New Models

Both Windows and Linux can be virtualized in different orientations by Microsoft Azure with the use of various prebuilt images. Azure virtual machines (VMs) can be virtualized not only in the cloud, but also directly in an on-premises data center with Azure Stack hyperconverged infrastructure (HCI), while retaining all the benefits familiar from the Azure cloud. The benefits Microsoft cites include simpler licensing, effective high availability, and a simpler update management process, all of which are discussed here.

Free Extended Security Updates

Extended Security Updates (ESUs) after the end of support (e.g., for Windows Server 2008/2008 R2 and Windows Server 2012/2012 R2) for up-to-date Azure VM operating systems have been free thus far. This point is interesting because even if companies use Windows Server 2016, they will slowly but surely have to start worrying about expiring support. Organizations migrating to Azure will therefore want to look into updating VMs right away in this context.

Even if you are not moving to the cloud, Microsoft offers customers with Software Assurance and various subscriptions the option of purchasing extended support that is valid for three years and continues to provide security updates. However, ESUs are not cheap. In the first year, 75 percent of the license fees of the current version are due, which rises to 100 percent in the second year. In the third year, costs rise to 125 percent. In comparison, if you migrate to Azure VMs, you will receive ESU security updates free of charge for the next three years, and extended support is included in the cost of ownership. This policy applies to all operating systems that are no longer supported – licenses for SQL Server 2012 and Windows Server 2012, for example, can now be used in the cloud.

Strictly speaking, organizations will benefit from the free updates if they rely on Azure VMs, Azure Dedicated Host, Azure VMware Solution, Azure Nutanix Solution, or Azure Stack HCI. Servers with Azure Stack HCI can remain in the on-premises data center, although the use of a certified solution to run Azure Stack HCI on your premises is required. You can build an on-premises cluster that is connected to Azure but running in-house. The connection to Azure does not need to be persistent if the system exclusively relies on on-premises services.

Update Management from Azure

Updating servers is not just about extended support, of course, but also about patches for current servers that you run as VMs in Azure. Microsoft offers Azure Automation Update Management, which can automate patching of servers in on-premises data centers and virtual servers in Azure and other cloud services (Figure 1). This service is ideal for Azure VMs because all services run directly in Azure and no other services are needed. Azure Update Management is also capable of updating Linux servers running as Azure VMs. The service is available free of charge, but charges are incurred if you store logs.

Figure 1: Azure VMs, VMs in other cloud services, and servers in the on-premises data center can be added to Azure Update Management.

Azure stores the monitoring agent logs for update management in Log Analytics, but you need to create your own workspace there, where the Azure Monitor data for telemetry and for logging-connected servers is written by default. The monitoring tool can perform automated queries, with the logs of the connected servers stored in Log Analytics, which will give you information about your servers, including missing updates. In turn, this information can be used by other services in Azure – Azure Update Management in this case.

Azure Monitor and Azure Update Management can be connected to create server logs and install updates at the same time. Simply put, Azure Update Management extends the capabilities of Azure Monitor to include update management. Besides Windows Server, the supported operating systems include CentOS, RHEL, and SUSE version 12 or newer, as well as Ubuntu. You cannot update Windows 7, 8.1, 10, and 11 with the tool. Microsoft recommends the use of Endpoint Manager for this.

Integrating Azure VMs

For Azure Update Management, it does not matter whether the connected computer is a physical or virtual server and whether it resides in the local data center or in the cloud. Integrating Azure VMs with Azure Update Manager is particularly easy because both resources reside in the cloud. The Updates item is available for this purpose on the Azure portal's Azure VM dashboard. You can create the link there by choosing to update with automation, and you can remove servers from update management in the same way. Azure VMs and on-premises VMs are visible in the web interface, allowing update rules to be applied by location.

One of the strengths of Azure Update Management is that it can also integrate Linux servers and verify that they are correctly configured and have all updates. The configuration is similar to managing updates for Windows servers. To integrate Linux servers, open your Azure Update Management account and click Update Management . Use Add Azure VMs to add VMs to Azure, whether these be Windows or Linux machines.

If you want to add computers outside Azure, use Add non-Azure machine . These can be physical computers or VMs in Amazon AWS or Google Cloud Platform (GCP). When adding VMs, in the new window, first select which Azure subscription and locations you want to use; then, choose the resource groups in which the servers you are currently integrating reside. At the bottom of the window, the portal shows the individual VMs in Azure; you can see which VMs are already integrated with Azure Update Management. Azure does not differentiate between the various operating systems. Selecting Enable simply adds the computers.