Extend the Life of Windows Server 2012/2012 R2 with Azure Arc and SCCM Integration

 Challenge:

  • Maintaining security for Windows Server 2012/2012 R2 after end-of-support by deploying Extended Security Updates (ESUs).
  • Leveraging existing SCCM infrastructure for update deployment while simplifying ESU management.

Solution:

This approach combines the strengths of SCCM and Azure Arc to achieve a streamlined ESU deployment process for on-premises Windows servers.

SCCM:

  • Trusted Patch Management: SCCM remains your familiar tool for deploying updates, including ESUs, to your Windows servers. SCCM integrates well with WSUS for efficient update distribution.

Azure Arc:

Centralized ESU Management:

  1. Onboard eligible Windows servers (2012 & 2012 R2) to Azure Arc.
  2. Important: Update Azure Arc agent to version 1.34 or later for ESU support.
  3. Purchase and manage ESU licenses directly through Azure Arc (optional, simplifies licensing).
  4. Assign ESU licenses to your Azure Arc-enabled servers for simplified tracking.

Workflow:

  1. Azure Arc manages ESU licensing and assignment.
  2. SCCM retrieves updates from WSUS (configured for ESU channels) and deploys them to your servers.

Benefits:

  • Simplified ESU Management: Centralized licensing and assignment in Azure Arc.
  • Familiar Patch Deployment: Leverage existing SCCM expertise for update rollouts.
  • Improved Security: Ensure continued security for your Windows servers with ESUs.

Next Steps:

  • Review prerequisites (SCCM configuration, WSUS synchronization).
  • Onboard eligible servers to Azure Arc and update agents (version 1.34 or later).
  • Consider purchasing and assigning ESU licenses through Azure Arc (optional).
  • Configure SCCM to target relevant Windows versions and include ESU updates in deployments.
  • Thoroughly test the process in a non-production environment before deploying it to production.

Comments

Post a Comment

Popular posts from this blog

High Availability vs. Disaster Recovery in Cloud: Key Differences Explained

Image
What is the difference between HA & DR in Cloud?   Both High Availability (HA) and Disaster Recovery (DR) are important concepts in cloud computing that aim to keep your systems and data up and running. However, they address different scenarios and have distinct approaches. High Availability (HA) focuses on preventing downtime caused by isolated failures within the cloud system itself. This could include hardware malfunctions, software glitches, or network disruptions. HA achieves this by designing systems with redundancies, meaning there are backups in place to take over if a primary component fails. This can involve: Redundant servers: Having multiple servers running the same application, so if one fails, the others can pick up the load. Clustering: Grouping multiple servers so they act as a single unit. This allows for automatic failover to a healthy server if one goes down. Load balancing: Distributing traffic across multiple servers to prevent overloading any single se...
Read more

Understanding App Registration vs. Enterprise Application in Microsoft Entra ID

  In Microsoft Entra ID (formerly Azure Active Directory (AAD)) , both App registration and Enterprise application registration are essential components for configuring applications that interact with Azure services or other applications. They serve distinct purposes within the application setup process. App registration: Creates a globally unique application object, also known as an app registration. This object defines the core details of your application, such as its name and what it does. It also generates an application (client) ID used for identification. Think of it as the blueprint for your application. You perform app registration in the Azure portal under " App registrations ". Enterprise application registration (Service principal): Represents a specific instance of an application (created via app registration) within a particular  Microsoft Entra ID (formerly Azure Active Directory (AAD))  tenant (your organization's tenant). This creates a service p...
Read more