1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. 70-534 - Design a Management, Monitoring, and Business Continuity Strategy

Patching Strategies

Start course


This course covers the Design a management, monitoring, and business continuity strategy part of the 70-534 exam, which is worth 20–25% of the exam. The intent of the course is to help fill in an knowledge gaps that you might have, and help to prepare you for the exam. 


Welcome back. In this lesson we're gonna talk about patching strategies.

This is going to be a quick lesson, though it's covered on the exam, so I want to make sure that we at least talk about it.

I think it's happened to many of us, you update a server's operating system and it breaks something in your application or some dependency of your application. After it happens just the once we start looking for ways to manage how we deploy patches.

Microsoft has thought about this and created WSUS which stands for Windows Server Update Services. WSUS allows us as administrators to subscribe to categories of updates and then the registered clients can install any of the updates that we as administrators approve.

WSUS is gonna work no matter where you choose to deploy it. You can have it on-prem and manage servers both on-prem or in the cloud. Or you could deploy in the cloud and manage on both on-prem and cloud instances.

We will be deep-diving into WSUS, however the takeaway is that WSUS provides you with a patch management system that you can use for on-prem and hybrid deployments.

And you can easily host it on-prem or in the cloud. Under the same general topic of patch management, we should talk about SCCM, which stands for System Center Configuration Management. These days bring your own devices, or BYOD is a reality of modern companies.

People don't want to be constrained by having to use a company-supplied device or devices when they have their own. And people wanna use these devices to access the resources they need from anywhere. This is an IT and Security nightmare.

However, Microsoft has identified this and so we have the option to use SCCM to help us deal with this. SCCM is a feature-rich tool and it's gonna allow administrators to push updates to apps, manage wifi, and VPN profiles, deal with compliance issues, provide end-point detection and much more. If you're new to SCCM, I want you to check out the URL on the screen now.

This is a short URL using Google's URL Shortener so it's gonna be case-sensitive. The URL is goo.gl/JDh53k. Okay. Before we wrap up, it's worth noting that WSUS and SCCM are great tools, however, they may not be exactly what you need.

You may need to update things with a custom solution if these don't work for your scenario. Now, when implementing a custom solution, I want you to think first about DSC which is Desired State Configuration and Azure Automation.

Sometimes with engineers you mention the word Custom and they start thinking in whatever programming language they're used to. So I want to make sure you're thinking about the tools that already exist that are going to help you out here. Another consideration with custom solutions is gonna be things like fault domains and update domains.

Now I'm gonna go through these as an overview; however, since you're already preparing for the 70-534 exam, you should be familiar with these. A fault domain is some single point of failure.

A common example is going to be a server rack, if the power to that rack goes down, then those servers are going to fail. So if you add your VMs to an availability set, they're going to be distributed across two fault domains and then five default update domains.

So when you start up your VMs, they're gonna be deployed into the next-available fault domain, alternating between the two. And as you add new servers the same thing is gonna happen.

Now update domains are similar in concept, however, they're used for a different reason. Where fault domains are used for failures, update domains are used for whenever the server needs to be updated, either by us or by Microsoft.

Understanding both fault and update domains is essential for creating highly available systems on top of IS.

Okay, in our next lesson we're gonna be looking into the business continuity and disaster recovery capabilities of Azure. So if you're ready to keep going, then let's get started!

About the Author

Learning paths14

Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.