[enterprise-4.20] CNV-77283: Update RH virtio driver docs

modules/virt-updating-red-hat-virtio-drivers-windows.adoc

@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * virt/managing_vms/virt-update-virtio-drivers.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-updating-red-hat-virtio-drivers-windows_{context}"]
+= Enable automatic updates for Red{nbsp}Hat virtio-win drivers
+
+[role="_abstract"]
+If the Windows Update service (WUS) is restricted to allow only drivers explicitly signed and published by Microsoft, automatic Red{nbsp}Hat `virtio-win` driver updates are disabled. You must manually complete the required configuration steps to enable automatic updates for Red{nbsp}Hat `virtio-win` drivers on a Windows virtual machine (VM).
+
+.Prerequisites
+
+* The cluster must have internet connectivity. Disconnected clusters cannot reach the WUS.
+
+.Procedure
+
+. Import the Red Hat Release Certificate into the Trusted Publishers store.
++
+Example command:
++
+[source,powershell]
+----
+Import-Certificate -FilePath "redhat-driver-cert.cer" -CertStoreLocation Cert:\LocalMachine\TrustedPublisher
+----
+
+. In the Group Policy Management Console (GPMC):
+
+.. Set the `Allow signed updates from an intranet Microsoft update service location` policy to `Enabled`.
++
+If a driver is signed by a certificate in the Trusted Publishers store, it is now accepted, even if it didn't come from Microsoft directly.
+
+.. Set the `Do not include drivers with Windows Updates` policy to `Disabled`.

modules/virt-updating-virtio-drivers-windows.adoc

@@ -1,18 +1,22 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
-// * virt/backup_restore/virt-managing-vm-snapshots.adoc
+// * virt/managing_vms/virt-update-virtio-drivers.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="virt-updating-virtio-drivers-windows_{context}"]
 = Update VirtIO drivers on a Windows VM
 
 [role="_abstract"]
-You can update the VirtIO drivers on a Windows virtual machine (VM) by using the Windows Update service.
+You can update the VirtIO drivers on a Windows virtual machine (VM) by using the Windows Update service (WUS).
+
+[IMPORTANT]
+====
+If you restrict the WUS to only allow drivers explicitly signed and published by Microsoft, automatic Red{nbsp}Hat `virtio-win` driver updates are disabled. For information about enabling automatic Red{nbsp}Hat VirtIO driver updates, see "Enable automatic updates for Red{nbsp}Hat virtio-win drivers".
+====
 
 .Prerequisites
 
-* The cluster must have internet connectivity. Disconnected clusters cannot reach the Windows Update service.
+* The cluster must have internet connectivity. Disconnected clusters cannot reach the WUS.
 
 .Procedure
 

virt/managing_vms/virt-install-virtio-drivers-on-windows-vms.adoc

@@ -40,4 +40,3 @@ include::modules/virt-adding-container-disk-as-cd.adoc[leveloffset=+1]
 include::modules/virt-installing-virtio-drivers-installing-windows.adoc[leveloffset=+1]
 
 include::modules/virt-installing-virtio-drivers-existing-windows.adoc[leveloffset=+1]
-

virt/managing_vms/virt-update-virtio-drivers.adoc

@@ -9,5 +9,11 @@ toc::[]
 [role="_abstract"]
 Update VirtIO drivers in guest operating systems. Using the latest VirtIO drivers increases performance and stability.
 
+include::modules/virt-updating-red-hat-virtio-drivers-windows.adoc[leveloffset=+1]
 include::modules/virt-updating-virtio-drivers-windows.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+* link:https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#allow-signed-updates-from-an-intranet-microsoft-update-service-location[Allow signed updates from an intranet Microsoft update service location]
+* link:https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#do-not-include-drivers-with-windows-updates[Do not include drivers with Windows Updates]