Importing patches for operating systems, databases, web servers and applications is an ever more difficult and time-consuming IT task due to increasingly complex IT systems that demand a highly coordinated approach.

This article introduces a method for patching any number of servers in a short time window using a standard batch process.

Benefits of Automatic Patches

• Establish, roll out and automatically execute the standard patch process
• Gain centralized control over all current patch actions
• Synchronize patch actions with business and operational processes
• Make best use of the patch window by means of parallel processing

By combining Streamworks with other tools such as configuration management systems (formerly known as CMDB, Configuration Management Database), change and incident management as well as established monitoring procedures, our partner arvato Systems developed a solution to tackle this challenge – and the initial version already delivers a high degree of automation.

The Task: Automatic Patching of 200 Servers in 4 Hours

Our partner was facing the task of optimizing the existing patch processes in their data center to a level that allowed for coordinated patching of up to 200 servers within a time frame of four hours. Here, organizational constraints actually pose a bigger challenge than the patching process itself.

In most cases, it is not possible to simply reboot the servers. First, the applications executed on the servers need to be shut down properly. Also, in order to avoid unnecessary incidents from occurring during patching, monitors must be disabled temporarily, and batch processing on the servers needs to be halted.

Furthermore, the IT administration must define a standard patching procedure (policy) that meets the legitimate needs of internal and external customers. The objective here is to set up a policy based on sound judgment that allows for a high degree of automation. This gives the small team of administrators the time they need to tend to the remaining small number of processes that require individual attention.

The Solution: One Standard Patch Process for all Servers

The required application landscape information is exported automatically from the CMDB for each server at the beginning of the patch process. Streamworks dynamically generates processes (individual jobs) based on this data that perform the respective tasks (stop, start, etc.) for each configuration item (CI). When a multi-level application landscape is shut down, the web servers are stopped first, followed by the application servers and finally the databases.

After proper application shutdown, the planned and meticulously tested patch actions are executed. Here, too, the process is initiated in Streamworks, and successful completion of the defined partial steps – which can involve multiple IT areas – is verified. The application is then reactivated by repeating the shutdown process in reverse order.

The convenient Streamworks GUI delivers a high degree of transparency, allowing system administrators and IT operations staff to check the process status of each server at a glance. Moreover, the central Streamworks Incident View documents errors (e.g. issues encountered when stopping a database) in a manner that shows the name of the affected database right in the job name of the batch job. This facilitates rapid automated or manual response.