You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/update-manager/guidance-migration-automation-update-management-azure-update-manager.md
+25-23Lines changed: 25 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,7 @@ Guidance to move various capabilities is provided in table below:
41
41
42
42
## Scripts to migrate from Automation Update Management to Azure Update Manager
43
43
44
-
Using the migration runbooks, you can automatically migrate all workloads (machines and schedules) from Automation Update Management to Azure Update Manager. This section details on how to run the script, what the script does at the backend, expected behavior, and any limitations, if applicable. The script can migrate all the machines and schedules in one automation account at one go. If you have multiple automation accounts, you have to run the runbook for all the automation accounts.
44
+
Using migration runbooks, you can automatically migrate all workloads (machines and schedules) from Automation Update Management to Azure Update Manager. This section details on how to run the script, what the script does at the backend, expected behavior, and any limitations, if applicable. The script can migrate all the machines and schedules in one automation account at one go. If you have multiple automation accounts, you have to run the runbook for all the automation accounts.
45
45
46
46
At a high level, you need to follow the below steps to migrate your machines and schedules from Automation Update Management to Azure Update Manager.
47
47
@@ -58,19 +58,21 @@ At a high level, you need to follow the below steps to migrate your machines and
58
58
### Unsupported scenarios
59
59
60
60
1. Update schedules having Pre/Post tasks won't be migrated for now.
61
-
1. Non-Azure Saved Search Queries won't be migrated. They have to be migrated manually.
61
+
1. Non-Azure Saved Search Queries won't be migrated; these have to be migrated manually.
62
62
63
63
For the complete list of limitations and things to note, see the last section of this article.
64
64
65
65
### Step-by-step guide
66
66
67
67
The information mentioned in each of the above steps is explained in detail below.
68
68
69
-
#### Prerequisite 1: Onboarding of Non-Azure Machines to Arc
69
+
#### Prerequisite 1: Onboard Non-Azure Machines to Arc
70
70
71
-
**What to do**: The Migration automation runbook ignores resources that aren't onboarded to Arc. It's therefore a prerequisite to onboard all non-Azure machines on to Azure Arc before running the migration runbook. Follow the steps to [onboard machines on to Azure Arc](../azure-arc/servers/onboard-service-principal.md).
71
+
**What to do**
72
72
73
-
#### Prerequisite 2: Creation of User Identity and Role Assignments by running PowerShell script
73
+
Migration automation runbook ignores resources that aren't onboarded to Arc. It's therefore a prerequisite to onboard all non-Azure machines on to Azure Arc before running the migration runbook. Follow the steps to [onboard machines on to Azure Arc](../azure-arc/servers/onboard-service-principal.md).
74
+
75
+
#### Prerequisite 2: Create User Identity and Role Assignments by running PowerShell script
74
76
75
77
**A. Prerequisites to run the script**
76
78
@@ -100,7 +102,7 @@ The information mentioned in each of the above steps is explained in detail belo
100
102
**D. Backend operations by the script**
101
103
102
104
1. Updating the Az.Modules for the Automation account, which will be required for running migration and deboarding scripts
103
-
1. Creation of User Identity in the same Subscription and resource group as the Automation Account. Name of User Identity will be like *AutomationAccount_aummig_umsi*.
105
+
1. Creation of User Identity in the same Subscription and resource group as the Automation Account. The name of User Identity will be like *AutomationAccount_aummig_umsi*.
104
106
1. Attaching the User Identity to the Automation Account.
105
107
1. The script assigns the following permissions to the user managed identity: [Update Management Permissions Required](../automation/automation-role-based-access-control.md#update-management-permissions).
106
108
@@ -111,7 +113,7 @@ The information mentioned in each of the above steps is explained in detail belo
111
113
112
114
#### Step 1: Migration of machines and schedules
113
115
114
-
This step includes using an automation runbook to migrate all the machines and schedules from an automation account to Azure Update Manager.
116
+
This step involves using an automation runbook to migrate all the machines and schedules from an automation account to Azure Update Manager.
115
117
116
118
**Follow these steps:**
117
119
@@ -145,7 +147,7 @@ This step includes using an automation runbook to migrate all the machines and s
145
147
146
148
1. You need to specify **ResourceGroupForMaintenanceConfigurations** where all the maintenance configurations in Azure Update Manager would be created. If you supply a new name, a resource group would be created where all the maintenance configurations would be created. However, if you supply a name with which a resource group already exists, all the maintenance configurations would be created in the existing resource group.
147
149
148
-
1. Check Azure Runbook Logs for the Status of Execution and Migration Status of SUCs.
150
+
1. Check Azure Runbook Logs for the status of execution and migration status of SUCs.
149
151
150
152
:::image type="content" source="./media/guidance-migration-automation-update-management-azure-update-manager/log-status.png" alt-text="Screenshot that shows the runbook logs." lightbox="./media/guidance-migration-automation-update-management-azure-update-manager/fetch-client-id.png":::
151
153
@@ -154,7 +156,7 @@ This step includes using an automation runbook to migrate all the machines and s
154
156
The migration of runbook does the following tasks:
155
157
156
158
- Enables periodic assessment on all machines.
157
-
- All schedules in the automation account are migrated to Azure Update Manager and a corresponding maintenance configuration is created for each of them, having same properties.
159
+
- All schedules in the automation account are migrated to Azure Update Manager and a corresponding maintenance configuration is created for each of them, having the same properties.
158
160
159
161
**About the script**
160
162
@@ -163,12 +165,12 @@ The following is the behavior of the migration script:
163
165
- Check if a resource group with the name taken as input is already present in the subscription of the automation account or not. If not, then create a resource group with the name specified by the Cx. This resource group will be used for creating the MRP configs for V2.
164
166
- The script ignores the update schedules that have pre and post scripts associated with them. For pre and post scripts update schedules, migrate them manually.
165
167
- RebootOnly Setting isn't available in Azure Update Manager. Schedules having RebootOnly Setting aren't migrated.
166
-
- Filter out SUCs that are in errored/expired/provisioningFailed/disabled state and mark them as **Not Migrated**, and print the appropriate logs indicating such SUCs aren't migrated.
168
+
- Filter out SUCs that are in the errored/expired/provisioningFailed/disabled state and mark them as **Not Migrated**, and print the appropriate logs indicating that such SUCs aren't migrated.
167
169
- The config assignment name is a string that will be in the format **AUMMig_AAName_SUCName**
168
170
- Figure out if this Dynamic Scope is already assigned to the Maintenance config or not by checking against Azure Resource Graph. If not assigned, then only assign with assignment name in the format **AUMMig_ AAName_SUCName_SomeGUID**.
169
171
- A summarized set of logs is printed to the Output stream to give an overall status of machines and SUCs.
170
172
- Detailed logs are printed to the Verbose Stream.
171
-
- Post-Migration, a Software Update Configuration can have any one of the following four Migration Statuses:
173
+
- Post-migration, a Software Update Configuration can have any one of the following four migration statuses:
172
174
173
175
-**MigrationFailed**
174
176
-**PartiallyMigrated**
@@ -188,7 +190,7 @@ The below table shows the scenarios associated with each Migration Status.
188
190
||| Schedule associated with Software Update Configuration is disabled.||
189
191
||| Unhandled exception while migrating software update configuration.| Zero Machines where Patch-Settings failed to apply.<br><br> **And** <br><br> Zero Machines with failed Configuration Assignments. <br><br> **And** <br><br> Zero Dynamic Queries failed to resolve that is failed to execute the query against Azure Resource Graph. <br><br> **And** <br><br> Zero Dynamic Scope Configuration assignment failures. <br><br> **And** <br><br> Software Update Configuration has zero Saved Search Queries.|
190
192
191
-
To figure out from the table above which scenario/scenarios correspond to why the software update configuration is having a specific status, look at the verbose/failed/warning logs to get the error code and error message.
193
+
To figure out from the table above which scenario/scenarios correspond to why the software update configuration has a specific status, look at the verbose/failed/warning logs to get the error code and error message.
192
194
193
195
You can also search with the name of the update schedule to get logs specific to it for debugging.
194
196
@@ -210,7 +212,7 @@ You can also search with the name of the update schedule to get logs specific to
210
212
211
213
:::image type="content" source="./media/guidance-migration-automation-update-management-azure-update-manager/verbose-log-records-deboard.png" alt-text="Screenshot that shows log verbose records setting while deboarding." lightbox="./media/guidance-migration-automation-update-management-azure-update-manager/verbose-log-records-deboard.png":::
212
214
213
-
1. Start the runbook and pass parameters like Automation AccountResourceId, UserManagedServiceIdentityClientId, etc.
215
+
1. Start the runbook and pass parameters such as Automation AccountResourceId, UserManagedServiceIdentityClientId, etc.
214
216
215
217
:::image type="content" source="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-runbook-parameters.png" alt-text="Screenshot that shows how to start runbook and pass parameters while deboarding." lightbox="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-runbook-parameters.png":::
216
218
@@ -222,7 +224,7 @@ You can also search with the name of the update schedule to get logs specific to
222
224
223
225
:::image type="content" source="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-fetch-client-id.png" alt-text="Screenshot that shows how fetch client id while deboarding." lightbox="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-fetch-client-id.png":::
224
226
225
-
1. Check Azure runbook logs for status of deboarding of machines and schedules.
227
+
1. Check Azure runbook logs for the status of deboarding of machines and schedules.
226
228
227
229
:::image type="content" source="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-debug-logs.png" alt-text="Screenshot that shows how runbook logs while deboarding." lightbox="./media/guidance-migration-automation-update-management-azure-update-manager/deboard-debug-logs.png":::
228
230
@@ -240,22 +242,22 @@ You can also search with the name of the update schedule to get logs specific to
240
242
- The Migration and Deboarding Runbooks need to have the Az.Modules updated to work.
241
243
- The prerequisite script updates the Az.Modules to the latest version 8.0.0.
242
244
- The StartTime of the MRP Schedule will be equal to the nextRunTime of the Software Update Configuration.
243
-
- Data from LA won't be migrated.
245
+
- Data from Log Analytics won't be migrated.
244
246
- User Managed Identities [don't support](../entra/identity/managed-identities-azure-resources/managed-identities-faq.md#can-i-use-a-managed-identity-to-access-a-resource-in-a-different-directorytenant) cross tenant scenarios.
245
247
- RebootOnly Setting isn't available in Azure Update Manager. Schedules having RebootOnly Setting won't be migrated.
246
248
- For Recurrence, Automation schedules support values between (1 to 100) for Hourly/Daily/Weekly/Monthly schedules, whereas Azure Update Manager’s maintenance configuration supports between (6 to 35) for Hourly and (1 to 35) for Daily/Weekly/Monthly.
247
-
- For example, if automation schedule has a recurrence of every 100 Hours, then the equivalent maintenance configuration schedule will have it for every 100/24 = 4.16 (Round to Nearest Value) -> Four days will be the recurrence for the maintenance configuration.
248
-
- For example, if the automation schedule has a recurrence of every 1 hour, then the equivalent maintenance configuration schedule will have it for every 6 hours.
249
-
- Apply the same convention for Weekly & Daily.
249
+
- For example, if the automation schedule has a recurrence of every 100 Hours, then the equivalent maintenance configuration schedule will have it for every 100/24 = 4.16 (Round to Nearest Value) -> Four days will be the recurrence for the maintenance configuration.
250
+
- For example, if the automation schedule has a recurrence of every 1 hour, then the equivalent maintenance configuration schedule will have it every 6 hours.
251
+
- Apply the same convention for Weekly and Daily.
250
252
- If the automation schedule has daily recurrence of say 100 days, then 100/7 = 14.28 (Round to Nearest Value) -> 14 weeks will be the recurrence for the maintenance configuration schedule.
251
253
- If the automation schedule has weekly recurrence of say 100 weeks, then 100/4.34 = 23.04 (Round to Nearest Value) -> 23 Months will be the recurrence for the maintenance configuration schedule.
252
-
- If I have an automation schedule that should recur Every 100 Weeks and has to be Executed on Fridays. When translated to maintenance configuration, it will be Every 23 Months (100/4.34). But there's no way in Azure Update Manager to say that execute every 23 Months on all Fridays of that Month, so the schedule won't be migrated.
254
+
- If the automation schedule that should recur Every 100 Weeks and has to be Executed on Fridays. When translated to maintenance configuration, it will be Every 23 Months (100/4.34). But there's no way in Azure Update Manager to say that execute every 23 Months on all Fridays of that Month, so the schedule won't be migrated.
253
255
- If an automation schedule has a recurrence of more than 35 Months, then in maintenance configuration it will always have 35 Months Recurrence.
254
-
- SUC supports between 30 Minutes to six Hours for the Maintenance Window. MRP supports between one Hour 30 minutes to 4 hours.
255
-
- For Example, if SUC has a Maintenance Window of 30 Minutes, then the equivalent MRP schedule will have it for 1 hour 30 minutes.
256
+
- SUC supports between 30 Minutes to six Hours for the Maintenance Window. MRP supports between 1 hour 30 minutes to 4 hours.
257
+
- For example, if SUC has a Maintenance Window of 30 Minutes, then the equivalent MRP schedule will have it for 1 hour 30 minutes.
256
258
- For example, if SUC has a Maintenance Window of 6 hours, then the equivalent MRP schedule will have it for 4 hours.
257
-
- When the migration runbook is executed multiple times, say you did Migrate All automation schedules and then again tried to migrate all the schedules, then migration runbook will run the same logic. Doing it again will update the MRP schedule if any new change is present in SUC. It won't make duplicate config assignments. Also, operations are carried only for automation schedules having enabled schedules. If a SUC was **Migrated**before, it will be skipped in the next turn as its underlying schedule will be **Disabled**.
258
-
-We can end up resolving more machines from Azure Resource Graph as in Azure Update Manager; we don't check if Hybrid Runbook Worker is reporting or not, unlike in Automation Update Management where it was an intersection of Dynamic Queries and Hybrid Runbook Worker.
259
+
- When the migration runbook is executed multiple times, say you did Migrate All automation schedules and then again tried to migrate all the schedules, then migration runbook will run the same logic. Doing it again will update the MRP schedule if any new change is present in SUC. It won't make duplicate config assignments. Also, operations are carried only for automation schedules having enabled schedules. If an SUC was **Migrated**earlier, it will be skipped in the next turn as its underlying schedule will be **Disabled**.
260
+
-In the end, you can resolve more machines from Azure Resource Graph as in Azure Update Manager; You can't check if Hybrid Runbook Worker is reporting or not, unlike in Automation Update Management where it was an intersection of Dynamic Queries and Hybrid Runbook Worker.
0 commit comments