Automating Windows Cluster Patching with IBM Endpoint Manager for Datacenters
Brad_Fisher 120000B4Y8 Visits (8083)
Patching Windows clusters is largely a manual effort that is time-consuming and leaves plenty of room for error. If a mistake is made in patching your “mission critical applications” it can cost $50k, $100k or for some customers $Millions per outage. Depending on what versions of Windows you’re using, there’s little-to-no tooling to help you with this important task, and unfortunately it’s not one you can delay due to the exposure to your organization of not having the latest security patches installed…nobody wants to be the next company in the news with a data security breach so it’s critical to keep those clusters patched with the latest patches.
While you need the nodes in your clusters to be patched, you also need the cluster to remain active to service workloads, which is a significant strain on your staff resources to effectively coordinate this important activity for not just one cluster, but all clusters across all your domains. This all takes a significant amount of labor and time, which translates to significant cost to your organization.
Wouldn’t you like a way to reduce your costs for cluster patching by more than 50% and complete your cluster patching in less than half the time it takes you today resulting in reduced human error and key resources freed up to perform other critical tasks?
IBM Endpoint Manager for Datacenters provides an out-of-the-box solution for patching Windows clusters, Exchange clusters, SQL Server clusters and Hyper-V clusters. Sample “automation plans” are provided that include all the ordered steps to coordinate the one-at-a-time patching of nodes in your cluster, all you need to do is specify the nodes to be patched and the patches that you want to install and IBM Endpoint Manager for Datacenters takes care of the rest, patching your cluster while it’s still operational servicing workloads. And of course you can re-use these cluster patching automation plans to perform your monthly/quarterly cluster patching, just replacing the patches to be applied.
The general process for patching a Windows cluster is the following:
These steps are repeated for each node to patch one node at a time, keeping the cluster active to service workloads. Below is a picture of a 3-node cluster patching plan in IBM Endpoint Manager for Datacenters.
During the process, once the node has been removed from the cluster you can patch the OS, patch middleware on the server, make a configuration change on the server or perform whatever activity you want to do while the node is not actively servicing the cluster. While a cluster patching plan is executing you can review its progress and drill into any step to see further details.
For certain types of clusters there are some special things that need to be done as part of a cluster patching process. For example, for Exchange clusters it’s necessary to move the clustered mailbox server off of the active node and move it to the passive node in the cluster before patching. Handling these additional tasks is all automation that’s provided out of the box with IBM Endpoint Manager for Datacenters.
You have the option of configuring your cluster patching plan to return workloads back to the node on which they were executing before patching began. And for workloads that need to only run on a particular node, they won’t be moved to another node during patching and will instead be taken offline during patching and brought back online when the node is restarted and re-added to the cluster.
A customer case study of Windows cluster patching with IBM Endpoint Manager for Datacenters showed the following:
84 Clustered servers
• 1.5 hrs to patch each Server
• 16 Person Days per month to patch all servers!
Automated with IBM Endpoint Manager for Datacenters
• Less than 1 week to do the same work! (>1,000 hrs saved/yr)
This customer saw significant savings in time and of course labor since the process is completely automated with IBM Endpoint Manager for Datacenters.
To gain even more efficiencies in time and labor savings, you can develop automation plans that patch multiple clusters in parallel. One customer developed a single automation plan to run during their maintenance window that patched Windows 2003 clusters, 2008 clusters and 2012 clusters all at the same time. Another customer is looking at how they can build an automation plan in IBM Endpoint Manager for Datacenters to patch 50 clusters at one time…that will certainly bring them significant savings.
If you have Windows clusters in your datacenter you certainly need to patch them, leveraging IBM Endpoint Manager for Datacenters to patch your Windows clusters, Exchange clusters, SQL Server clusters and Hyper-V clusters can provide you with significant cost and labor savings that can be better spent on other more business critical projects.
For more information on IBM Endpoint Manager for Datacenters see http
For videos on IBM Endpoint Manager for Datacenters, see http
This blog posting is one of a series about leveraging IBM Endpoint Manager to automate the management of your datacenter. Future blog posts will cover topics such as automating virtual and physical server builds, automating multi-tier application deployment and automating complex cross-server patching scenarios.
Brad Fisher, IBM Endpoint Manager architect
Brad Fisher is a Senior Technical Staff Member in the Cloud and Smarter Infrastructure division of IBM. Brad has over 25 years in the IT industry. Having held positions in Cloud, Process Automation and Systems Management, most recently Brad has been working in Endpoint Management, focusing on IBM Endpoint Manager for Datacenters and the IBM Endpoint Manager for Server Automation solution, and how the Endpoint Management solutions can successfully manage a customers datacenter.