How SapphireIMS automatic patch deployment works? Will it deploy all the missing patch at one go or it deploy the patches one after the other and any order of prioroty given on patches which needs to be deployed

lohit · June 19, 2021, 7:24pm

How SapphireIMS automatic patch deployment works, Will it deploy all the missing patch at one go or it deploy the patch one after other or it take one some random patch and deploy

Naveen · June 23, 2021, 5:12am

Windows:
Auto Approval: This setting key enables the system to automatically approve the patch when new missing patch is detected. If this setting is disabled, then customer must manually approve the patches which they want to post/schedule for deployment. By default, this setting will be disabled.

When posting on-demand deploy job for specific patch, that patch will be first downloaded by the respective master agent (if no master agent configured, then the target node will download the patch) and it will then process the deployment.

When posting on-demand deploy job for multiple patch/deploy scheduled through patch management wizard, all the approved patches will be given for master agent to download. Master agent will download the patches one by one, not in parallel.

As soon as one patch download is completed, that patch is ready for deployment. Hence the target machine will pick the job and process it. The job processing for one node is also sequential, it will not process multiple jobs at once.

Windows patch deployment order:

When deployment is scheduled/posted in bulk, in below priority the patches will be picked for deployment.

1. Service Pack.
2. Update Rollup
3. Security Updates
4. Critical Updates

Reason for processing Service Pack/Update Rollup first: In some case, the update roll up may supersede the individual patches, hence we are prioritizing these category patches first. After deploying Service pack/update rollup, then end machine needs to be rebooted. Post reboot, scan will happen and it will detect the latest missing patch list. As part of this scan, if any patch which was previously missing and currently not missing (due to service pack/update rollup deployment), those patches will be updated with status “Patch is not applicable due to previous service pack installation or update rollup installation or corresponding software is removed from the machine.”