Security Patching thousands of machines
I am interested in understanding how many machines you have Kace managing? And how you manage the Patch Management of all the machines. We currently have more than 8000 Windows machines in Kace, and we want to start upgrading all the machines with all the patches, except a set of a dozen or so patch collections that we need to exclude due to conflict with our software.
When we had meetings with Dell Kace initially when we were piloting the appliance, we were told that 8000 clients shouldn't be an issue, however I am finding that sometimes the appliance can get very bogged down so I would like to understand how you get around this? Currently, I mainly have the Kace agent do DETECT of all the patches on all the machines everyday, and it seems to take around 24 hours for that DETECT process to complete -- the 8000 machines are all over the world and currently I am in process of setting up the replication of the patching files to all the sites through DFS-R, so currently the machines mainly have to go back to one site so that may be the reason why some of these are taking a long time to download the patch descriptors from the patch location.
I guess my question is mainly to those who have 5000+ or 10000+ clients to manage, how is Kace Security Patching working for you, and how do you find the performance of the Kace appliance in patching the machines? Do you know anything to make the patching run more efficiently? How much resources do you give to the appliance? We are currently running the Kace appliance on a VM with 128GB memory and 12 vCPUs... Would having the appliance run on physical hardware be better?
Thank you very much.