In today’s world, security is paramount. Microsoft is committed to ensuring your Azure Stack environment stays both secure and functional – as it delivers consistency to build and deploy applications using the same approach, APIs, DevOps tools, and portal, as you use for Azure.
Azure Stack operators must be able to safely and reliably update their Azure Stack infrastructure, while at the same time, provide highly-available, mission-critical services to their customers. Updates can range in scope from software to firmware, across core components of the system. The update process must be easy and predictable, allowing customers to focus on other aspects of their business.
How do Azure Stack operators determine where to download updates, how to apply them, what order to apply them in, who to call if there is problem, ensure minimal disruptions or determine maintenance window durations? Enter the Update resource provider, an integral part of Azure Stack.
What we built
Azure Stack has a built-in, dependency-aware orchestration engine that allows Azure Stack operators to import, run and monitor updates for Azure Stack. No additional tooling, internet connectivity or integration is required. Operators simply download the updates for Azure Stack, then import and run them using the Update tile in the Administrator portal during a pre-defined maintenance window. The fully-native Update resource provider will ensure updates are applied across all physical hosts, Service Fabric applications and runtimes, as well as all infrastructure roles.
Using the Update tile is easy, and managing updates from the administrator portal is a simple process. Operators navigate to the Updates tile to:
- View important information, such as the current cloud version
- Install available updates
- Review update history for previously installed updates
- View the cloud’s current OEM package version
As you can see below, an Azure Stack operator has downloaded and imported an update into Azure Stack that has been processed by the Update resource provider and is ready to be installed.
As updates are installed, an operator can easily view high-level status as the update process iterates through various subsystems in Azure Stack. Example subsystems include physical hosts, Service Fabric, infrastructure virtual machines, and services that provide both the administrator and user portals. High-level logging can be easily viewed during the update process using the “Download full logs” button from the Update run details blade.
Throughout the update process, the Update resource provider will report back to the operator additional details about the update, such as the number of steps that have succeeded, as well as the number in progress.
Once completed, the Update resource provider provides a “Succeeded” confirmation to the operator informing them that the update process has been completed and how long it took. From there, operators can view information about all updates, available updates or installed updates using the filter as seen below. Should the update fail to apply, the Update will report as “Needs attention” and will, in most cases, require a support ticket to be initiated. Use the “Download full logs” as indicated above to get a high-level status of where the update could have failed. In most cases, using the Azure Stack log collection will help facilitate diagnostics and troubleshooting.
Customers can expect updates for Azure Stack to release at least monthly – and while Microsoft strongly encourages installing the updates as soon as possible, we understand there may be circumstances where updates are unable to be installed. In this case, customers can defer updates for up to three months to stay within our support boundaries. Please note, the updates for Azure Stack are non-cumulative and must be installed sequentially, so plan on extended maintenance windows under these circumstances.
Firmware updates, provided by the OEM, will be updated outside the Update resource provider. Similar to software updates provided by Microsoft, maintenance windows will be strongly recommended. Contact your Azure Stack OEM for more information on firmware updates for Microsoft Azure Stack.
For more information about managing updates in Azure Stack, see the Manage updates in Azure Stack section of our online documentation. Also if you are heading to Microsoft Ignite, drop by the Updating and Servicing Microsoft Azure Stack session (THR3007R2). For more information on our support policy, visit the Azure Stack product lifecycle policy page.