Patching Automation

When we originally designed BatchPatch the primary goal was to enable administrators to have much more control over the Windows update and reboot process on numerous systems. If the entire process is left to Group Policy it can be very difficult, if not impossible, to control the *exact* timing of everything and to have visibility into exactly what is occurring and when. Of course you always have the option of manually logging on to every system and initiating the process, but this can quickly become a problem when you have a lot of systems or a short maintenance window or both. With BatchPatch the idea was to give you one central place where you could kick off the process on numerous computers, and then monitor the status of all of those computers without having to directly log on to any of them unless addressing an issue. Ultimately we wanted to make patching as efficient as possible while also keeping the process simple and easy to manage at the same time.

Now, when we talk about Windows patching automation, we could leave the discussion at just being able to trigger the update/reboot process and monitor it on numerous computers, simultaneously. However, patching automation with BatchPatch can easily be taken to new heights, and it’s worth discussing in what other ways you can automate the process. We have some customers who prefer to use scheduled tasks in BatchPatch to trigger the process on their entire network of computers. There is nothing wrong with this approach, though it’s not our favorite because we think that when you’re dealing with a lot of computers, especially if you have a limited maintenance window and uptime guarantees, it’s important to monitor the process in real-time so that you can immediately deal with any issues that might arise. Now, if you’re using scheduled task to launch update and reboot actions on target hosts, you can certainly also have BatchPatch email you a copy of the grid so that you can see what’s going on without being actively logged on. It really all depends on your desires coupled with the requirements for your organization. We have some customers who will patch all of their critical systems while sitting in front of the BatchPatch console so that they can monitor everything in real-time. And then they’ll use the task scheduler to handle less important systems in the middle of the night or early in the morning. For those less important systems if there are any issues then they can just be dealt with when arriving to work in the morning.

Another thing that I particularly like to do to increase efficiency is to setup one-click processes for systems with inter-dependencies. For example in the case of virtual machines I like to use the advanced multi row queue sequence in BatchPatch to automate the process so that I can use a single click to initiate the update and reboot process on the virtual guests, and then when they are completed, the virtual host is automatically handled by the sequence. Otherwise what ends up happening when *not* using the advanced multi row queue sequence is that after kicking off the virtual guests to update, I’m busy dealing with other items before I remember to eventually make sure that the guests are completed before starting the process on the virtual hosts. There is nothing wrong with doing this, but it’s not as efficient as using a sequence to take care of it because the sequence can be setup to start the process on one machine (or on a group of machines) at the exact moment that another machine (or group of machines) finishes its processes. The advanced multi-row queue sequence is not only good for virtual machines. It’s also great for any situation where you have some machines that can only be offline when others are online, for example.

When it comes to automation, it’s not always just about automating the actual update and reboot process on target systems. We have some customers who want to use automation to also populate the BatchPatch grid with computers in the first place. It’s actually possible to automatically synchronize a BatchPatch grid with OUs and Groups in Active Directory, so that new computers that have been added to the network can be automatically added to a BatchPatch grid. Additionally, you can use row templates to automatically apply scheduled tasks to computers when they’re added to the grid. The two of these features can be used in conjunction with one another to take your automation goals to the next level. 🙂

BatchPatch really lets you keep things as simple and straightforward as you desire. If you don’t want to deal with any automation, you don’t have to. If you want to automate everything under the sun, you can do that to. It’s up to you!

This entry was posted in Blog, General, Tutorials and tagged . Bookmark the permalink. Both comments and trackbacks are currently closed.