If you’ve supported enterprise IT solutions for as long as I have, at some point in time you have most likely witnessed The 3 Immutable Truths of IT Patch Management.  Respect these truths, and you’ll enjoy a stable, manageable datacenter environment.  Ignore these truths, and … well … let’s not even think about those possibilities! Surprised smile

The 3 Immutable Truths of IT Patch Management

  1. All software requires patch updates from time-to-time.
     
  2. All hardware requires firmware updates from time-to-time.
     
  3. If you attempt to dismiss #1 or #2 as being irrelevant to you, you may soon know well one of my favorite quotes:
     
    Quote

Once we’ve accepted these 3 truths … the questions we have at-hand in enterprise IT management are notWhy apply patches?norHow many patches?” And, certainly, we don’t want to be in a situation where we are asking ourselves “How long can I go without applying patches?

Ugh! Those questions quickly lead down a path that could be a recipe for datacenter disaster!

Rather, the relevant question at-hand is … How do I implement an orchestrated patch management solution that provides my datacenter with continuous application availability while ensuring compliance with the latest set of necessary patches?

Orchestrated Patch Management is a “Must Have”!

Certainly, the value of orchestrated patch management rings very clearly today with the IT Pros in my community – many of them have implemented heavily-virtualized Private Cloud environments, and applying patches is one of the processes that they have automated into an “almost non-event” in their environments. 

The importance of orchestrated patch management is particularly high when we consider patches that may apply to the hypervisor itself.  Let’s face it … while all modern bare-metal hypervisors have a tiny footprint compared to their Type-2 hypervisor ancestors, hypervisors are still software and, as such, still have patch management that must be tended to ( remember, Truth #1 above ).  Since virtualized application workloads run on top of a hypervisor, this tags hypervisor patch management as a high priority in most environments - regardless of the hypervisor being deploying.

In fact, this is one of the reasons that we’ve included Cluster Aware Updating (CAU) as a core foundational feature in Windows Server 2012 and Hyper-V Server 2012, our completely FREE enterprise-grade bare-metal hypervisor. 

By leveraging CAU, you can quickly configure an automated patch management process that easily integrates with your Hyper-V Host Cluster to patch your Hyper-V Hosts in an orchestrated manner, host-by-host, across your entire cluster. During this cluster-aware patching process, CAU leverages Live Migration to safely move running VM’s between Hyper-V Hosts so that availability of your virtualized application workloads is maintained throughout the cluster-wide patching process.  

Wait! Cluster Aware Updating is FREE with Hyper-V?

That’s correct! Unlike other virtualization vendors, we believe that orchestrated patch management is a core “table-stakes” component for an enterprise-class virtualization solution.  As such, CAU is included with Windows Server 2012 and Hyper-V Server 2012 without purchasing any additional management licenses.

How does Cluster Aware Updating work?

To gain a better understanding of how Cluster Aware Updating works, spend a few minutes watching this great video from Jeff Alexander, one of my fellow Technical Evangelists in Australia.

WATCH IT: Cluster Aware Updating in Windows Server 2012 and Hyper-V Server 2012

Is Cluster Aware Updating a UNIQUE Patch Management Process to Hyper-V?

Actually, no! Cluster Aware Updating (CAU) extends cluster-safe awareness to the tried-and-true Windows Server Update Services (WSUS) role that has been available over the last several releases of Windows and Windows Server. In addition to supporting seamless Hyper-V host patching, CAU also provides this same patch orchestration for ALL workloads that leverage Windows Server Failover Clustering. 

This means that you can use one consistent patch management process that orchestrates patch management across Hyper-V Hosts, clustered application workloads and non-clustered application workloads with ease.  The patch management process will be consistent across hosts and applications, meaning that you don’t have to implement and train your IT team on multiple discrete patch management solutions for each software component in your datacenter architecture.

Does Hyper-V Server 2012 Require Fewer Patches?

Yes, indeed! Hyper-V Server 2012 hosts will certainly have significantly fewer patches to manage, because Hyper-V Server 2012 is optimized for running only the Hyper-V role. As such, these hosts don’t require patches intended for the other roles and features that are present in full editions of Windows Server 2012 or Windows Server 2012 Server Core.

Continuous Availability and Lower Operational Costs

Net result for your IT team? Continuous availability of your key application workloads, less operational costs and time spent applying and managing patches, and more time available for concentrating on the strategic aspects of your IT projects.

But, don’t take my word for it! Instead of producing pre-engineered “science project-like” studies that attempt to illustrate operational cost efficiencies in an isolated lab environment, I most highly value the real-world results that our customers have seen in operational cost reductions.  I encourage you to spend a few minutes to review a few of our customer success stories to understand how they’ve realized significant operational cost reductions by leveraging features like Cluster Aware Updating in Windows Server 2012 and Hyper-V Server 2012. 

The value of evaluating real-world results is particularly strong when assessing operational costs, because “soft costs” like these are often difficult to “calculate” in any realistic form within the confines of a lab report.

Just a few of the many real-world Windows Server 2012 Hyper-V customer success stories to explore …

And more … Check out additional Windows Server 2012 Hyper-V Customer Success Stories on our Server and Cloud portal site.

My Hypervisor Vendor Says They Have 0 Patches!?

Hogwash! Remember Truth #1 above?  In over 20 years in IT, I haven’t seen a hypervisor or other software solution that doesn’t have patches to manage.

Verify the facts ... Check out the truth for yourself with the Additional Resources at the end of this article.

Ready to Get Started with Cluster Aware Updating?

Great! To get started with Cluster Aware Updating, be sure to leverage these prescriptive Step-by-Step Guides:

  1. Download: Windows Server 2012 R2 Evaluation Kit
     
  2. Step-by-Step: Getting Started with FREE Hyper-V Server 2012
     
  3. Step-by-Step: Building a FREE Hyper-V Sever 2012 Host Cluster – Part 1
     
  4. Step-by-Step: Building a FREE Hyper-V Server 2012 Host Cluster – Part 2
     
  5. Step-by-Step: Implementing Cluster Aware Updating
     
  6. Step-by-Step: Super-fast Failovers with VM Guest Clustering in Hyper-V Server 2012
     
  7. Step-by-Step: Migrating to FREE Hyper-V Server 2012 from VMware

You can also catch-up on the rest of our VMware or Microsoft? series at:

Additional Resources

Leverage the resources below to validate Truth #1 in IT Patch Management – all software from all vendors, including hypervisors, need patch management as a key ingredient in your enterprise datacenter recipe. 

Then … jump into the Step-by-Step Guides above to get started with building your continuously available datacenter with Hyper-V Server 2012, Clustering and Cluster Aware Updating!