Managing VM updates with Maintenance Configurations
- ALIF Consulting
- Oct 28, 2022
- 3 min read
Updated: Jul 12, 2024
Azure periodically updates its platform to improve the reliability, performance, and security of the host infrastructure for virtual machines. The purpose of these updates ranges from patching software components in the hosting environment to upgrading networking components or decommissioning hardware.
Updates rarely affect the hosted VMs. When updates do have an effect, Azure chooses the least impactful method for updates:
If the update doesn't require a reboot, the VM is paused while the host is updated, or the VM is live-migrated to an already updated host.
If maintenance requires a reboot, you're notified of the planned maintenance. Azure also provides a time window in which you can start the maintenance yourself at a time that works for you. The self-maintenance window is typically 35 days (for Host machines) unless the maintenance is urgent. Azure is investing in technologies to reduce the number of cases in which planned platform maintenance requires the VMs to be rebooted. For instructions on managing planned maintenance, see Handling planned maintenance notifications using the Azure CLI, PowerShell or portal.
This page describes how Azure performs both types of maintenance. For more information about unplanned events (outages), see Manage the Availability of VMs for Windows or the corresponding article for Linux.
Within a VM, you can get notifications about upcoming maintenance by using Scheduled Events for Windows or for Linux.
Maintenance that doesn't require a reboot
Most platform updates don't affect customer VMs. When a no-impact update isn't possible, Azure chooses the update mechanism that's least impactful to customer VMs.
Most nonzero-impact maintenance pauses the VM for less than 10 seconds. In certain cases, Azure uses memory-preserving maintenance mechanisms. These mechanisms pause the VM for typically up to 30 seconds and preserve the memory in RAM. The VM is then resumed, and its clock is automatically synchronized.
Maintenance that requires a reboot
In the rare case where VMs need to be rebooted for planned maintenance, you'll be notified in advance. Planned maintenance has two phases: the self-service phase and the scheduled maintenance phase.
During the self-service phase, which typically lasts four weeks, you start the maintenance on your VMs. As part of the self-service, you can query each VM to see its status and the result of your last maintenance request.
Maintenance Configurations
Maintenance Configurations allow you to control and manage updates for many Azure virtual machine resources since Azure frequently updates its infrastructure to improve reliability, performance, and security or launch new features. Most updates are transparent to users, but some sensitive workloads, like gaming, media streaming, and financial transactions, can't tolerate even a few seconds of a VM freezing or disconnect for maintenance. Maintenance configurations are integrated with Azure Resource Graph (ARG) for low latency and high-scale customer experience.
Scopes
Maintenance Configurations currently support three (3) scopes: Host, OS image, and Guest. While each scope allows scheduling and managing updates, the major difference lies in the resources they each support. This section outlines the details of the various scopes and their supported types:
Scope | Support Resources |
Host | Isolated Virtual Machines, Isolated Virtual Machine Scale Sets, Dedicated Hosts |
OS Image | Virtual Machine Scale Sets |
Guest | Virtual Machines, Azure Arc Servers |
Host
With this scope, you can manage platform updates that do not require a reboot on your isolated VMs, isolated Virtual Machine Scale Set instances and dedicated hosts. Some features and limitations unique to the host scope are:
Schedules can be set anytime within 35 days. After 35 days, updates are automatically applied.
A minimum of a 2-hour maintenance window is required for this scope.
OS image
Using this scope with maintenance configurations lets you decide when to apply upgrades to OS disks in your virtual machine scale sets through an easier and more predictable experience. An upgrade works by replacing the OS disk of a VM with a new disk created using the latest image version. Any configured extensions and custom data scripts are run on the OS disk while data disks are retained. Some features and limitations unique to this scope are:
Scale sets need to have automatic OS upgrades enabled to use maintenance configurations.
Schedule recurrence is defaulted to daily
A minimum of 5 hours is required for the maintenance window
Guest
This scope is integrated with the update management centre, which allows you to save recurring deployment schedules to install updates for your Windows Server and Linux machines in Azure, in on-premises environments, and in other cloud environments connected using Azure Arc-enabled servers. Some features and limitations unique to this scope include:
Patch orchestration for virtual machines needs to be set to AutomaticByPlatform
A minimum of 1 hour and 10 minutes is required for the maintenance window.
There is no limit to the recurrence of your schedule.
Management options
You can create and manage maintenance configurations using any of the following options:
Comments