Questo articolo è disponibile anche in lingua italiana al seguente link: Azure Stack HCI: implementare HotPatch sulle VM Guest – WindowServer.it
Among the many benefits present within Azure Stack HCI, there is the possibility of using virtual machines based on Windows Server 2022 Datacenter Azure Edition, the same SKU that runs in Azure and which unlocks a series of very useful features even into on-premises world.
In addition to the aforementioned SMB Over QUIC, we also find HotPatch, a system that allows you to update your servers without restart them.
HotPatch is already present in Microsoft Azure but you can activate it only during the creation of the Guest VM.
As can be seen from the image, HotPatch updates are distributed 8 months out of 12, therefore every 3 months, starting from January, it is necessary to install the classic updates (and reboot). What does this translate into? That restarting servers is reduced by 67% by having to restart only 4 times out of 12 during the entire year.
Patching remains one of the great problems of companies which, for many (wrong) reasons, do not apply the updates of their operating systems and applications in the correct way. This rule applies to Linux, Microsoft, VMware, Oracle, etc.
Sometimes, on the other hand, downtime is simply the real danger for companies and this stops the patching process, with obvious risks for the security and stability of the systems.
That’s why HotPatch is a big news on the security front!
Note: obviously this count does not include any zero-day patches or patches considered critical to the security of the operating system.
The deployment starts from your Azure Stack HCI infrastructure, where you will need to install the Windows Server 2022 Datacenter Azure Edition image. The solution is now in Preview also for the Desktop version!
Create your virtual machine, using the previously downloaded image.
At least for now, there is a big difference between machines created on Azure and those created on Azure Stack HCI: in the cloud environment, there is a flag that allows us to activate the Hotpatch function without having to do anything, but in on-premises it is necessary to activate the component through some PowerShell commands described in the following article – Enable Hotpatch for Azure Edition Server Core virtual machines (preview) | Microsoft Learn.
Restart the server and try running Windows Update to see the result.
HotPatch is certainly a great novelty and the possibility of being able to implement it also in on-premises environments allows you to better manage the security posture even for those situations where there are mission-critical environments or for those fearful IT administrators who after restarting their server may explode.