管理 VM 的更新和修补程序Manage updates and patches for your VMs

Azure 自动化更新管理中的软件更新提供一组工具和资源,它们可帮助管理“跟踪软件更新并将其应用于 Azure 和混合云中的计算机”这项复杂任务。Software updates in Azure Automation Update Management provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to machines in Azure and hybrid cloud. 若要维持操作效率、克服安全问题和降低日益增多的网络安全威胁风险,有效的软件更新管理过程是必需的。An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and reduce the risks of increased cyber security threats. 但是,由于技术日新月异,并且新的安全威胁不断出现,因此需要始终如一地持续关注有效的软件更新管理。However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention.

备注

更新管理功能支持部署第一方更新并预先下载这些更新。Update Management supports the deployment of first-party updates and the pre-downloading of them. 要实现此项支持,必须在要更新的系统上进行更改。This support requires changes on the systems being updated. 请参阅为 Azure 自动化更新管理配置 Windows 更新设置,了解如何在系统上配置这些设置。See Configure Windows Update settings for Azure Automation Update Management to learn how to configure these settings on your systems.

尝试管理 VM 的更新之前,请确保已使用下述方法之一在 VM 上启用了更新管理功能:Before attempting to manage updates for your VMs, ensure that you've enabled Update Management on them using one of these methods:

限制部署的范围Limit the scope for the deployment

更新管理在工作区中使用范围配置来确定要接收更新的计算机。Update Management uses a scope configuration within the workspace to target the computers to receive updates. 有关详细信息,请参阅限制更新管理的部署范围For more information, see Limit Update Management deployment scope.

符合性评估Compliance assessment

在将软件更新部署到计算机之前,请查看已启用的计算机的更新符合性评估结果。Before you deploy software updates to your machines, review the update compliance assessment results for enabled machines. 对于每个软件更新,系统都会记录其符合性状态,然后在评估完成后,进行收集并批量转发到 Azure Monitor 日志。For each software update, its compliance state is recorded and then after the evaluation is complete, it is collected and forwarded in bulk to Azure Monitor logs.

在 Windows 计算机上,符合性扫描默认情况下每 12 小时运行一次。On a Windows machine, the compliance scan is run every 12 hours by default. 除了计划的扫描之外,还会在适用于 Windows 的 Log Analytics 代理重启后的 15 分钟内、更新安装前和更新安装后开始对更新符合性的扫描。In addition to the scheduled scan, the scan for update compliance is initiated within 15 minutes of the Log Analytics agent for Windows being restarted, before update installation, and after update installation. 还有必要查看我们的建议,了解如何使用更新管理功能来配置 Windows 更新客户端,以免出现任何妨碍正确管理的问题。It is also important to review our recommendations on how to configure the Windows Update client with Update Management to avoid any issues that prevents it from being managed correctly.

对于 Linux 计算机,符合性扫描默认情况下每个小时执行一次。For a Linux machine, the compliance scan is performed every hour by default. 如果适用于 Linux 的 Log Analytics 代理重启,则在重启后 15 分钟内开始符合性扫描。If the Log Analytics agent for Linux is restarted, a compliance scan is initiated within 15 minutes.

每台已经过评估的计算机的符合性结果将显示在更新管理中。The compliance results are presented in Update Management for each machine assessed. 对于启用了管理的新计算机,可能需要 30 分钟才会在仪表板上显示它更新后的数据。For a new machine enabled for management, it can take up to 30 minutes for the dashboard to display updated data from it.

请查看监视软件更新,了解如何查看符合性结果。Review monitor software updates to learn how to view compliance results.

部署更新Deploy updates

评审符合性结果后,软件更新部署阶段进入到部署软件更新的过程。After reviewing the compliance results, the software update deployment phase is the process of deploying software updates. 若要安装更新,请计划一个遵循你的发布时间和服务窗口的部署。To install updates, schedule a deployment that aligns with your release schedule and service window. 可选择在部署中包括哪种更新类型。You can choose which update types to include in the deployment. 例如,可包括关键或安全更新,排除更新汇总。For example, you can include critical or security updates and exclude update rollups.

请查看部署软件更新,了解如何计划更新部署。Review deploy software updates to learn how to schedule an update deployment.

查看更新部署Review update deployments

部署完成后,请检查执行过程,按计算机或目标组确定更新部署是否成功。After the deployment is complete, review the process to determine the success of the update deployment by machine or target group. 请参阅查看部署状态,了解如何监视部署状态。See review deployment status to learn how you can monitor the deployment status.

后续步骤Next steps