Microsoft has released a new feature for Windows Server 2022 called Hotpatch. Let’s look at what this feature is, why you want to use it, and how easy it is to set up.
What is Hotpatch?
Hotpatching is the ability of an operating system to update without ending running applications or rebooting. The process is designed to be invisible so guest virtual machines can be updated without downtime to the system’s end-users. Microsoft has used this feature on the underlying infrastructure that runs the Azure service, but it is now available for customer use. This feature is only available on Windows Server 2022 Datacenter: Azure Edition (Server Core).
How does Hotpatching work?
Hotpatching relies on regularly updated Cumulative Updates referred to as baselines. Baselines come in two flavors, planned and unplanned.
Planned baselines: These Cumulative Updates are released at regular intervals. They contain updates that require rebooting. In between these releases, hotpatches that do not require reboots are deployed.
Unplanned baselines: These updates are released for urgent patching, for example, zero-day fixes. These require reboots as they would include all the Cumulative Updates for the current month.
All eligible virtual machines will be automatically patched outside of peak hours. The virtual machine health service will monitor platforms to detect the success or failure of the hotpatch installation.
How to set up a Hotpatch eligible VM
To create a virtual machine that can use the new hotpatch method:
Sign in to the Azure portal: https://portal.azure.com/
Either use the search field or click on the Virtual Machines icon
Click the dropdown and create an Azure virtual machine.
Under the VM creation, fill out the required information on the Basics page, but most importantly, select an image for Windows Server 2022 Azure Edition Core.
Follow the prompts in the wizard and select the desired configuration for Disks and Networking.
On the Management tab, scroll down to the Guest OS Updates.
Ensure Azure-orchestrated is selected.
- Complete the Advanced page and Tags page in the wizard and complete the creation.
Hotpatching is an excellent new feature that allows security updates to be installed far quicker and with fewer business interruptions. It is, however, important to note that reboots are still required for non-security updates.