We’re using Microsoft Azure Automation Update Management to facilitate and automate updates for on-premises servers that provide Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP), and IP address management (IPAM) services internally here at Microsoft. Our solution allows us to monitor the compliance of our servers and deploy updates as they become available. Update Management provides an automated, efficient, and scalable solution that ensures these servers remain updated, available, and ready to deliver these services across the Microsoft corporate network.
On-premises network services provide the backbone for communication at Microsoft office locations worldwide. Our DDI (DNS, DHCP, and IPAM) team in Microsoft Digital, the company’s IT organization, manages about 400 hundred DNS, DHCP, IPAM, and supporting servers deployed worldwide. Our efforts ensure that critical DDI services are always available, providing a superb user experience for Microsoft employees using our network.
[Read our ongoing series on moving our network to the cloud.]
Migrating DDI services to Update Management
We’ve recently migrated the update and patching management of these highly available servers—primarily Hyper-V virtual machines—to Update Management in Azure Automation.
Update Management allows you to manage operating system updates for Windows and Linux virtual machines in Azure and physical or virtual machines on-premises or other cloud environments. You can quickly assess the status of available updates and manage update installation for machines reporting to Update Management.
We migrated to Update Management from a custom tool that was being deprecated and no longer supported our requirements for performing and managing updates on DDI servers. We moved to Update Management to fulfill several requirements including management automation, cloud-based deployment, and comprehensive logging and monitoring.
Our deployment uses Azure Automation Hybrid Runbook Workers and Azure Arc to onboard our DDI servers to Update Management. The extension-based worker provides interaction with Update Management services and ensures we can continually monitor the update state for all DDI servers.
Automating and streamlining updates with Update Management
Azure Automation Update Management provides a centralized interface to manage updates for all DDI servers. With Azure Automation and Azure Logic Apps, we’ve automated the majority of update activity on our servers and significantly reduced the manual intervention required to maintain updates. We use Azure Log Analytics to collect update activity for reporting and dashboarding.
Azure Automation enables us to centralize and monitor the update activity for all DDI servers. We’ve created several groups in Update Management to ensure that update processes run on the appropriate servers at the proper time and in the correct sequence. These groups allow us to ensure that servers in the same high availability groups don’t receive updates simultaneously, so the availability group can continue to provide services as Update Management sequentially updates individual servers in the group.
We’re creating and managing update sequencing and completion using the Azure Automation REST APIs and Azure Logic Apps. Logic Apps provide us with a completely controllable flow for updates. Logic Apps give us complete control over update sequencing and group update processes. We’re also using retry logic to ensure that updates are completed successfully and send notifications to our team for proactive monitoring of update processes.
Ensuring that updates run properly and only on appropriate machines can be a difficult process to automate, but scripts in Update Management enable us to gather information and check for conditions before and after updates run. These scripts ensure that updates are run only on applicable servers. Scripts also allow us to check for necessary functionality after the update is complete, such as a DNS server being able to resolve a hostname.
Our team has worked closely with the Azure Update Management product team as Customer Zero—using Microsoft products internally within Microsoft Digital. As a result, we’ve been able to provide feedback and use cases that helped the product team improve features and functionality for Microsoft customers.
Realizing the value of Update Management
Update Management has transformed the way we manage updates for DDI servers. It has radically reduced the manual effort required of our on-call engineers, freeing them to focus on more critical areas that require their intervention.
The centralized management available in Update Management Center enables us to understand the state of updates across all DDI servers immediately. Our solution notifies our engineers of all important Update Management activities, and they can quickly identify failed updates, in-process updates, and completed updates for multiple scopes.
We can capture information about the Update Management environment using the logging and dashboarding capabilities in the Update Management Center, and observe current and point-in-time status for all servers and groups. Compliance status is also immediately available.
We’re excited to continue improving our processes using Update Management for our DDI servers, and we expect to extend functionality and offer insights to other areas of our enterprise where Update Management can provide the same benefits to Microsoft Digital teams. Here are some tips for getting started at your company:
- Evaluate and implement Update Management. Assess current update management processes, particularly for critical services. Consider migrating to cloud-based solutions like Azure Automation Update Management, which offers automation, efficient scalability, and comprehensive logging and monitoring.
- Take advantage of automation and cloud integration. Use Azure Automation and Azure Logic Apps to automate update activities and reduce manual workload.
- Integrate Azure Automation Hybrid Runbook Workers and Azure Arc for better management of servers. This approach ensures continuous monitoring and management of updates, enhancing operational efficiency.
- Adopt advanced monitoring and compliance strategies. Implement advanced monitoring tools like Azure Log Analytics for tracking update activities and creating dashboards for better visibility. Use the capabilities of Update Management Center to understand the state of updates across all servers, ensuring compliance and efficient update deployment.
Learn how to adopt an Azure Automation Update Management Deployment Plan at your company.
- Explore our series on moving our network to the cloud.
- Learn more about Automation Update Management.
- Unpack our cloud-centric architecture transformation.
Want more information? Email us and include a link to this story and we’ll get back to you.