Multi Cluster Patching Using a Single Plan

This page has not been liked. Updated 5/30/14, 6:38 AM by DaraMurphyTags: None

Multi Cluster Patching Using a Single Plan

In the following scenario there are 6 different clusters which are independent of each other.

Currently, to patch these clusters a user must log into each individual node, one by one, and then manually pause the node, move any groups off the node, patch the node and then resume each node.

A user can create two groups in Endpoint Manager:

  • Group A which will contain all node As from each cluster.
  • Group B which will contain all node Bs from each cluster.

To patch the clusters using an automation plan, the user can create an individual plan for each cluster, or if the user knows which patches they want to apply to each machine, the user can patch all the clusters using one single plan. The user also has the option of letting the fixlet relevance take care of applying the patch to the endpoints.

For example, a sample plan with the following steps:

  1. Pause Nodes – 2008-2012
  2. Pause Nodes – 2003
  3. Move Groups – 2008-2012
  4. Move Groups – 2003
  5. Patch Fixlet 1 – only applicable to Win 2012 machines
  6. Patch Fixlet 2 – only applicable to Win 2008 R2 machines
  7. Patch Fixlet 3 – only applicable to Win 2003 32-bit machines
  8. Restart Endpoint
  9. Resume Endpoint – 2008-2012
  10. Resume Endpoint – 2003

------------------------------------------------------------------------------------------------------

  1. Pause Nodes – 2008-2012
  2. Pause Nodes - 2003
  3. Move Groups – 2008-2012
  4. Move Groups - 2003
  5. Patch Fixlet 1 – only applicable to Win 2012 machines
  6. Patch Fixlet 2 – only applicable to Win 2008 R2 machines
  7. Patch Fixlet 3 – only applicable to Win 2003 32Bt machines
  8. Restart Endpoint
  9. Resume Endpoint -2008-2012
  10. Resume Endpoint – 2003

 

The plan allows for clustered machines of any operating system we currently support. If fixlets 1-10 are targeted at Group A, then all of the node As will be paused, have any groups moved off them, and then the relevant patch applied. Then the same is true of Group B and fixlets 11-20.

The user has the option of specifying which endpoints are targeted with each individual “patching fixlet” or they can just target Group A for every fixlet 1-10 and Group B for every fixlet 11-20. The fixlets will only be applied to any endpoints on which the fixlet is relevant.

Overall it becomes a very powerful method of patching a large number of endpoints with one plan which could lead to considerable time savings in the field. A plan is included below for clusters where none of the nodes operating systems are older than Windows 2008, it just reduces the number of fixlets in the plan. A user could keep one plan and just chop in and out the new patch fixlets as required as the need arises and patch fixlets become available leading to huge efficiency gains in system maintenance.

Once the user has invested a little time in setting up the two – or possibly more groups and formulating the base plan, it becomes reusable from then on for all cluster patching needs within the organisation.

Sample plan for systems where all node operating systems are Windows 2008 or newer:

  1. Pause Nodes – 2008-2012
  2. Move groups – 2008-2012
  3. Patch Fixlet 1 – only applicable to Win 2012 machines
  4. Patch Fixlet 2 – only applicable to Win 2008 R2 machines
  5. Patch Fixlet 3 – only applicable to Win 2008 32Bt machines
  6. Re-start endpoint
  7. Resume Endpoint -2008-2012

------------------------------------------------------------------------------------------------------

  1. Pause Nodes – 2008-2012
  2. Move groups – 2008-2012
  3. Patch Fixlet 1 – only applicable to Win 2012 machines
  4. Patch Fixlet 2 – only applicable to Win 2008 R2 machines
  5. Patch Fixlet 3 – only applicable to Win 2008 32Bt machines
  6. Re-start endpoint
  7. Resume Endpoint -2008-2012