1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Design a Management, Monitoring and Business Continuity Strategy for Azure 70-534 Certification

Patching Strategies


Course Intro
Wrap Up
3m 21s
Start course


This course covers the knowledge domain for designing a management, monitoring, and business continuity strategy in Azure in preparation for the 70-534 certification exam. The course will cover managing resources with systems center, on-premises monitoring, cloud-based virtual machines and applications, patching strategies, business continuity and disaster recovery, as well as a discussion of automation tools.


Welcome back. In this lesson we're going to talk about patching strategies. This is going to be a quick lesson, though it's covered on the exam, so I want to make sure that we at least talk it.

I think it has happened to many of us you update a servers operating system and it breaks something in your application or some dependency of your application. After it happens just the once we start looking for ways to manage how we deploy patches. Microsoft has thought about this and created WSUS, which stands for Windows server update services. WSUS allows us as administrators to subscribe to categories of updates and then the registered clients can install any of the updates that we as administrators approve.

WSUS is going to work no matter where you choose to deploy it. You could have it On-Prem and manage servers both On-Prem or in the Cloud, or you could deploy in the Cloud and manage both On-Prem and Cloud instances. We won't be deep diving into WSUS, however, the take-away is that WSUS provides you with a patch management system that you can use for On-Prem and hybrid deployments and you can easily host it On-Prem or in the Cloud.

Under the same general topic of patch management we should talk about SCCM, which stands for system center configuration management. These days bring your own devices, or BYOD, is a reality of modern companies. People don't want to be constrained by having to use a company supplied device or devices when they have their own, and people want to use these devices to access the resources they need from anywhere. This is an IT and security nightmare, however, Microsoft has identified this and so we have the option to use SCCM to help us deal with this.

SCCM is a feature rich tool and it's going to allow administrators to push updates to apps, manage WiFi and VPN profiles, deal with compliance issues, provide end point detection, and much more. If you're new to SCCM I want you to check out the URL on the screen now. This is a short URL using Google's URL shortner, so it's going to be case sensitive. The URL is http://goo.gl/JDh53k.

Okay, before we wrap up it's worth noting that WSUS and SCCM are great tools, however, they may not be exactly what you need. You may need to update things with a custom solution if these don't work for your scenario.

Now when implementing a custom solution I want you to think first about DSC, which is desired state configuration, and Azure Automation. Sometimes with engineers you mention the work custom and they start thinking in whatever programming language they're used to. So I want to make sure you're thinking about the tools that already exist that are going to help you out here.

Another consideration with custom solutions is going to be things like fault domains and update domains. Now I'm going to go these as an overview, however, since you're already preparing for the 70-534 exam you should be familiar with these. A fault domain is some single point of failure. A common example is going to be a server rack. If the power to that rack goes down then those servers are going to fail. So if you add your VMs to an avalability set they're going to be distributed across two fault domains and then five default update domains. So when you start up your VMs are going to be deployed into the next available fault domain alternating between the two, and as you add new servers the same thing is going to happen.

Now update domains are similar in concept, however, they're used for a different reason. Where fault domains are used for failures, update domains are used for whenever the server needs to be updated either by us or by Microsoft. Understanding both fault and update domains is essential for creating highly available systems on top of IaaS.

Okay in our next lesson we're going to be looking into the business continuity and disaster recovery capabilities of Azure. So if you're ready to keep going then let's get started.

About the Author

Learning paths15

Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.