Announcing automatic OS upgrades for Azure VM scale sets
Infrastructure scale and complexity
When Azure virtual machine scale sets were introduced, we made it easy to deploy and manage cloud infrastructure at very large scale. We are continually looking for ways to lower the overall cost of managing cloud infrastructure. One area of cost that increases with scale is maintaining each virtual machine patched to the latest OS version, while keeping your applications running. This means finding ways to smoothly roll out an upgrade, one batch of VMs at a time. Many OS providers create new patched versions of their VM images at a monthly cadence, or more frequently for critical security fixes, but checking for, and manually rolling out these upgrades adds to cloud infrastructure management cost.
Announcing new automation features for scale sets
Today we are announcing a new set of automation features to simplify OS image upgrades for scale sets, allowing you to adopt a set-it-and-forget-it approach to OS lifecycle maintenance.
Automatic OS image upgrade preview
Now in preview, the automatic OS image upgrade feature for Azure scale sets will automatically upgrade all VMs in your scale set to the latest version. Once configured, the latest OS image published by image publishers will automatically be applied to the scale set without user intervention.
To minimize application downtime, upgrades take place in batches of machines, with no more than 20% of the scale set upgrading at any time. You also have the option to integrate an Azure Load Balancer application health probe. This is highly recommended to incorporate an application heartbeat and validate upgrade success for each batch in the upgrade process.
To maintain consistency and adherence to the latest OS versions across your applications, it’s also possible (and recommended) to configure an Azure Resource Manager policy, which enforces automatic image upgrade for all the scale sets in your subscription.
An upgrade works by replacing the OS disk of a VM with a new one created using the latest image version. Any configured extensions and custom data scripts are run, while persisted data disks are retained. You can opt out of automatic upgrades at any time, or manually initiate an upgrade.
Note: There are no restrictions on virtual machine or scale set size, and auto-OS upgrade works for both Windows and Linux VMs.
Which operating systems are eligible for automatic OS upgrade?
Initially the following operating systems are eligible for the automatic OS upgrade preview:
- Windows Server 2016 Datacenter
- Windows Server 2012 Datacenter R2
- Ubuntu Server 16.04-LTS
We’ll be adding more OS families as we go along.
When does an automatic OS upgrade happen?
Automatic OS upgrades are triggered shortly after the publisher of the OS releases a new image version.
How does automatic image upgrade differ from in-VM upgrade options like Windows Update?
Image upgrades replace the operating system disk of each VM, one batch at a time. This works well for stateless applications that do not keep application state on the OS disk, or applications which keep redundant copies of state data. The new images are publisher maintained and certified. Updates are applied using Safe Deployment Practices across Azure regions, for example, and do not happen in geo-paired regions at the same time.
In-VM upgrade options like “Windows Update” apply operating system patches without replacing the OS disk. This works well for stateful applications which keep application state on the OS disk, but also risks application downtime because the patch can be applied to all VMs at the same time. Also, the virtual machine OS disks become increasingly further ahead of the scale set’s source image, which means new VMs (for example when a scale set scales out) will go through a longer patch cycle when they are created.
Getting started
To learn more about how to register your subscription for the preview and to get started, please read Azure virtual machine scale set automatic OS upgrades.
There you will find instructions to configure a load balancer health probe, enforce an upgrade policy, check the status of your upgrade, and example Azure templates to get you started.
Source: Azure Blog Feed