Hi Guys,


I'm wondering what other Kace administrators are doing for patches in the Kace Appliance. We have about 3000 machines connected and have just started patching. I understand the technical end of the patching system, I'm wondering more about the policy and strategy used.

I'd like to know how you schedule the computers (ie all in 1 night or spread out),
# of machines you patch in a night,
how many patches do you push in a task,
how you identify patches that need to be detected/deployed?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
We have around 300 machines - Win 7, Win Xp & Mac. I only subscribe to patches that are critical for OS & applications and deploy on a daily schedule during a 90 minute window. Since most of our users are laptops and offline at night, patching off hours would not be effective. Reboots are suppressed since we have sensitive users so we rely on users to reboot daily and remind them to do this.. There might be some risk in that, but so far no problems have arisen. We have 5 offices so there is a separate schedule for Mac and Windows at each office. We have Replication points at each office which update at night. This avoids bandwidth congestion across the WAN during replication and patching. We consistently achieve about 95% patch compliance with this strategy.
Answered 09/13/2011 by: mlathrop
Fifth Degree Brown Belt

Please log in to comment
0
Thanks for the reply, I've got a lot of machines, and I know the kbox can't handle distributing all the patches to all machines at once. I'm wondering what the admins with large amount of machines do. Ie 500 machines a night every night get the patches?
Answered 09/16/2011 by: ms01ak
Tenth Degree Black Belt

Please log in to comment
0
Interesting question for us, especially for us as majority of our 3500 devices connect via an ADSL based WAN. Also, when trialing the patch functionality (it wasnt a requirement of the system but as we have it ... ) the test user complained (whilst munching on his granola) that his PC slowed down to a treacle like crawl.

I notice that the patch task has the ability to stop after a set amount of minutes, with 3500 machines, how reliable is this functionality? IE if I tell them to detect and deploy at 3 AM can I be be confident that 180 minutes later (3 hours) it will stop any detect / deploy job running?
Answered 09/16/2011 by: nbs
Orange Belt

Please log in to comment
1
Fact #1) if there is any awareness by a user that something is touching their machine in any way they will complain of slowness.

We run our patching for 90 minutes each day for several years now and it does stop after 90 minutes.

The fact is; once your patching is mostly up to date (~90%+) after a few days of running there is little patching that occurs during normal cycles. The biggest slowdowns are during MS "Patch Tuesday" cycles once per month
Answered 09/21/2011 by: mlathrop
Fifth Degree Brown Belt

Please log in to comment
0
Create staggered patch schedules for groups of machines.
I have mine labeled by subnet, and create a separate schedule for each subnet. Our remote offices have a replication share so machines on the remote network get patches from the rep share, reduces network traffic.

ORIGINAL: ms01ak

Thanks for the reply, I've got a lot of machines, and I know the kbox can't handle distributing all the patches to all machines at once. I'm wondering what the admins with large amount of machines do. Ie 500 machines a night every night get the patches?



Answered 09/21/2011 by: mlathrop
Fifth Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity