As you may already know, you have the ability to automatically deployed updates on virtual machines running on Azure (for both Windows and Linux operating systems).
Well, while this helps you managing and controlling your virtual machines update process, you did not had control on the host update process, meaning for Azure Dedicated Host or isolated VM you may had experience a short/temporary service disruption.
The good news is now you can better manage this by using the new maintenance control for platform updates feature (now in preview), allowing you to control impactful updates on the underlying host by either (up to 35 days delay)
- if the maintenance does not require a restart, temporarily paused the virtual machine while the host is being updated or live migrate it to an already updated host
- if the maintenance do requires a restart, to get notified and then be able to manage your self the update within the time window provided
This new feature is particularly interesting for highly sensitive to disruption workloads running on Azure Dedicated Host or single/isolated VM.
This is not (yet?) available for workloads deployed on shared hosts.
The principle is to create a maintenance configuration and associate it with your resources and then manage the maintenance
To start using this feature, you will need to use either Azure PowerShell, Az Cli, Rest API, .Net or Azure SDK; this is not yet available through the portal (you can know more about the maintenance for Azure virtual machine here https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates).
You need first to get the Az.Maintenance PowerShell module using the command
Install-Module -Name Az.Maintenance –AllowPrerelease
- You will need to create a resource group as a container for the maintenance configuration; this step can be performed with any of the management tools (including the portal off course); you can also reuse an existing resource group if you want
New-AzResourceGroup –Location <location of your resource group> -Name <name of your resource group>
- Create a custom maintenance configuration; the name of the configuration must unique across your subscription and located in the same region than the resource group
$config = New-AzMaintenanceConfiguration -ResourceGroup <the resource group created above> -Name <your custom maintenance configuration name> -MaintenanceScope host -Location <location – should be the same as your resource group>
You can get all maintenance configuration using the command
Get-AzMaintenanceConfiguration | Format-Table -Property Name,Id
- Assign the configuration to either the isolated VM or dedicated host
Isolated VM
New-AzConfigurationAssignment -ResourceGroupName <the resource group created above> -Location <location of your resource group> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute -ConfigurationAssignmentName $config.Name -MaintenanceConfigurationId $config.Id
Dedicated host
New-AzConfigurationAssignment -ResourceGroupName <the resource group created above> -Location <location of your resource group> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute -ConfigurationAssignmentName $config.Name -MaintenanceConfigurationId $config.Id
- Check for pending updates
Isolated VM
Get-AzMaintenanceUpdate -ResourceGroupName <the resource group created above> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute | Format-Table
Dedicated host
Get-AzMaintenanceUpdate -ResourceGroupName <the resource group created above> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute | Format-Table
- Apply updates
Isolated VM
New-AzApplyUpdate -ResourceGroupName <the resource group created above> -ResourceName <your isolated VM> -ResourceType VirtualMachines -ProviderName Microsoft.Compute
Dedicated host
New-AzApplyUpdate-ResourceGroupName <the resource group created above> -ResourceName <your dedicated host name> -ResourceType hosts -ResourceParentName <your host group> -ResourceParentType hostGroups -ProviderName Microsoft.Compute
- Remove the configuration
Remove-AzMaintenanceConfiguration -ResourceGroupName <resource group of your maintenance configuration> -Name $config.Name