4 Replies Latest reply on Apr 27, 2016 4:06 PM by chadsikorra

    Automated Patching

    jgovernale08

      Has anyone completely automated their patching with SolarWinds Patch manager and WSUS?

      Currently I am utilizing GPO's to kick off patching, and reboot the servers when completed, but I still go in after the fact, confirm each server is up and running and no additional patches are needed.  Needless to say this is a tedious process, and I am looking for a way to automate this process more, so I don't have to sit up late nights doing this extra work.

       

      What I am looking to do is this:

      Automate the process to where the servers download and install the patches from Patch Manager, where i can set up a schedule.  Something to model our existing patching schedule, Month 1- week 2, DEV servers. / Month 1- week 3 QA servers. / Month 2 week 2, UAT servers. /  and finally Month 3 weeks 1-4 all production servers based on groups.

      The servers get rebooted if needed

      A process to run to confirm each server is up, something more than a simple ping request, something that I can safely rely on that i know the server OS is up and running.

      Provide me with a report of successfully patched servers and servers that failed also also successfully booted back up to the OS log in prompt and of course servers that might have crashed.

       

      Is Patch Manager capable of all this, or do I need to look at a new product to accomplish these goals??

       

      Thank you for taking the time to read this, and any and all feedback is greatly appreciated.

        • Re: Automated Patching
          zackm

          you should be able to setup rules in PM that follow that schedule, the real "risk" is in your auto-approval and accidentally adding a patch that might break some other application...

           

          as far as the process to confirm the OS is up, just time your WMI inventory jobs with your patch schedules.

           

          all of the reporting requirements you mentioned would be accessible based on WMI and Computer inventory results as well.

           

           

          -ZackM

          Loop1 Systems: SolarWinds Training and Professional Services

          1 of 1 people found this helpful
          • Re: Automated Patching
            chadsikorra

            This is probably our biggest gripe about Patch Manager as well. You still are left having to go in and see if there are any additional patches left for the servers after the reboot from patching. It seems like having a "patch until it's done" mechanism is a slated feature, but I have my doubts that we'll ever see it be released. It's mentioned on the product roadmap page anyway:

             

            WHAT ARE WE WORKING ON FOR PATCH MANAGER (UPDATED ON November 23, 2016)

             

            I'd honestly start looking for another product to fully automate it. Using SCCM you can easily define maintenance windows for collections of servers where the servers just patch and reboot on their own until they have no more patches left to install. It just works. If you can get the money for SCCM in your server environment anyway. Otherwise I guess we are stuck waiting to see if SolarWinds ever finishes implementing some much needed features and fixes for this product.

            1 of 1 people found this helpful
              • Re: Automated Patching
                rschroeder

                I haven't tried Patch Manager yet, but from your comments it appears to have a chronic / extended issue.  Is it something you can solve with NCM and remediation through compliance reports, or with scheduled scripting?

                  • Re: Automated Patching
                    chadsikorra

                    I have a powershell script I use for reporting on the patches that are still left on servers post-patching (it's basically just a better GUI for initiating a mass detect/report now on the servers and list patches still left based on WSUS groups). I've considered an additional scheduled script to catch the rest of the patches during a servers patching window after it's first reboot. But at that point I'm automating something that should already be handled by Patch Manager in the first place.