Saturday, August 25, 2018

CIS 3.4 in Azure - Automated OS Patch Management

CIS 3.4 focuses on deploying automated operating system patch management tools.  In specific, the text reads:

Deploy automated software update tools in order to ensure that the operating systems are running the most recent security updates provided by the software vendor.

In order to properly understand how to implement this control on Azure, we have to have an understanding of the shared responsibility model that helps to determine roles and responsibilities between cloud-providers and cloud-consumers.  Here is a diagram from the shared responsibility for cloud computing whitepaper released by Microsoft.



image

Patching operating systems is part of the "host infrastructure" row above.  As you can see from the diagram, the only operating model we need to specifically address is the IaaS model.  This is because in all other cases, the cloud-provider is responsible for the management of the host infrastructure.  I'd love to get more into shared responsibility, but that is likely the subject of another blog post.

Because the target architecture is IaaS, in general, all your existing on-premises solutions for operating system patch management could apply.  This includes GPO settings with WSUS servers, custom yum repos, enabling/scripting update checks, etc. 

In the Azure world, there are two options.  Windows VMs can have automatic updates enabled at the run time using the ARM template configuration.  For linux VMs, you can make use of the custom script extension to enable automatic updates at deployment time.

 

In general, connecting your machines directly to automated update mechanisms works only in certain types of scenarios (stand alone machines, dev/test, etc).  In most other scenarios, you generally want additional options such as specifying an appropriate time, whitelisting/blacklisting updates, and staging updates across your infrastructure.

For those wanting more control over their updates, Azure has published an update management solution that makes use of the Azure Automation infrastructure to manage your updates.  I might cover update management in more detail in a future blog post.

In conclusion, managing operating system updates for Azure IaaS VMs is a very similar process to what you would currently do on-premises today.  There are features within the platform that make updates easier to maintain if you do not currently have a solution.  For the other deployment models, patching is an issue for the cloud-provider, and not the cloud-consumer.


24 comments:

  1. Also, the report gives the review of different systems and the triumphant goals of the key players in the computerized reasoning business sector and dissects their conduct in the overall market elements.
    artificial intelligence course

    ReplyDelete
  2. When considering Projection Management Professional (PMP) confirmation or on the off chance that you as of now have this affirmation you wonder about compensation desires.ExcelR PMP Certification

    ReplyDelete
  3. I wish more writers of this sort of substance would take the time you did to explore and compose so well. I am exceptionally awed with your vision and knowledge.
    ExcelR pmp certification

    ReplyDelete
  4. Nice post. Thanks for sharing! I want people to know just how good this information is in your article. It’s interesting content and Great work.
    pmp course

    ReplyDelete
  5. I really learned a lot from it.hope you will give more information on this topics in your next articles.

    pmp training

    ReplyDelete
  6. We have sell some products of different custom boxes.it is very useful and very low price please visits this site thanks and please share this post with your friends. automated access

    ReplyDelete
  7. In the cutting edge armed force today, individuals can be distinguished by the patches they wear which mean what their rank is and what division, detachment or unique unit they are an individual from. visit this page

    ReplyDelete
  8. What makes this thing of clothing so incredible is the way that you can without much of a stretch draw it over your outfit and work on doing a layered look. check this out

    ReplyDelete
  9. The grass is cut routinely. The fences are managed. The maintenance men play out all the internment schedules. The graveyard is open at the crack of dawn and shut at dusk. IT support Thornhill

    ReplyDelete
  10. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. The Best Project Management Tool

    ReplyDelete
  11. Particularly in circumstances where huge information records are included, the reserve funds are frequently emotional patches that are under 1% of the first document sizes are conceivable. check this link

    ReplyDelete
  12. Cool stuff you have and you keep overhaul every one of us
    pmp certification

    ReplyDelete
  13. Cool stuff you have and you keep overhaul every one of us
    pmp certification bangalore

    ReplyDelete
  14. A SUV, also called a sports utility vehicle, is a great option if you are looking for the adaptability of having a car that can carry large amounts of luggage but can also go off road with ease. Luxury SUV Rental

    ReplyDelete
  15. The late spring months is cruiser time in the USA, with conventions springing up in various places all around the country. This is a fabulous chance to exploit patch gathering by following the biker circuit since you can trade and buy various patches as of now. b3 bomber jacket canada

    ReplyDelete
  16. A fascinating perspective is the left cerebrum as the sense of self/materialistic 'partition and-overcome' mind that empowers us to abide in the actual world, and the right mind as the higher/otherworldly psyche that keeps us associated with a higher reality working in our lives. custom mac coats australia

    ReplyDelete
  17. I discovered spiritual implications from I, Robot (the movie) that symbolically point to the theme of the Torah and the writings of St. Paul: A symbolic comparison to laws of robotics and the Torah (Ten Commandments); Dr. Lanning, the creator or father of the robots, symbolically compared to Almighty God, the Creator and Father of humankind; Spoon, a radical, who doesn't trust robots and seeks to persecute them, symbolically compared to St. Paul, who sought to persecute Christians; Robots symbolically compared to humankind; Sonny, the unique robot, symbolically compared to Jesus Christ; VICKI , the mastermind that controls the other robots symbolically compared to Satan. robotic depalletizing

    ReplyDelete
  18. Deploying automated operating system patch management tools is a crucial step in maintaining a secure and efficient IT environment. Men’s White varsity jacket hoodie

    ReplyDelete
  19. I really learned a lot from it.hope you will give more information on this topics in your next articles.Digital Marketing Course

    ReplyDelete