Azure Guest OS Update Settings
Updated: March 2, 2015
|This page is only applicable if you are running web or worker roles as part of Azure Cloud Services. It does not apply to Azure Virtual Machine (IaaS).|
The Azure guest operating system (Guest OS) is the operating system that runs on the virtual machine (VM) that hosts a web role or worker role instance in Azure. Azure supports different Guest OS families which are substantially compatible with major releases of Windows Server. Guest OS updates do not apply to VMRole and Azure Virtual Machines because those features use VHD images that contain the actual operating systems.
The Guest OS is updated at periodic intervals, with the goal of resolving known security vulnerabilities and providing the most up-to-date runtime environment for Azure. The releases include the MSRC patches provided by the Microsoft Security Bulletin. The listing of the current supported Guest OS families are available here.
The Guest OS has two update settings:
Automatic - Azure automatically updates the Guest OS when a new release of the same family becomes available. This is the default behavior, and the recommended method. However, Azure does NOT automatically update one family to a later family. See this to understand the difference between versions and families.
Manual – You can manually choose a Guest OS version. Be aware that older Guest OS versions are retired thus forcing you to update your Guest OS. Be sure to keep up to date with the list of supported Guest OS families and versions. The Guest OS retirement policy is available here.
The following topics describe how to configure Guest OS update settings:
Both automatic and manual Guest OS updates occur as an in-place update. This means that your service's VMs (each of which corresponds to a single role instance) are updated one update domain at time. An update domain is a virtual grouping of VMs for the purpose of minimizing the impact to your service during an update. When an update begins, the role instances within the first update domain are taken offline, the OS updated, and role restarted. The update then proceeds to the next update domain.