2. about the speaker
• Engineer @ Wortell
• Focus on:
• System Center Virtual Machine Manager
• System Center AppController
• Server virtualization
• Blog: www.hyper-v.nu | blogs.wortell.nl
• Twitter: @myhyperv | @hypervnu
• Mail: maarten.wijsman@wortell.nl
3. Cluster Aware Updating (CAU)
Update orchestration across all nodes in a cluster
• Windows Server 2012 only & available in the box
• No intended to reinvent Windows Updating & Patching
• Ability to preview, apply & reports on updates for a cluster
Two modes: Self-updating & Remote-updating
• Workload reduction through increased automation > Self-updating
• Needed where closer administrator attention is preferred or warranted > Remote-updating
Extensible
• Integrate with your patching tools with plug-ins (API)
• Two inbox plug-ins: Windows Update & hotfix plug-in
• Per-node pre-update and post-update scripts
5. Plug-ins & Supported Update Types
CAU ships with two plug-ins
1. Windows Update Plug-in
• Installs GDRs* => From Windows Update Or WSUS
2. Hotfix Plug-in
• Installs QFEs** from a SMB 3.0 file share
• 3rd party updates such as BIOS & Firmware Updates
from a SMB 3.0 File Share
*GDR = General Distribution Release | **QFE = Quick Fix Engineering (nickname for hotfix)
6. CAU overview
Microsoft Update Services
Windows Server 2012
You, Cluster Admin (RSAT) File Server (SMB 3.0) Dedicated WSUS server
Windows Server 2012 Hyper-V clusters | nodes 1 - 64
7. 1. Moves thetorestart if of updated the node same process
2. Places the node nextnecessary into maintenance mode
6. Restores a clustered roles off complete the
4. Performsthethe out updateson node being updated
5. Brings the required node to the mode
7. Proceeds
3. Installs being maintenance
clustered roles
Cluster Aware Updating Process
Microsoft Update Services
Windows Server 2012
You, Cluster Admin (RSAT) File Server (SMB 3.0) Dedicated WSUS server
Windows Server 2012 Failover Cluster
8. Self-Updating Mode
Microsoft Update Services
Windows Server 2012
You, Cluster Admin (RSAT) File Server (SMB 3.0) Dedicated WSUS server
CAU UC
Windows Server 2012 Failover Cluster
9. Remote-Updating Mode
Microsoft Update Services
CAU UC
Windows Server 2012
You, Cluster Admin (RSAT) File Server (SMB 3.0) Dedicated WSUS server
Windows Server 2012 Failover Cluster
11. Hotfixes Folder CAU Hotfix Root Folder
Structure & Security CAUHotfix_All
Hotfixes applicable to all nodes
DefaultHotfixConfig.xml MySwUpdateType
Special software updates
<ExtensionRules>
<Extension name="MSI"> < Node Name 1 >
<Extension name="MSU"> Hotfixes applicable to < Node Name 1 >
<Extension name="MSP"> MySwUpdateType
Special software updates
<FolderRules>
<Folder name="MySwUpdateType" alwaysReboot="true"> < Node Name N >
Hotfixes applicable to < Node Name N >
MySwUpdateType
Special software updates
12. “Hotfix” Support Internals
• Rich/extensible Hotfix installation
– Microsoft QFEs, or third-party driver updates, or even Firmware/BIOS updates…
• Select hotfix behavior at start. Two key inputs:
1. Root Folder: on an SMB File Share
2. Configuration xml file: defines the Rules
System32WindowsPowerShellv1.0ModulesClusterAwareUpdatingDefaultHotfixConfig.xml
• Configuration Rules are the key to flexibility
– Easy to specify new Rules
» hotfix installer name, install options, reboot behavior, return values etc.
13.
14.
15. NTFS permissions CAUFile SHARE
• First you’ll need to do your home work as described in the TechNet
article
• But that doesn’t quite cover it
• Adjust NTFS Permissions on the CAU Share
– Give cluster node computer accounts (or an AD group containing them, which
makes for easier administration) Read/Execute permission to the location
– If Not => they can’t run the DUPs.
16.
17. NTFS permissions Log File
• DUPs allows logging with /L switch
• Locally (per node) or to central share
• Must use another share than the CAU Share:
– Need to give the computer accounts (or an AD group containing them, which makes for easier
administration) write permission to the location
– You’re not allowed to do that for other then specific accounts as described on TechNet
• The log can grow quite large if used a lot
– Keep an eye on it
– For clarities sake use different log per cluster or folder type
Moves the clustered roles off the node being updated Places the node being updated into maintenance modeInstalls the required updates (this depends on the source that you choose) Performs a restart if necessary Brings the node out of maintenance mode Restores the clustered roles on the node Proceeds to the next node to complete the same process
Leverages a CAU cluster role that is resilient to planned and unplanned failuresRequires no real-time user attentionInstalls updates on a custom scheduleCAU Update Coordinator process runs on a clustered nodeGet-CauClusterRole <CLUSTER NAME>Get-CauClusterRoleDEMO-VCL01Get-CauClusterRoleDEMO-CL01
CAU Update Coordinator process remotely connects to the clusterUser-initiated Updating Run, allowing real time monitoringRich progress updatesMinimal Server Core (no .Net or PS dependency) on nodes
Strict ACL Checking (Optional)Kerberos Mutual Authentication (Required)Data integritychecking (Required)SMB Signing or SMB EncryptionPrivacy with SMB Encryption (Optional)SMB Encryption is new in Windows Server 2012
How CAU Plug-ins Workhttp://technet.microsoft.com/en-us/library/jj134213.aspx