Manage fabric servers updates from Virtual Machine Manager 2012R2

Virtual Machine Manager (VMM) is able to manage Microsoft updates and the compliance of the fabric servers as Hyper-V hosts, VMM servers, PXE servers, Library servers and so on. For that VMM must be connected to a WSUS. When VMM is connected to a WSUS, the updates are visible in the VMM console and can be added to an update baseline. Once the baseline is created, it can be applied to the fabric servers.

VMM can be connected to an upstream or a downstream WSUS but not to a WSUS replica. Moreover, if you have System Center Configuration Manager (SCCM) already connected to a WSUS, you can use the same on VMM.

For example, in my lab, I have a server that hosts SCCM and the WSUS. This server is called VMCMG01. So I will connect my VMM to VMCMG01 to manage fabric servers updates from Virtual Machine Manager.

Add an Update server to VMM

First of all, add a RunAs account to the local Administrators group on the WSUS server:

Next, open the VMM console and navigate to the fabric. Right click on Update Server and select Add Update Server.

Specify the WSUS server hostname, the TCP port of WSUS (by default: HTTP: 8530, HTTPS: 8531) and the RunAs account. Don’t forget to tick the checkbox if you use SSL to communicate with WSUS.

Once you have clicked on Add, a job is launched to add the Update Server.

Once it is finished, you should have an Update Server in responding state.

Create and assign a baseline

Now that Virtual Machine Manager is connected to a WSUS, the update catalog should contain updates. To open the update catalog, navigate to the library and Update Catalog and Baselines.

By default, no baseline is assigned to fabric servers. So I will create a baseline that will contain only security updates. So I right click on Update Baselines and I select new baseline.

First specify a name and a description of the baseline.

In updates screen, click on Add to add updates to the baseline.

At the top of the window you can specify a filter to display only updates you want. So I type Security and I select all updates. Then I click on Add.

Once the updates are added to the baseline, you can click on next.

Next select on which fabric servers you want to apply the baseline. Because I have created this baseline for Hyper-V, I select all host groups.

To finish, click on … finish J.

At the end, my baseline is assigned to one host group (the top level host group) and contains 177 updates.

Check the compliance

Now open the fabric tab and navigate to your host groups. Right click on a Hyper-V host. You should see Scan, Remediate and Compliance Properties:

  • Scan: enables to check the compliance status to verify if all updates are installed;
  • Remediate: install the updates to be compliance with the baseline;
  • Compliance Properties: open a view to verify the compliance status regarding baseline

Below the Compliance Properties window on the hyperv01 Hyper-V host. Because no compliance scan has been run on this Hyper-V host, the compliance status is unknown.

So I run a compliance scan on HyperV01 by clicking on Scan.

When the compliance scan is finished, I come back to the compliance properties and I can see that my HyperV01 is compliant.

You can have an overview on the compliance status of the fabric servers by selecting the Compliance view as below:

My HyperV02 is non compliant, so I decide to run a remediation. I right click on the Hyper-V host and I select Remediate. In the update remediation window I select my baseline and I just click on Remediate.

$managedComputer = Get-SCVMMManagedComputer -ComputerName "hyperv02.home.net"
$baseline = Get-SCBaseline -Name "HomeCloud Security Baseline"
Start-SCUpdateRemediation -VMMManagedComputer $managedComputer -Baseline $baseline –RunAsynchronously

And after some time, my HyperV02 is compliant J

About Romain Serre

Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Manage Switch Embedded Teaming from VMM 2016

Since System Virtual Machine Manager 2016 Technical Preview 5 with cumulative update 2, it is ...

Manage Storage Space Direct from Virtual Machine Manager

In a previous topic, I shown how to implement a Storage Space Direct on Windows ...

Rename VM’s Network Adapters automatically with Virtual Machine Manager 2016

The next version of Hyper-V comes with a new feature called Virtual Network Adapter Identification. ...