In my previous post, List Updates on Windows Nano Server 2016, I talked about reporting the updates which are installed or missing from your Nano Servers. With that information in hand, you can now move to the more powerful aspect of actually patching them.
In my environment, I don’t want my hosts going out to Microsoft Update on their own, nor do I want to run an entire WSUS server just for a couple of Nano Servers so I patch them manually and this manual patching effort is something which will possibly resonate with others so I thought I would share it.
As it stands, the script requires you to fetch the updates yourself. I am going to work on something using Invoke-WebRequest in PowerShell to automate that step too, but that’s a small price to pay given the minimal number of updates Nano Server requires. Use the Microsoft Update Catalog at https://catalog.update.microsoft.com to obtain any updates you need. Something that was pointed out by Thomas Maurer in his Nano Server updates post at http://www.thomasmaurer.ch/2016/10/how-to-install-updates-on-nano-server/, there is an update for your Nano Servers which is not actually listed and this is the Servicing Stack Update for Windows 10 Version 1607, KB3176939 which you can download from http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3176936. This update is designed to be installed first and it improves the reliability and stability of the servicing stack in Windows which is used by the update process.
Windows Server 2016 introduced the new SKU, Nano Server. Nano Server is an extremely low footprint operating system designed for micro services and rapid deployment and provisioning and currently supports roles including Failover Clustering, Hyper-V, File Server, Web Server and DNS Server.
With Nano Server being completely headless and at this moment in time, not supporting a Configuration Manager agent for managing operating system patches, there needs to be a way for you to to track and manage patching on them. At home I run two Nano Server hosts using Hyper-V to host some virtual machines and a third running inside a VM for some testing workloads. I decided I wanted to script a way of at least going some way to automate the patching.
The first script below lists the updates that your Nano Server has installed already for reporting purposes. The second lists the updates which are available and require installation. It’s worth noting that for this to work, your Nano Server machines will need access to an update service to find out what updates are available, be it Microsoft Update or WSUS. If you are reading this thinking that you didn’t know Nano Server could use WSUS, well sure it can, you just need to populate the same registry keys you would on a normal Windows machine.
The code for returning the list of updates comes direct from the Microsoft Blog at https://blogs.technet.microsoft.com/nanoserver/2016/10/07/updating-nano-server/ however this assumes a manual process so I have wrapped this up to provide a level of automation.
Nano Server is the newest edition in the Windows Server family and because of it’s ultra-low footprint and patching requirement, makes it an ideal Hyper-V host for running your private cloud infrastructure.
One of the resiliency features in Hyper-V, Hyper-V Replicas allows you to replicate a VM on a timed interval of as low as 30 seconds. This isn’t a new feature but is a great one none-the-less and is ideally suited to organisations with multiple data centres wanting to protect their VMs across two or more sites without the need for expensive SAN replication technologies.
Nano Server ships by default with the Windows Firewall enabled and there are two rules for Hyper-V Replicas which are both disabled by default. If you want to use Hyper-V Replica, even once you’ve configured everything you need via the Hyper-V Manager console or via PowerShell such as virtual networks and enabling the Hyper-V Replica feature, you will still need to configure this rule.