Hi

I am interested in understanding how many machines you have Kace managing?  And how you manage the Patch Management of all the machines.  We currently have more than 8000 Windows machines in Kace, and we want to start upgrading all the machines with all the patches, except a set of a dozen or so patch collections that we need to exclude due to conflict with our software.

When we had meetings with Dell Kace initially when we were piloting the appliance, we were told that 8000 clients shouldn't be an issue, however I am finding that sometimes the appliance can get very bogged down so I would like to understand how you get around this?  Currently, I mainly have the Kace agent do DETECT of all the patches on all the machines everyday, and it seems to take around 24 hours for that DETECT process to complete -- the 8000 machines are all over the world and currently I am in process of setting up the replication of the patching files to all the sites through DFS-R, so currently the machines mainly have to go back to one site so that may be the reason why some of these are taking a long time to download the patch descriptors from the patch location.

I guess my question is mainly to those who have 5000+ or 10000+ clients to manage, how is Kace Security Patching working for you, and how do you find the performance of the Kace appliance in patching the machines?  Do you know anything to make the patching run more efficiently?  How much resources do you give to the appliance?  We are currently running the Kace appliance on a VM with 128GB memory and 12 vCPUs...  Would having the appliance run on physical hardware be better?

Thank you very much.

1 Comment   [ + ] Show Comment

Comments

  • tuyen,

    The answers below are correct. Replication Shares are the most important next step for you. Btw, you said that you've been through JumpStart training, but have you viewed any of our many KKEs on Patching (and other topics)?

    KACE Advisor
    Ron Colson

    KACE Kontinuing Education (KKE) Recording: Patching Week - Basics (155630)
    https://support.software.dell.com/k1000-systems-management-appliance/kb/155630

    KACE Kontinuing Education (KKE) Recording: Patching Week - Scenarios (155072)
    https://support.software.dell.com/k1000-systems-management-appliance/kb/155072
Please log in to comment

Answers

2
We have one physical K1 for 3k+ machines and 6 Replication Shares spread across the org's

to help distribute patching set up replication shares and point groups of machines (using smart labels) to each replication share to load balance the patching across them.

here is a screen shot from one org's replication server

Answered 06/08/2016 by: SMal.tmcc
Red Belt

Please log in to comment
2
12,000 + machines

1 physical K1000 with 19 replication shares (use smart labels to target machines to the proper replication share)

Make sure you use servers for the replication shares to avoid the Windows issue where you have limited concurrent connections.
Answered 06/08/2016 by: rockhead44
Tenth Degree Black Belt

  • How many computers can you patch concurrently?
    • I try to keep it to less than 1000 at any given time and less than 400 per replication share.
  • I talked with the Dell Kace techs and they kept insisting that the VM Appliance is enough. My manager has asked about considering whether we should plan on using a physical machine.

    As for the patching concurrently, I am planning on pushing schedule against all 8000+ machines, and currently, usually I am seeing around 200 or 300 machines are in process concurrently doing the patch detect process -- we are still in process of testing for the deployment of patches through Kace as we are migrating from using SCCM to Kace. When you said you less than 1000, how long does it take to complete that 1000?

    For the replication shares, I am planning to use DFS-R such that the Kace appliance replicates to one of the DFS-R servers, and through DFS all the clients in all our different site will automatically redirect to the closest DFS share to download the patches required -- the initial replication of the files is still in process... I am hoping once all the patching files are replicated to all the sites, then the clients process the detection and patching quicker since it would copy the patch files from a more local location than from halfway around the world for some of them.
    • Totally depends on what you are patching. I sometimes have Windows Update jobs that will run 4-5 hours. I run all of them after hours, which I have the luxury of doing (nights/weekends are available for me to patch)
Please log in to comment
Answer this question or Comment on this question for clarity
Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.

Share