Best Practices to do software Patching and Software Deployment for bigger environment like 300 K computers
Hi Friends,
i am looking for low level suggestions and a ppt/document etc too , The client base is 300 k users and spread globally ( major in three different regions), the requirement is
1) methodology to do software patching, can we patch all in one go or do we have to divide as per region etc
2) How many clients can be targeted for software patching in one go ( ex : can we target 20K clients in one go ?), i know there are other factors too will play key role here like band width etc , but i am looking answers out of real time experience
3) What Methodology to follow when it comes to critical/emergency updates ?
Regards
Tanoj
OSLM ENGINEER - SCCM 2007 & 2012
There is no single best practice to patching, if there were then SCCM would ship preconfigured :). As an example, Microsoft internally patches 300,000 workstations with 98% success in about a week according to their own podcast:
Microsoft Podcast
That said, I do follow a few rules when building a patching plan for a client. Maybe you'll find it helpful:
Always use a "soak tier". I forget where I first heard the term, but the idea is to have a good cross section of users get patches one or more weeks before your general deployment. This will help identify potential issues with a patch
before it hits general release. Make sure said group is NOT just the IT department ... we make the worst guinea pigs (we aren't known for closing out end of the month billing or posting legal documents).
When it comes to workstations, avoid needlessly phased deployment. 99% of the time, using local time zones is enough of a phased deployment. Unlike servers with very particular boot and patching orders, workstations can simply be patched. You
have enough collections in your environment ... so any new collection for patching should be justified.
Keep your ADR count down. It's tempting to build a new ADR for everything (workstations, general servers, exchange servers, etc.). Problem is that best practice also has you building a new SUG every time each ADR runs ... so you end up getting
flooded with update groups and that much more maintenance. When possible simply use maintenance windows to break up patching schedules instead of using mostly duplicate ADRs that simply have separate start dates.
Use Orchastrator. To me Orchastrator is to Software Updates what MDT is to Operating System Deployments: effectively mandatory. Even if you don't have complicated cluster updates you need to automate with SCO integrated to SCCM (there
are great examples on the web if you do), you can at the very least create run-books to manage that monthly maintenance you otherwise have to handle manually in SCCM (which is a lot IMO). I have monthly run-books that delete expired updates from SUGs,
consoldate SUGs older than 6 months unto a single annual group, and even create new update packages (and update all ADRs to use them) every 6 months to keep a single repository from getting too large.
I'm sure others out there can give you more advice ... but that's my two cents.
Similar Messages
-
Any Best Practices (i.e. DOs and Don'ts) for source to target MAPPINGs?
Hi Experts,
Any Best Practices (i.e. DOs and Don'ts) for source to target MAPPINGs?
I will appreciate any hints on this.
ThanksHi,
I am assuming that you are asking about transformation mapping between source and target..
1) One to One mapping
2)Avoid using complex calculations
3) if any calculations required use routine instead of formulas
4)if possible avoid Using field routine (you can do start or end routine )
5)Do not map unwanted fields ( unnecessary process time,database occupant, also problem while activation of DSO data )
6)Avoid using master data read mapping option instead you can use routine to fetch the master data
7) no need of using infosurce
8)Use standard time conversions for time fields
Generally these things we need to consider while mapping..
Regards,
Satya -
Best practice in getting compliance rates of Software Update Deployments
Hi,
Would like to ask around on how others generate reports about software update deployment compliance. What do you use to get this report? Are there best practices for gathering software update compliance reports?There is not really a best-practice on reports that you need to use for compliancy on software updates. One of the reports I often use to check the compliancy is
Compliance 1 - Overall compliance as it provides a good overview of a specific collection for an update group. For more details you can use
Compliance 3 - Update group (per update).
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Does Microsoft provide list of patch name, kb number, patch and product code for released hotfixes?
Hi,
I'm looking for collective information for all hotfixes released by Microsoft with information such as patch and product code for msiinstall, patch and product name, e.g.:Patch Code : {97EBAE10-0D01-458E-BBD7-74ADBE8A51C9}
Product Code : {90140000-006E-0409-1000-0000000FF1CE}
Patch Name : Hotfix for Microsoft Office 2010 (KB2459117)
Does Microsoft provide such list? Where and how can it be obtained? if not is there a way to generate such list from hotfixes installed on specified computers?Regards,Grzegorzlooking for collective information for all hotfixes released by Microsoft with information such as patch and product code for msiinstall, patch and product name,
At one point that information could all be found in a huge XML file to support MBSA and HFNetChk by Shavlik. I haven't looked at the most recent implementation of MBSA but I do know that a later implementation of MBSA forced Shavlik to drop support
for HFNetChk. I don't know if they have done anything as a substitute.
Here's a description of what I remember (though 2009 sounds later that I would have guessed.)
http://www.petri.co.il/hfnetchk.htm
Probably someone on the MBSA forums will have better information for you.
Robert Aldwinckle -
BYOD - Audit patch and software installation
Hi all,
At this moment we are looking to give all our employees (1000+) a Windows 8.1 device what will be treated as Bring Your Own Device. We want to make them responsible for installing the Windows updates, Antivirus updates and other software all by them
selfs. Is there an easy (and cheap) way to audit these components?
We would like to get a alert if the users laptop is outdated with the Windows Updates and Antivirus updates. We would like also an overview which software has been installed.
Again, it has our preference to keep it cheap and basic possible!
Nice to have will be an option to sent the data to a server over the internet without VPN connection. But again it's a nice to have and not mandatory!I would recommend Windows Intune - http://www.microsoft.com/en-us/server-cloud/products/windows-intune/default.aspx#fbid=FVqhyqfSf3V
Prajwal Desai, http://prajwaldesai.com -
Building a best practice web application using ColdFusion and Jave EE
I've been tasked with rewriting a software using ColdFusion. I cannot seem to find a lot of information on best practice development in ColdFusion. I am an experience Java developer who has never used ColdFusion before. I want to build this application using a synergy of ColdFusion and Java EE technologies. Can someone recommend me a book that outlines how to developer in ColdFusion? Ideally this book assumes the reader is an experienced developer with no exposure to ColdFusion. Ideally the methods outlined in the book are still "best practice" methods.
jaisheela wrote:
Hello Friends,
I am also in the same situation.
I am a building a new web application using JSF and AJAX.
Requirement is I need to use IBM version of DOJO and JSF but I need to develop the whole application using Eclipse 3.3,2 and Tomcat 5.5.
With IBM version of DOJO and JSF, will Eclipse and Tomcat help to speed up the development or do you suggest me to go for Rational Application Developer and WebSphere Application Server.
If I need to go with RAD and WAS, then I am new to RAD and WAS, is it easy to use RAD and WAS for this kind of application and implement web applicaiton fast.
Any feedback will be great help.Those don't sound like requirements of the system to me. They sound more like someone wants to improve their CV/resume
From what I've read recently, if it's just fast you want, look at Ruby on Rails -
Best Practice - Bounded Task Flows, Regions and Nested Application Modules
Using JDev 11.1.1.3; understand that it's generally considered good practice to just have 1 root application module servicing model content / services for each page. In our application, we've used a number of bounded task flows and page fragments deployed as af:region's into pages as either a) views targeted in page-flow navigation, b) tab panel content inside a regular jspx, or c) af:popup / af:dialog content. As it stands, we've not engaged nesting of the application modules for this embedded region content, so these regions are no doubt instantiating new AM's if/when invoked. Should the AM's servicing these embedded regions be deployed nested within the root AM's, and then if so, does this change the way that the jsff / fragment content is actually developed (currently as per any other jspx using the DataControl pallete). Or are the best-practice directives talking about a page as being the design-time / declarative composition of content rather than the run-time aggregation of page + fragments ... in which case the fact that our embedded fragments are not using nested AM's is unlikely to concern.
Thanks,Probably a better question for the ADF EMG: http://groups.google.com/group/adf-methodology?hl=en
CM. -
Best Practice in maintaining multiple apps and user logins
Hi,
My company is just starting to use APEX, and none of us (the developers) have worked on this before either. It is greatly appreciated if we can get some help here.
We have developed quite a few applications in the same workspace. Now, we are going to setup UAT and PRD environments and also trying to understand what the best practice is to maintain multiple apps and user logins.
Many of you have already worked on APEX environment for sometime, can you please provide some input?
Should we create multiple apps(projects) for one department or should we create one app for one department?
Currently we have created multiple apps for one department, but, we are not sure if a user can login once and be able to access to all the authenticated apps.
Thank you,
LCLC,
I am not sure how much of this applies to your situation - but I will share what I have done.
I built a single 700+ page application for my department - other areas create separate smaller applications.
The approach I chose is flexible enough to accomdate both.
I built a separate access control application(Control) in its own schema.
We use database authenication fo this app - an oracle account is required.
We prefer to use LDAP for authentication for the user applications.
For users that LDAP is not option - an encrypted password is stored - reset via email.
We use position based security - priviliges are based on job functions.
We have applications, appilcations have roles , roles have access to components(tabs,buttons,unmasked card numbers,etc.)
We have positions that are granted application roles - they inherit access to the role components.
Users have a name, a login, a position, and a site.
We have users on both the East Coast and the West Coast, we use the site in a sys_context
and views to emulate VPD. We also use the role components,sys_contexts and views to mask/unmask
card numbers without rewriting the dependent objects(querys,reports,views,etc.)
The position based security has worked well, when someone moves,
we change the position they are assigned to and they immediately have the privileges they need.
If you are interested I can rpovide more detail.
Bill -
Best practice when developing APEX apps and using a SVN repository
Hi experts,
I wanted to get your opinion on best practice regarding how to use SVN and APEX combined.
The idea is basically how to structure and how to save APEX apps the best way in a repository.
I am currently working with a custom SVN structure, not using the default TRUNC/TAGS one : every app has a folder , under every app folder i have PAge number folders, and for each page reports, regions and global objects separated.
This helps me because its more readable then saving the whole page export, its good for small changes and i have a clear overview of every bit and piece.
What is everybody else using or is there a best practice to follow here that i dont know?
Kind regards,
Alex@tomaugerdotcom
Something like this might help: https://testflightapp.com/
Concevably, you could roll your own internal service if that particular one doesn't suit you. (I don't have any knowledge about how they are doing it, but it shouldn't be hard to figure out since Apple's constraining rules would only allow a few possibilities.)
USB app install and debugging isn't supported on iOS. You have to use wireless.
Another option specifically for multi-touch dev/testing, is to use an Android device. -
Best Practices: Flash Player 10.1 and Flash Lite 4
I've found the documentation for Flash Lite 4. It appears to support most everything you'd want to do in AS3, aside from some desktop-specific APIs like Clipboard, File, ContextualMenu, etc..
I've also noticed that there's a Flash Lite 4 compile target in Flash CS5. Would it be considered a best-practice to target Flash Lite 4 instead of Flash Player 10 for web content? (Obviously, desktoppy web apps would still need to be compiled for 10).TJ,
Thanks for your great feedback and your kind words. I'll certainly be making sure the team sees your comments, though I can't say we'll have 10.1 in place for you by Monday.
Thanks
-D -
What is the best practice to create IDM user and target accts via recon
usecase:
LDAP<--->idm---->AD.
User exists in LDAP. IDM and AD are empty. Need to create IDM user and AD acct from LDAP data.
I can recon against LDAP and create the IDM user. But I cannot create AD acct in the same recon process. What is the best practice to do the above.i think you have to have a "Per-account Workflow" set which creates the user in AD.
-
Best practice on storing the .as and .mxml files
I have some custom components, and they use their own .as
action script files. The custom components are placed in the
"src/component" folder right now. Should I place the associated .as
files in the same "src/component" folder? What is the suggested
best practices?
Thanks,Not quite following what you mean by "associated .as files ",
but yes, that sounds fine.
Tracy -
Best practice Forms 10g configuration setup and tuning
Hi,
We are currently depolying forms 10g from 6i client/server version. Users are experiencing Form hangups and hour glasses. This does not happen that often but can happen any time, anywhere in the app (users do inserts, updates and deletes and queries).
Is there a baseline best practice configuration setup anywhere either in the Forms side or the AppServer side of things?
Here is our setup:
Forms 10g (9.0.4)
Reports 10g (9.0.4)
Oracle AppServer 10g (9.0.4)
OS = RedHat Linux
Client Workstations run on Windows 2000 and XP w/ Internet Explorer 6 or higher
Average No. of users = 250
Thanks for all your helpShutdown applications within the guest.
Either power off from Oracle VM Manager or 'xm shutdown xxx' from the command line
It is possible one or more files could be open when the shutdown is initiated.
Have found at least one case of misconfigured IP which would have resulted in the disk access being via the 'Front End' interface rather than the Back End.
Thanks -
What's the 'best practice' way to get email and fax number from vendor?
Hello *,
could anybody let me know what the 'best-practice' is to get the fax number and smtp address from the vendor master? Is there a preferred function module I should use?
Thanks a lot,
TorstenHi ,
try that:
TYPE-POOLS: szadr.
DATA adr_kompl TYPE szadr_addr1_complete.
DATA adr1 TYPE szadr_addr1_line.
DATA adtel TYPE szadr_adtel_line.
DATA admail TYPE szadr_adsmtp_line.
DATA adfax TYPE szadr_adfax_line.
CALL FUNCTION 'ADDR_GET_COMPLETE'
EXPORTING
addrnumber = lfa1-adrnr
IMPORTING
addr1_complete = adr_kompl
EXCEPTIONS
parameter_error = 1
address_not_exist = 2
internal_error = 3
wrong_access_to_archive = 4
OTHERS = 5.
* Mail
LOOP AT adr_kompl-adsmtp_tab INTO admail.
MOVE admail-adsmtp-smtp_addr TO atab-mail.
ENDLOOP.
* fax
LOOP AT adr_kompl-adfax_tab INTO adfax.
MOVE adfax-adfax-fax_number TO atab-fax_number.
ENDLOOP.
regards Andreas -
I found that there is new features remote access inside windows server 2012 r2 which is much more easier. Is there anybody can suggest me how to connect 2 different sites and it will be the tunnel to replicate ADDS (RW) between both sites.
See this
https://social.technet.microsoft.com/Forums/windowsserver/en-US/133e7780-6a59-4bd7-906b-70830bea48d0/sites-connections-best-practice?forum=winserverDS
Regards,
Biswajit
MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
Blog:
Script Gallary:
LinkedIn:
Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..
Maybe you are looking for
-
ICamera photos are not displayed in iPhoto
HI! I have a big problem: Whan I make photos with the included camera in my iPad, these photos are not displayed in the iPhoto app supplied with my iPad. I can't find them. I'm using IOS 5.0.1. Any help? PLEASE!!!
-
Drop down list to refresh Tabular Form data
Hi, I had to add a drop list with a few values in them. When user selects any one of them, the tabular form region should refresh and pick data only for the value selected in the list box. For this I 1. I have created a Select item with list of value
-
Re: Collections and Disbursements
Hi All, Can any one tell me the process flow of Collections and Disbursements module in Insurance Industry i got some transactions and some tables but i did not get the flow of this module thanking you all Regards, Chinna
-
I cannot do the trial due to no internet connection but there is.
-
Okay guys. WHY if I search the keyword app the finder search box it does not show me all the applications but just some of them?