • Plug-in: looks for, downloads and installs a specific type of update (e.g. hotfix MSU) • Typically needs an installation tool (e.g. WUA) • CAU ships with two plug-ins • Windows Update: Installs GDRs • Hotfix: Installs QFEs and 3rd party updates • It is easy to add new Plug-ins to extend CAU • Plug-in API: http://msdn.microsoft.com/en-us/library/hh418084(VS.85).aspx • Plugin Sample: http://code.msdn.microsoft.com/windowsdesktop/Cluster-Aware-Updating-6a8854c9 • How CAU Plug-ins work:http://technet.microsoft.com/en-us/library/jj134213 Cluster-Aware Updating (CAU) core CAU Plug-in API Custom 3rd Party Plug-in Windows Update Plug-in Hotfix Plug-in Cluster Node Cluster Node Clustered Role Cluster Node Custom 3rd Party tool SMB CA File Server SMB CA File Server Clustering Clustering Clustering Windows Server 2012 Failover Cluster CAU WMIv2 Provider WUA CAU WMIv2 Provider WUA CAU WMIv2 Provider WUA

  32. Mix and match Plug-ins • One CAU plug-in one update “type” (GDR, Hotfix,…) • Why? • Installing multiple types in one Run  faster; fewer reboots • New “RC” feature based on customer feedback • Examples: • Invoke-CauScan-ClusterName CONTOSO-FC1 -CauPluginNameMicrosoft.WindowsUpdatePlugin, Microsoft.HotfixPlugin-CauPluginArguments@{}, @{ 'HotfixRootFolderPath' = '\\CauHotfixSrv\shareName'; 'HotfixConfigFilePath' = '\\CauHotfixSrv\shareName\DefaultHotfixConfig.xml' } -RunPluginsSerially-Verbose • Invoke-CauRun -ClusterName CONTOSO-FC1 -CauPluginNameMicrosoft.WindowsUpdatePlugin, Microsoft.HotfixPlugin -CauPluginArguments @{ 'IncludeRecommendedUpdates' = 'True' }, @{ 'HotfixRootFolderPath' = '\\CauHotfixSrv\shareName'; 'HotfixConfigFilePath' = '\\CauHotfixSrv\shareName\DefaultHotfixConfig.xml' } -MaxRetriesPerNode 2 -StopOnPluginFailure –Force • Options: RunPluginsSerially, StopOnPluginFailure, SeparateReboots

  33. Deployment Considerations - 1 • CAU supports only Windows Server 2012 clusters • Can be installed on Windows 8 Client RSAT package • Make CAU the only tool updating the cluster • Concurrent updates by other tools: e.g., WSUS, WUA, SCCM might cause downtime • For a WSUS-baseddeployment: • WSUS 4.0: needs a workaround with Beta builds (only) http://social.technet.microsoft.com/wiki/contents/articles/7891.how-wsus-and-cluster-aware-updating-are-affected-by-windows-server-8-beta-updates.aspx • WSUS 3.0SP2 (on W2K8R2): not yet compatible with Windows Server 2012

  34. Deployment Considerations - 2 • System (not admin user) http proxy must be set-up • CAU WMIv2 provider needs system http proxy for patch downloads • Netshwinhttp set proxy <proxy-IP>:<port> "<local>" • Nodes configured for remote management: • "WINRM QUICKCONFIG -q" • Default for servers • Think about firewalls on nodes! • Windows Firewall Beta (or non-Windows firewall): create a firewall rule and enable it for domain-scope, wininit.exe program, dynamic RPC endpoints, TCP protocol • Windows Firewall RC: Enable the "Remote Shutdown" firewall rule group for the Domain profile, or pass the “-EnableFirewallRules” parameter to Invoke-CauRun, Add-CauClusterRoleor Set-CauClusterRolecmdlets • Make sure GPOs agree

  35. Cluster-Aware Updating: Summary • CAU ships in Windows Server 2012 – CAU previews, applies, and reports on updates for a cluster, through cluster-wide orchestration • Ships with a rich set of PS cmdlets and a powerful GUI. • Two modes of operation: Self-updating & Remote-updating • Self-updating: offloading administrators comfortable with increased automation, and to enable branch-office scenarios; updating itself is resilient • Remote-updating: targeted for traditional scenarios where closer administrator attention is preferred or warranted • Extensible • Integrate with your patching tools with new plug-ins • Use for new scenarios with hotfix plug-in • Per-node pre-update and post-update scripts

  36. For More Information • CAU: Understand and Troubleshoot Guide: http://www.microsoft.com/download/en/details.aspx?id=29015 • CAU Scenario Overview: http://technet.microsoft.com/en-us/library/hh831694.aspx • CAU Windows PowerShell cmdlets • ‘Update-Help’ downloads the full cmdlet help for CAU cmdlets • Online: http://go.microsoft.com/fwlink/p/?LinkId=237675 • Starting with Cluster-Aware Updating: Self-Updating: http://blogs.technet.com/b/filecab/archive/2012/05/17/starting-with-cluster-aware-updating-self-updating.aspx

  37. Related Content • Breakout Sessions (session codes and titles) • WSV328, The Path to Continuous Availability with Windows Server 2012 • WSV303 Windows Server 2012 High-Performance, Highly-Available Storage Using SMB • WSV324 Building a Highly Available Failover Cluster Solution with Windows Server 2012 from the Ground UP • How to Increase SQL Availability and Performance Using Window Server 2012 SMB 3.0 Solutions • WSV310 Windows Server 2012: Cluster-in-a-Box, RDMA, and More • WSV410 Continuously Available File Server: Under the Hood

  38. SIA, WSV, and VIR Track Resources #TE(sessioncode) Talk to our Experts at the TLC Hands-On Labs DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver DOWNLOAD Windows Azure Windowsazure.com/ teched

  39. Resources Learning TechNet • Connect. Share. Discuss. • Microsoft Certification & Training Resources http://northamerica.msteched.com www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  40. Complete an evaluation on CommNet and enter to win!

  41. MS Tag Scan the Tag to evaluate this session now on myTechEd Mobile

  42. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related