Beyond Bug Fixes: The Transformative Power of OS Upgrades

by arun danielin Automationon Posted on

Introduction

In today’s rapidly evolving technological world, ensuring that your computer’s operating system (OS) is up-to-date is more critical than ever. Whether you’re using a personal computer, managing a server, or overseeing an entire fleet of enterprise devices, regular OS upgrades are a cornerstone of digital health.

  • Security Enhancements:
    The most compelling reason for many to update their OS is enhanced security. Cyber threats continuously evolve, and older OS versions can become susceptible to new vulnerabilities. With each OS upgrade, developers fix known vulnerabilities, introduce improved security protocols, and provide tools to help users keep their data safe. Ignoring these updates can leave your system exposed to cyberattacks, data breaches, and ransomware.
  • Performance Improvements:
    Operating systems, like any software, are not perfect when they’re initially released. Over time, developers identify areas for optimization, leading to smoother and faster performance in subsequent versions. By keeping your OS updated, you’ll often experience quicker boot times, more efficient battery use, and improved application performance.
  • Access to New Features:
    Upgrades often introduce new features, tools, and capabilities. This could be anything from improved virtual assistants, enhanced graphic displays, new productivity tools, or better integration with other devices. By delaying upgrades, you’re missing out on these potential benefits and advancements in technology.
  • Compatibility:
    As software and applications are updated, many will optimize for the latest OS versions. This means that if you’re running an older OS, you might find that some applications no longer work or don’t provide the latest features. By keeping your OS current, you ensure maximum compatibility with the newest apps and tools.
  • Support and Community Assistance:
    Older OS versions eventually reach what’s called ‘end-of-life’ (EOL). When this happens, the developers no longer provide official support or updates for these versions. This can be problematic for users who encounter issues or vulnerabilities, as they’re left without any official recourse. The vibrant community discussions that surround newer OS versions also taper off for older versions, making it harder to find solutions to issues.
  • Business Continuity and Reputation:
    For businesses, an outdated OS can not only lead to direct threats like data breaches but can also harm their reputation. Customers and partners want to work with companies that prioritize data protection. By maintaining updated systems, businesses showcase their commitment to security and reliability.

If you are running unsuppoted Operating Systems or just want to upgrade your existing EC2 instances to the latest, Systems Manager will help you automate this process (there is a manual process which I will cover in another blog post).

Prerequisites

Source Server

make sure you have more than 10 GB of free space on root drive of the server you are upgrading

install system manager agent (run the below in Powershell as administrator):

[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12'
$progressPreference = 'silentlyContinue'
Invoke-WebRequest `
    https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe `
    -OutFile $env:USERPROFILE\Desktop\SSMAgent_latest.exe
Start-Process `
    -FilePath $env:USERPROFILE\Desktop\SSMAgent_latest.exe `
    -ArgumentList "/S"
restart-service AmazonSSMAgent

AWS

Create ec2 role for SSM service

  • Sign in to the AWS Management Console
    • Open your preferred browser.
    • Navigate to the AWS Management Console.
    • Sign in with your AWS account.
    • Open the IAM Dashboard
      • In the AWS Management Console, search or navigate to the “IAM” service.
    • Create a New Role
      • In the IAM dashboard’s left sidebar, click on “Roles”.
      • Then click on the “Create role” button.
    • Select Trusted Entity Type
      • Choose “AWS service”.
      • In the list of service roles, choose “EC2”. This allows Amazon EC2 instances to call AWS services on your behalf.
      • Click on the “Next: Permissions” button at the bottom of the page.
    • Attach the Required Policy
      • In the search box, type “AmazonSSMManagedInstanceCore” to find the policy.
      • Check the box next to the `AmazonSSMManagedInstanceCore` policy.
      • Click on the “Next: Tags” button at the bottom.
    • (Optional) Add Tags
      • You can optionally add tags for the role. Tags are key-value pairs that help you manage the role.
    • Click on the “Next: Review” button after adding tags (or if you decide to skip this step).
    • Review and Create the Role
      • Give your role the name `ssmEC2Role`.
      • You can also provide a description if you wish.
      • Double-check your settings to make sure everything is correct.
      • Click on the “Create role” button at the bottom.
    • Verify the Policy is Attached
      • After creating the role, you can click on the role name `ssmEC2Role` in the list.
      • In the “Permissions” tab, you should see the AmazonSSMManagedInstanceCore` policy attached.

Attach role to ec2 to upgrade

  • From the AWS Management Console, navigate to the “EC2” service.
    • Locate Your Instance:
      • In the EC2 dashboard’s left sidebar, click on “Instances”.
      • In the main pane, locate the instance to which you want to attach the role.
      • Select the instance by clicking the checkbox next to it.
    • Attach the IAM Role:
      • With the instance selected, choose “Actions” from the top menu.
      • Navigate to “Security, then click on ‘Modify IAM role”.
      • In the “IAM role” drop-down menu, select the ssmEC2Role (or type its name to filter the list).
      • Click on the “Apply” button to attach the role to your instance.
    • Verify the Role Attachment:
      • From the “Instances” list, select your instance and open the “Security” tab. You should see the role listed under “IAM role” in the instance details.

Systems manager

  • From the AWS Management Console, navigate to the “Systems Manager” service.
  • Under Change Management, click on “Automation”
  • Click “Execute automation”
  • Under “Automation document” search for “AWSEC2-CloneInstanceAndUpgradeWindows”
  • Select the radio button for “AWSEC2-CloneInstanceAndUpgradeWindows”; DO NOT USE “AWSEC2-CloneInstanceAndUpgradeWindows2019“
  • Click Next
  • Verify “Simple execution” is selected
  • Under Input parameters, select the radio button for the EC2 that you want upgraded
  • Under IamInstanceProfile type in ‘ssmEC2Role’
  • Under SubnetId type in the same subnet ID as the source EC2
  • Under TargetWindowVersion select the OS version you want to be upgraded to
  • Under KeepPreUpgradeImageBackup, select True
    • I manually delete the AMI once all tests are confirmed suffcessfull post upgrade
  • Under RebootInstanceBeforeTakingImage, keep False if you do not want the server to reboot during the image creation
  • Click on Execute
  • This process will take anywhere from 2-3 hours, upon which you will have an AMI with the name containing ‘AWSEC2_UPGRADED_AMI_TO_2022_FOR_INSTANCE_xxx’, where xxx is the instance ID of the source server

Create New Server

  • Make note of which subnet the source server resides in
  • Make note of which EC2 family size the source server utilizes
  • Make note of all security groups that are associated with the source server
  • Stop or terminate the original server
    • If you want to keep the same IP Address as the source server, you will have to terminate the original server
    • Before you terminate the server, make sure that an AMI was created during the upgrade process in Systems Manager
      • These images have the name of ‘AWSEC2_ImageFromOriginalInstance_xxx’ in them
  • Create a new EC2 instance using the image with the label containing  ‘AWSEC2_UPGRADED_AMI_TO_2022_FOR_INSTANCE_xxx’, where xxx is the instance ID of the source server
    • Use the same family size as the source server
    • Place in the same subnet as the source server
    • Attach the same security groups as the source server
  • Once fully booted, you will be able to connect to the upgraded OS server

Conclusion

While the allure of the “If it ain’t broke, don’t fix it” mentality can be strong, especially if your current OS seems to be running smoothly, the risks of not upgrading far outweigh the temporary convenience of maintaining the status quo. By keeping your OS updated, you’re taking a proactive step towards ensuring optimal performance, enjoying the latest features, and, most importantly, safeguarding your data against ever-present cyber threats. Always remember, in the digital age, staying updated is staying protected.

Leave a Comment

Your email address will not be published. Required fields are marked *