Welcome to the final installment of our deep dive into Azure Arc! Throughout this series, we’ve explored how Azure Arc empowers organisations to unify hybrid environments, optimize licensing, and enhance monitoring. In Part 5, we’ll focus on Azure Arc Update Management and how you can leverage Azure Update Manager to maintain your non-Azure virtual machines. As organisations seek more efficient ways to manage updates across diverse infrastructures, Azure Arc offers a modern, streamlined solution.

Let’s unravel how to transition from traditional update management tools to a unified approach that keeps your servers secure and compliant.

The Evolution of Update Management

Managing updates for servers has always been critical for security and performance. Traditional tools like Windows Server Update Services (WSUS) have been staples in on-premises environments. However, with the growing complexity of hybrid infrastructures, there’s a need for more scalable and flexible solutions.

Challenges with Traditional Update Management:

• Complexity in Hybrid Environments: Managing updates across on-premises, cloud, and edge devices becomes cumbersome.
• Limited Scalability: Scaling WSUS to accommodate growing environments can be resource-intensive.
• Maintenance Overhead: Managing infrastructure, databases, and storage for WSUS adds operational overhead.
• Lack of Integration: Difficulty integrating with modern DevOps practices and automated workflows.

Enter Azure Update Manager with Azure Arc.

Introducing Azure Update Manager with Azure Arc

Azure Update Manager is a feature within Azure Automation that provides a unified way to manage updates for both Windows and Linux systems across hybrid environments. When combined with Azure Arc, it extends these capabilities to your non-Azure virtual machines, allowing you to manage updates from a single platform.

Key Benefits:

• Unified Management: Centralize update management for all servers, regardless of where they reside.
• Scalability: Easily scale to manage thousands of servers without the need for additional infrastructure.
• Automation and Scheduling: Automate update deployments and schedule maintenance windows.
• Compliance and Reporting: Gain insights into update compliance and generate reports.
• Integration with DevOps: Incorporate update management into CI/CD pipelines and automation scripts.

Setting Up Azure Update Manager for Non-Azure Virtual Machines

Let’s dive into how you can set up Azure Update Manager with Azure Arc to manage updates on your non-Azure virtual machines.

Prerequisites

• Azure Subscription: An active subscription with necessary permissions.
• Azure Arc-enabled Servers: Your non-Azure VMs should be onboarded to Azure Arc. Refer to Azure Arc Deployment: Mastering Installations with Scale - Part 2 of 5 for guidance.
• Network Connectivity: Outbound internet access on ports 443 and 80 from the servers to Azure services.

Step 1: Enable Update Management Center

The Azure Update Manager (formerly known as Update Management Center) is the hub for managing updates.

1. Navigate to Azure Update Manager
   • In the Azure Portal, search for Update Manager or navigate to Azure Services > Update Manager.
2. Enable Update Management
   • Select Machines from the left-hand menu.
   • Click on Get Started to enable Update Manager if it’s not already active.

Step 2: Configure Non-Azure Machines

Now, let’s configure your non-Azure virtual machines for update management.

1. Select Your Arc-enabled Servers
   • In Update Manager, go to Machines.
   • Click on Add Machines.
   • Select Azure Arc-enabled Servers from the options.
   • Choose the servers you wish to manage and click Add.
2. Install the Azure Monitor Agent
   • The Azure Monitor Agent (AMA) is required for Update Manager.
   • During the onboarding process, you’ll be prompted to install the agent.
   • Follow the on-screen instructions to deploy the agent to your servers.

Step 3: Assess Update Compliance

Understanding the current update status of your machines is crucial.

1. View Compliance Overview
   • In Update Manager, select Machines.
   • You’ll see a compliance overview indicating which updates are missing.
2. Drill Down into Details
   • Click on a specific server to view detailed information about missing updates.
   • Explore categories like Critical Updates, Security Updates, and Update Rollups.

Step 4: Create and Schedule Update Deployments

Automate the deployment of updates by creating schedules.

1. Create an Update Deployment
   • In Update Manager, select Update Deployments.
   • Click on + Create to start a new deployment.
2. Configure Deployment Settings
   • Name: Provide a meaningful name (e.g., Monthly_Patch_Deployment).
   • Machines: Select the target Arc-enabled servers.
   • Update Classifications: Choose the types of updates (e.g., Security, Critical).
   • Include/Exclude Updates: Specify any updates to include or exclude if needed.
3. Schedule Deployment
   • Time: Set the date and time for the deployment.
   • Recurring Schedule: If desired, configure the deployment to recur (e.g., monthly).
   • Maintenance Window: Define how long the deployment can run.
4. Pre-Scripts and Post-Scripts (Optional)
   • Configure scripts to run before or after the update deployment for custom actions.
5. Review and Create
   • Verify all settings and click Create to schedule the deployment.

Step 5: Monitor Deployment Progress

Stay informed about the status of your deployments.

1. View Deployment Status
   • In Update Manager, go to Update Deployments.
   • Select the deployment to view progress and results.
2. Check for Errors
   • Review any errors or issues that occurred during the deployment.
   • Use logs and detailed error messages to troubleshoot.

Step 6: Automate with Azure Policy

Ensure compliance and automate onboarding using Azure Policy.

1. Assign Built-in Policies
   • Navigate to Azure Policy in the Azure Portal.
   • Assign policies like Configure machines to automatically install the Azure Monitor Agent.
2. Automate Agent Installation
   • Policies can automatically deploy the Azure Monitor Agent to new servers.
3. Ensure Compliance
   • Regularly review compliance reports to identify non-compliant resources.

Enhancing Update Management with Additional Features

Integration with Change Management

• Azure Automation Change Tracking and Inventory can track changes on your servers, providing insights into update impact.

Alerts and Notifications

• Set up alerts to notify you of deployment successes, failures, or compliance issues.

Role-Based Access Control (RBAC)

• Use Azure RBAC to control who can view or manage updates, enhancing security.

Custom Reporting

• Utilize Workbooks in Azure Monitor to create custom reports and dashboards.

Advantages Over Traditional WSUS

While WSUS has served organisations well, Azure Update Manager with Azure Arc offers several advantages:

• Cloud-Based Management: No need to maintain on-premises update infrastructure.
• Cross-Platform Support: Manage updates for both Windows and Linux servers.
• Global Scalability: Easily scale to manage updates across global infrastructures.
• Integrated Security: Seamlessly integrate with Azure Security Center for enhanced protection.
• Cost Efficiency: Reduce costs associated with maintaining WSUS servers and storage.

Real-World Scenario

Company XYZ operates a hybrid infrastructure with servers on-premises and in multiple clouds. They traditionally used WSUS for updates but faced challenges with scalability and maintenance.

Solution with Azure Arc and Update Manager:

• Unified Update Management: Onboarded all servers to Azure Arc and enabled Update Manager.
• Automated Deployments: Scheduled regular update deployments during maintenance windows.
• Scalability: Easily managed updates across hundreds of servers without additional infrastructure.
• Enhanced Compliance: Achieved higher compliance rates with automated policies and reporting.

Outcome:

• Reduced Operational Overhead: Eliminated the need to manage WSUS servers.
• Improved Security Posture: Ensured timely deployment of critical security updates.
• Increased Efficiency: Streamlined update processes, freeing up IT resources.

Conclusion

Transitioning to Azure Update Manager with Azure Arc revolutionizes how you maintain your non-Azure virtual machines. By embracing this modern, cloud-based approach, you benefit from:

• Simplified Operations: Manage all updates from a centralized platform.
• Enhanced Security: Keep systems up-to-date with the latest patches.
• Operational Efficiency: Reduce the time and resources spent on update management.
• Future-Proofing: Adopt a solution that evolves with your infrastructure needs.

As the IT landscape continues to evolve, leveraging tools like Azure Arc ensures you’re equipped to handle the complexities of hybrid environments with confidence and agility.

Learn More

To dive deeper into Azure Update Manager and Azure Arc, explore these Microsoft Learn resources:

• Update Management Center Overview
• Manage Machines with Azure Update Manager
• Azure Arc-enabled Servers Documentation
• Use Azure Policy to Manage Resources
• Automate Azure Monitor Agent Deployment

Final Thoughts

This brings us to the end of our Azure Arc series. Throughout these five parts, we’ve journeyed through:

1. Introduction to Azure Arc: Unveiling its transformative capabilities.
2. Deployment Strategies: Mastering Installations with Scale.
3. Licensing Benefits: Maximizing Windows and SQL Server investments.
4. Monitoring Non-Azure Machines: Harnessing Azure Monitor’s power.
5. Update Management: Elevating your update strategy with Azure Update Manager.

By integrating Azure Arc into your operations, you’re not just adopting a set of tools—you’re paving the way for a unified, efficient, and future-ready IT environment. The synergy between Azure Arc and Azure services propels your organisation toward innovation and resilience.