VMM 2012 perform patch for virtualization infra? Are you sure?
Guess this is finally come true. As least for me. In most corporate organization, they tend to deploy SCCM or WSUS to patch Microsoft system. But then, when I ask “How often do you deploy patch for your Virtualization Infrastructure especially Hyper V Host?”
The answer is “Never or not sure”. Gosh…why?
1. Well, I’m not sure if I have perform patch or which patch on Hyper V machine. or
2. Not my scope of work. This job is handle by SCCM team.
When we check with SCCM team, I ‘m quite surprise that they never deploy a patch for the Hyper V host because no extra/special request on it.
Sound familiar, right !
Now with VMM 2012, you can perform this job without consult SCCM team.
At this moment for 1st version of VMM 2012, the system is rely on WSUS. You need to deploy WSUS on another location or same server as VMM 2012. If you deploy WSUS on remote computer, make sure you install WSUS Administration Console on VMM server. To get this, please download WSUS 3.0 SP2 from this link. On remote server which you use to install WSUS, just select WSUS on features which available in Windows Server 2008 R2.
Once complete the installation, do not configure extra settings except Hyper V OS and product languages. Uncheck other products and language which is not related to virtualization infra. Just remember your objective is to patch VMM Server,Library Server, Update Server and Hyper V hosts.
On VMM 2012 server, go to Fabric | Select Update Server | Right click and select Add Update Server.
Fill up the information of your WSUS server and enter the correct credential.
Once added, click on Properties and configure additional setting for your WSUS server.
Then. perform Update synchronization by right click the update server and select “Synchronize” or just click on the ribbon.
Next is configure update baseline. Proceed to click Library | Update Catalog and Baseline | Update Baseline. Two sample baseline has created : Critical and Security Update baseline.
Select the baseline, click Properties and select Updates
You can deselect/ hide the update column. Just right click on the highlighted.
Then, remove unwanted windows update. For example: Itanium server update. Make sense to remove Itanium update because Hyper V cannot run on Itanium server.
Once you have complete, click on Assignment scope to start assign the update to relevant servers.
Click Ok and repeat the same step for Security Update.
Now at this stage, you have complete the installation and assignment. Next step is Scan the server for compliance.
1. Click on Fabric workspace, select Servers and click SCAN (on the ribbon).
Make sure the server has Compliant status. Any server which is not compliant, just click Remediate.
More options is available for update management. Give it a try and make your life easy and the most important is “Get Passed when audit time”.
a) Patch only to VMM Server, Library Server, Update Server and Hyper V Host.
b) Not applicable to patch guest virtual machine. You still require to use SCCM to patch your virtual machine.