Hyper-V Patch: Not Just a Windows Update
Today we’ll look at why you should patch Hyper-V (and possibly failover clustering) on your Hyper-V hosts. We will also show you where you can download these updates.
Why You Should Apply Hyper-V Patches
When you run Windows Update, including System Center Configuration Manager and Windows Server Update Services (WSUS), you are downloading the updates that are shared by Microsoft using the Windows Catalog. This catalog typically contains:
- Security fixes
- Service packs
- Update rollups
- Other updates
But the catalog almost never contains hotfixes that repair bugs in software. Downloading and deploying hotfixes is not something that was normally done for Windows computers; typically you only downloaded a hotfix when asked to do so by a Microsoft support agent in response to some specific issue. Normally you get these fixes when we install an update rollup, apply a service pack, or upgrade our operating system. You normally don’t experience issues (or accept that issues exist) and just get on with it.
However, things are different with virtualization. Our hosts are servers that are stressed in ways that are unusual for normal servers. Memory management is pushed to the limits. Networking is made to work harder than ever. Storage nearly has steam coming out of it. And failover clustering is doing more than just making a SQL Server instance or a few file shares highly available. Bugs are inevitable in any software that is more complex than “Hello World,” and using virtualization is a good way to find them. And this is exactly why we need to apply bug fixes to our Hyper-V hosts, and we need to know where to find them if WSUS is not downloading them.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
The relevant teams in Microsoft have opted to post details of released updates on the TechNet Wiki instead of the more formal TechNet site. This is probably because they can publish information more rapidly without waiting on editorial controls and marketing reviews. You can find the updates for Hyper-V at these two links.
List of available hotfixes for Windows Server 2012 Hyper-V.
Failover Clustering Hotfixes
The list of recommended updates for Failover Clustering can be found at these two links.
- Windows Server 2008 R2 with Service Pack 1 Failover Clustering
- Windows Server 2012 Failover Clustering
Downloading and Applying Updates
Browse the list and download relevant updates. For example:
- Updates for AMD processors are irrelevant for hosts with Intel processors.
- Failover clustering updates are irrelevant if you do not enable failover clustering.
There is some debate about proactively deploying these sorts of updates. Some legally defensive Microsoft employees might recommend not deploying an update unless it will fix an issue that you are experiencing. However, many of us in the industry recommend proactively deploying these updates to prevent issues. For example, a recent update (KB2848344) increases cluster resiliency on Windows Server 2012. In another, an update to Windows Server 2008 R2 prevented an Intel processor issue that would randomly crash hosts.
You can easily deploy updates to hosts using Windows Update. Several mechanisms exist to enable zero-downtime to services that are hosted on Hyper-V clusters, including VMM baselines and Cluster Aware Updating.