Microsoft Azure is a platform that keeps innovating to enhance the user experience and offer various capabilities. One of the new features that has recently emerged is Azure hotpatching. This functionality marks a significant shift in managing Windows Server VMs on Azure, especially with the optimized way of receiving and applying security patches. Recently, Microsoft has extended hotpatching support to include Windows Server with Desktop Experience.
Install Updates in Windows – Historically time-consuming
Installing Windows Updates in Windows Server has historically been a chore, taking an administrator’s time and effort. However, Microsoft has made strides in Azure to improve this, introducing a new “hotpatch” functionality in Microsoft Windows Server Azure Edition.
Before hotpatching Windows updates with reboots take a significant amount of time each month
What’s New with Hotpatching in Desktop Experience
Previously, Microsoft had only supported hotpatching in Windows Server 2022 Datacenter: Azure Edition (Core). Now, with the recent announcement, administrators will be excited to know they can now, in Preview, have this functionality in the Desktop Experience.
Hotpatching for Windows Server with Desktop Experience brings a new level of innovation and capability that improves the overall functionality and management of virtual machines on Azure. This new method of handling updates has been integrated into the Desktop Experience installation mode of the Windows Server Azure Edition, making server management more efficient and user-friendly.
The hotpatching capability now in Windows Server in Server Core and Desktop Experience installation modes provides an optimized environment to apply the monthly security patches without a reboot. This rebootless update method is a true game-changer, preserving the running processes, reducing downtime, and enhancing overall availability.
No Reboot Required
Perhaps the most significant improvement with hotpatching in Desktop Experience is applying updates without rebooting. Traditional server patch management requires a server reboot to ensure the new code is loaded into the system after installing updates.
Hotpatching in Desktop Experience changes this process. It allows for installing security patches and cumulative updates to occur while the server continues to run, maintaining uptime and reducing service disruptions.
Preservation of the Running Processes
Another new and welcome feature with hotpatching in Desktop Experience is preserving running processes during updates. In the past, installing updates might interrupt running processes or require services to be temporarily stopped serving out business-critical applications.
With hotpatching, the security patches are applied to the running system without disrupting the operating system or the apps it hosts. It is a key feature for businesses that require high availability from their applications and services.
Increased Efficiency and Security
Hotpatching in Desktop Experience also offers increased efficiency and enhanced security. The traditional update process could be time-consuming, especially with the associated downtime. But, with hotpatching, updates can be applied quickly, efficiently, and securely, reducing the window of vulnerability between the release of a patch and its application. This functionality is particularly critical given the rise of cybersecurity threats targeting known vulnerabilities in software.
Enhanced User Experience
Windows Server Azure Edition Desktop Experience has been designed to bring a more familiar and user-friendly environment to server management. Users get the familiar look and feel of a Windows desktop, including access to the Start menu, with the added benefits of cloud functionality.
With hotpatching, this environment becomes even more powerful and efficient, reducing downtime, maintaining productivity, and creating a smoother, more efficient cloud journey.
Windows Server Azure Edition
Windows Server Azure Edition images, including the Windows Server 2022 Datacenter Azure Edition, offer an array of enhanced capabilities to optimize your cloud services. With Server 2022 Datacenter Azure Edition and Azure Stack HCI, you can harness cloud innovations within your on-premises environments, bringing the flexibility of Azure to your data center.
Azure hotpatching isn’t the only enhanced feature available with Windows Server Azure Edition. Azure Extended Network, Azure Automanage, and many other capabilities aim to automate and simplify management tasks, making Azure the best destination for your Windows Server VMs.
These features demonstrate Microsoft’s commitment to driving the evolution of the Windows Server operating system for the benefit of its users taking advantage of cloud technologies.
Deploying Windows Server Azure Edition VMs
Deploying Server Azure Edition VMs is straightforward. You can do it through the Azure portal, using Azure CLI, or even an ARM template. The Azure portal makes the deployment process intuitive, while the Azure CLI gives more control to the users, enabling scripting and automation.
Microsoft provides preview images that let you test new support and features before implementing them in your production environment. These preview images ensure that the new features align with your requirements and function as expected.
Azure Hotpatching: The Mechanics
The effectiveness of hotpatching lies in its ability to maintain the running processes while applying the necessary security patches. How hotpatching achieves this lies in its innovative technology.
During a hotpatching process, the security patch is injected into the running code of the operating system in memory. It patches the system while it’s still functioning without requiring a reboot. This feature provides a new baseline for the cloud journey, with Azure leading the way in optimizing VM management.
What does the hotpatching process look like?
As you can see below, in screenshots Microsoft presented showing how Hotpatching works (on Core edition), you will see the Reboot status displaying as NeverReboots.
Reboot status showing NeverReboots
You can choose to override the default settings if you want, such as setting it to reboot.
Microsoft still gives administrators control over reboot behavior
Windows updates are installed successfully without a reboot.
Successfully installing updates without a reboot
The server shows the patch has been installed, without rebooting.
Windows patch has been successfully installed without a reboot
Hotpatching key points to consider
1. Efficiency in Update Process
One of the many capabilities of hotpatching is its efficiency in the update process. Hotpatching for Windows Server with Desktop Experience lets you install updates and apply security patches without interrupting running processes. It means a smoother, uninterrupted operation for your Windows Server virtual machines hosted on Azure.
2. Enhanced Security with Rebootless Updates
Security is a crucial aspect of any server management. With hotpatching, security patches are installed quickly and efficiently, and the rebootless updates feature also reduces the window of vulnerability between the release of a patch and its application. This increased security is a boon for Windows Server VMs on Azure, where cybersecurity threats are a constant concern.
3. Familiar User Experience
Microsoft has been making Azure the best destination for all your cloud needs. With Windows Server Azure Edition, users can benefit from the Desktop Experience installation mode, offering a familiar Windows environment in their server VMs. The introduction of hotpatching enhances this experience by reducing the downtime associated with traditional update processes.
4. Ease of Integration with Azure Services
Hotpatching works seamlessly with Azure AutoManage and Azure Extended Network, among other Azure services. Through the Azure portal or the Azure CLI, you can manage updates and monitor the status of your servers. This ease of integration streamlines your server management tasks and contributes to a smoother cloud journey.
5. Support for On-Premises Servers with Azure Stack HCI
Finally, the benefits of hotpatching are not limited to the cloud. If you’re running Windows Server 2022 Datacenter Azure Edition on-premises using Azure Stack HCI, you can also benefit from hotpatching. This next-generation server management feature supports both cloud-based and on-premises servers, truly showcasing the continued investment of Microsoft in providing flexible, efficient, and secure solutions for its users.
The Future of Server Management
Azure hotpatching for Windows Server is a milestone demonstrating Microsoft’s continuous innovation in cloud services. The integration of this feature into Windows Server Azure Edition images enhances VM management. With hotpatching, applying security patches without rebooting affecting running processes becomes a reality, setting a new standard in the cloud journey.
Combined with Azure’s many capabilities, it positions itself as the platform of choice for those seeking to run Windows Server efficiently and securely. In the ever-evolving landscape of cloud platforms, Microsoft Azure arguably provides the best experience for running Windows Server with next-generation management features such as hotpatching.
