랩: Azure Automation을 사용하여 Windows 업데이트 관리

Scenario

You can use the Update Management solution to manage updates and patches for your virtual machines. In this tutorial, you learn how to quickly assess the status of available updates, schedule installation of required updates, review deployment results, and create an alert to verify that updates apply successfully.

Exercise 1: Use Azure Automation to manage Windows Updates.

Task 1: Create a Resource Group

  1. Click Resource Groups on the Azure hub menu.

  2. Click Add.
  3. Name the resource group RunBooks
  4. Change the region to East US

Task 2: Create Automation account

  1. Click the Create a resource button found on the upper left-hand corner of Azure.

  2. Select IT & Management Tools, and then select Automation.

  3. Enter the following information.

    Name Resource Group Location Create Azure Run As account
    MyAutomation RunBooks EastUS2 Yes

  4. Click Create

  5. When the deployment has completed, click All Services, select Automation Accounts and select the Automation Account you created.

Task 3: Create a VM for use

  1. Click Virtual Machines

  2. Click Add

  3. Fill in the folowing details to create the VM

    Resource Group Virtual Machine Name Region Image Username Password
    RunBooks UpdateVM EastUS Windows Server 2016 localadmin Pa55w.rd1234

  4. Click Review+Create

  5. Click Create

Note: Wait for the VM to deploy before moving on

Task 4: Enable Update Mangement

  1. In the portal click Virtual machines

  2. Select the VM you created in the previous steps

  3. Under Operations click Update management

  4. Click Enable

Validation is performed to determine whether Update Management is enabled for this VM. This validation includes checks for an Azure Log Analytics workspace and linked Automation account, and whether the Update Management solution is in the workspace.

A Log Analytics workspace is used to collect data that’s generated by features and services like Update Management. The workspace provides a single location to review and analyze data from multiple sources.

The validation process also checks to see whether the VM is provisioned with the Microsoft Monitoring Agent (MMA) and Automation Hybrid Runbook Worker. This agent is used to communicate with Azure Automation and to obtain information about the update status. The agent requires port 443 to be open to communicate with the Azure Automation service and to download updates.

If any of the following prerequisites were found to be missing during onboarding, they’re automatically added:

  • Log Analytics workspace
  • An Automation account
  • A Hybrid Runbook Worker (enabled on the VM)

Note: Enabling the solution can take up to a few minutes. During this time, don’t close the browser window. After the solution is enabled, information about missing updates on the VM flows to Azure Monitor logs. It can take between 30 minutes and 6 hours for the data to be available for analysis.

Task 5: View Update assesment

  1. After the update management is enabled the Update Management pane will open

  2. If updates are missing they will display here

    Note: If your VM has been created from the previous steps this is a template VM from Microsoft that will include all the latest Windows updates so you may not see any required updates for the VM

  3. If there are updates available they will be listed with a link under the Inforamtion Link column that will allow you to view the details of that update and link to the Kb article of the update from Microsoft.

Task 6: Configure Alerts

  1. Return to the resource group you created erlier

  2. Select the MyAutomation automation account

  3. Under Monitoring click Alerts

  4. Click New Alert Rule

  5. Click Add Condition

  6. Select Total Update Deployment Runs from the list

  7. Click the Select * checkbox next to Runbook name and Status

  8. Under Alert logic, for Threshold, enter 1

  9. Click Done

  10. Under Alert Details, fill in the Alert Rule name with UpdateAlert

  11. Set the Severtiy to Sev2

  12. Under Action groups select Create

  13. Fill in the following details

    Action Group name Short Name Resource Group Action Name Action Type
    VM Updates Action group VMup Runbooks Email Email/SMS/Push/voice

  14. Click edit details next to email and fill in your email that will be used for the alerts

  15. Click OK

  16. Click Add under Action Groups

  17. Select your action group and click Select

  18. Click Create alert rule

Task 7: Schedule an Update Deployment

  1. Return to your list of VMs

  2. Select the VM you created earlier in the lab

  3. Click Update management

  4. Select Schedule update deployment

  5. In new update deployment fill in the following settings

    • Name - ScheduledUpdates
    • Schedule Settings - Recurrence > reccuring

  6. Click OK and then click Create

  7. Click deployment schedules to view the list of active deployment schedules

Task 8: View results of an update deployment

Note: After the scheduled deployment starts, you can see the status for that deployment on the Update deployments tab under Update management. The status is In progress when the deployment is currently running. When the deployment finishes, if it’s successful, the status changes to Succeeded. When there are failures with one or more updates in the deployment, the status is partially failed.

| WARNING: Prior to continuing you should remove all resources used for this lab. To do this in the Azure Portal click Resource groups. Select any resources groups you have created. On the resource group blade click Delete Resource group, enter the Resource Group Name and click Delete. Repeat the process for any additional Resource Groups you may have created. Failure to do this may cause issues with other labs. | | — |

Results: You have now completed adding a scheduled Windows Update management with an alert system for a VM running Windows server in Azure