Rawpixel - Fotolia
One of the longstanding pain points Hyper-V administrators have had to deal with is keeping Hyper-V hosts up to date. Microsoft publishes numerous updates for its products, and these updates often require Hyper-V hosts to be rebooted. The process is easier than it used to be thanks to the Cluster-Aware Updating feature, but it's possible to make the update process just a little bit more seamless by integrating Windows Server Update Services with System Center Virtual Machine Manager.
The most important thing to understand about integrating WSUS with SCVMM is that the process is designed to help you keep the Hyper-V infrastructure up to date. It isn't designed to handle updates for your VMs. VMs will continue to be updated in the usual way. It's also worth noting that this article assumes you already have a WSUS server running elsewhere on your network.
The first step in configuring SCVMM to work with WSUS is to install the WSUS console onto your SCVMM server. You can do this by opening an administrative PowerShell window and running the following command:
Install-WindowsFeature -Name UpdateServices-Ui
You can see what the installation process looks like in Figure A. Even though the command's output indicates that no reboot is necessary, some administrators have indicated that the integration process only works after the server is rebooted.
Once the management console has been installed, configuring SCVMM to connect to WSUS is a relatively simple process. To do so, open the SCVMM management console, and go to the Fabric workspace. Next, navigate through the console tree to Servers | Infrastructure | Update Server. Now, right-click on the Update Server container, and choose the Add Update Server command from the shortcut menu. This will cause Windows to display the Add Windows Server Update Services Server dialog box, as shown in Figure B.
The configuration settings shown in Figure B are relatively straightforward. The first piece of information you'll need to enter is the name of your WSUS server. Next, enter the TCP/IP port number that WSUS listens on. The port number tends to vary based on the server version and whether or not WSUS is configured to use Secure Sockets Layer (SSL) encryption. Assuming that WSUS is running on Windows Server 2012 or higher, the port number for non-SSL communications -- HTTP -- is 8530. The port number for SSL encrypted communications -- HTTPS -- is 8531. If WSUS is running on an older version of Windows Server, then it's probably using port 80 for non-SSL communications and port 443 for SSL encrypted communications. If your server is configured to use SSL encryption, then you'll need to select the Use Secure Sockets Layer (SSL) to communicate with WSUS server and clients checkbox.
If your server is using a nondefault port number, then you can use Microsoft's instructions to find the port number.
The last step in the process is to enter a set of credentials. The credentials you use must have administrative access to the WSUS server. When you're done, click the Add button to add the WSUS server to SCVMM.
Managing WSUS server
Even though the process of adding a WSUS server to the SCVMM management console is relatively straightforward, there are a couple of important things you need to know. First, you should begin managing the WSUS server only through the SCVMM management console. If you use the WSUS console to make a configuration change to WSUS, that configuration change won't be visible in SCVMM until after you perform a synchronization.
The next thing you need to know is how to manage WSUS through SCVMM. The WSUS-related settings are actually a bit scattered. You can access WSUS configuration options by going to the Update Servers tab on the ribbon and clicking Properties. This will give you access to settings for the proxy server, update classifications, products and languages.
The updates themselves are stored in the library. You can access them by going to the library workspace and navigating through the console tree to Update Catalog and Baselines | Update Catalog. You can expand the Update Catalog container to reveal individual update types, such as security updates.
Also, note that both WSUS and SCVMM are cluster-aware and can therefore be used to apply updates to infrastructure servers in a nondisruptive way.
Improve WSUS performance with these tips
Ensure SCVMM Run As credentials are correct
Take advantage of new features in SCVMM 2016