Update @ 8AM, January 4th - Microsoft have accelerated the planned maintenance window for updates due an Intel CPU vulnerability (more details here [Microsoft] and here [Google]). This may mean that your VMs have already been automatically maintained by Microsoft by the time you read this. If your VMs have been already been maintained it will display a status of "Already Updated" in the Maintenance column.
You may have received an email from Microsoft over the last month or so stating that your Azure VMs require an update and that a planned maintenance window has been scheduled for them. These updates will be taking place from January 10th to 13th and your VMs could restart at any point during a 24-hour window - unless you act. As this maintenance is mandatory and will include in a restart of the VM (which we don’t want to happen at an unpredictable time), I’m going to use self-service to carry out the maintenance.
Below I’ll go through how to check which of your VMs are scheduled for maintenance and how to perform the self-service. I’m going to use the Azure Portal for this, but you can find instructions on how to carry this out using PowerShell here.
Azure planned maintenance notification is a cool feature which lets me know ahead of time when Microsoft will be performing maintenance on the underlying Azure fabric, and gives me the opportunity to control the scheduling of downtime as I see fit. By default, Azure Subscription owners will get the planned maintenance notification emails for each subscription, but you can add additional recipients if required by using Activity Log Alerts (more details here). Note: self-service maintenance isn’t available for all VM types (i.e. VM Scale Sets, Cloud Services, or Service Fabric).
It’s important to say that you don’t necessarily have to take any action here. If you don’t take any action Microsoft will perform maintenance on the VMs for you. If you have VMs in Azure Availability Sets then Microsoft will honour update domains, and restart them in controlled way based on your update domain configuration. Please note that this process does restart every VM in the Availability set eventually, so if you have something like SQL Availability Groups configured, there will be a failover of the database at some point.
Microsoft offer some guidance on when you should use self-service maintenance. Personally, I like to control over exactly when my VMs are redeployed and restarted (even if they are in availability sets), so I’m going to carry out self-service maintenance proactively.
Checking VMs for Scheduled Maintenance
- Sign in to the Azure portal
- In the left navigation, click Virtual Machines
- In the Virtual Machines pane, click the Columns button to open the list of available columns
- Select and add the following columns:
- Maintenance Pro-Active
- Maintenance Scheduled
This should give you an output like:
If you don’t see anything in the maintenance columns, then that’s good, you aren’t affected by this wave of updates.
In my example, 4 of my VMs have maintenance scheduled.
The Maintenance Auto-Scheduled Window displays the 24-hour period during which the VM will be automatically re-deployed (and restarted) by Microsoft if I take no proactive action.
The Maintenance Proactive Window displays the window during which I can manage the maintenance myself. I have up to midnight on the 9th Jan to perform it, otherwise it’s in Microsoft’s hands.
Performing Proactive Maintenance
This process will redeploy the VM to another host in the Azure datacentre that has already been patched. This shouldn’t take too long, but that will depend on the size of the VM and any start-up scripts you may have running. It should take a few minutes in most cases.
- Select the VM. You will see an orange banner across the top stating that scheduled maintenance will start soon:
- Click either the orange banner or the Start Maintenance button
- Click the Redeploy button - this will take the VM offline
- Wait for the message that the VM was redeployed, and perform any testing required to ensure the VM is back online and operational