locked
Patching over 1000 server ? RRS feed

  • Question

  • Hi,

    i am looking for a systematic " easy way" to patch 1400 server ( servers are divided into 4 batches ) each batch(350 server) is done weekly

    and it's taking very long hours every weekend ,

    noting we have cluster servers that cannot be auto rebooted at once and need to do failure over manually

    any other approaches to patch all the servers systematically ? whats the best practice for this, usually how this is done with IT companies ?

    Monday, August 1, 2016 7:03 AM

Answers

  • Hi Matt9111,

    While I can't quote statistics accurately, for complex scheduling over multiple windows for that kind of server volume, I would have expected they'd be using System Center Configuration Manager (SCCM).

    This isn't intended as a slight against WSUS as WSUS is actually the foundation of SCCM's deployment architecture, however, it will let you leverage the vastly superior filtering associated with collections, which you could in turn leverage a query to, for example, automatically differentiate between cluster members versus non cluster servers, etc.

    WSUS has come a heck of a long way since the early millennium and at a basic level it will still do what you want, however, I'd be surprised if you couldn't benefit from an enterprise level tool like SCCM (specifically SCCM 2012 R2).

    PS: As a belated inclusion, here's a good write-up on the SCCM approach with screen shots, so even if you don't run SCCM, you can get an appreciation of how it all hangs together.

    Cheers,
    Lain

    Wednesday, August 3, 2016 5:58 AM

All replies

  • Hi Matt,

    As far as I'm concerned, for servers that cannot be auto reboot, I will choose AU option 4 "Auto download and schedule the install", the scheduled install day and time will configure at non-working time.

    If you do not want to restart immediately, we may enable policy "Delay restart for scheduled installations", and enable policy "No auto-restart with logged on users for scheduled automatically updates installation"

    These GPO settings locates in Computer configuration>Administrative templates>Windows Components>Windows update.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 2, 2016 2:37 AM
  • thank you for your response, usually we restart manually one by one for clusters and sql, others we reboot in bulk ,

    so most companies do like what you mentioned which is downloading updates thru gpo and then reboot  manually  each server for clusers ? so this is the best practise way ? for example it's taking from me 18 hours work to do all of this , which is reboot manually for clusters  and bulk reboot for  normal servers , then ping them all and open test RDP connection to make sure they are accessible .

    any other way to accomplish all of this with less hours ?

    Wednesday, August 3, 2016 5:32 AM
  • Hi Matt9111,

    While I can't quote statistics accurately, for complex scheduling over multiple windows for that kind of server volume, I would have expected they'd be using System Center Configuration Manager (SCCM).

    This isn't intended as a slight against WSUS as WSUS is actually the foundation of SCCM's deployment architecture, however, it will let you leverage the vastly superior filtering associated with collections, which you could in turn leverage a query to, for example, automatically differentiate between cluster members versus non cluster servers, etc.

    WSUS has come a heck of a long way since the early millennium and at a basic level it will still do what you want, however, I'd be surprised if you couldn't benefit from an enterprise level tool like SCCM (specifically SCCM 2012 R2).

    PS: As a belated inclusion, here's a good write-up on the SCCM approach with screen shots, so even if you don't run SCCM, you can get an appreciation of how it all hangs together.

    Cheers,
    Lain

    Wednesday, August 3, 2016 5:58 AM