POC SQL patching after OS patching

Hello,
I’m working on a POC to install SQL patches for 100 instances after applying OS patches. I’m evaluating this option to reduce downtime. I would like to know if any of you have a similar schedule or plan, and how it has been working for you. Are there any considerations I should keep in mind?”

Let’s start with the “Automation” part -
On BigFix there are several options:

  • Baseline
  • WebUI Patch Policy
  • Server Automation Module
  • Rest API

Baseline -
You can create a Collection of Fixlets as Groups and Then Schedule it to be executed.
I’m just giving an example, you can change it.

Baseline Components:

Group 1:

Restart the Machine

Group 2:

Fixlets of OS Updates

Group 3:

Restart the Machine

Group 4:

Fixlets of SQL Server Updates

Group 3:

Restart the Machine

You can update Group 2 and Group 4 Content Manually or through Rest API

WebUI Patch Policy
This is much appealing option for OS Updates and 3rd party updates - but because the Microsoft SQL Server updates don’t have “Default” action - it will not add the content to that list.
SQL Server Updates have actions for non-clustered / clustered
Workaround: through API, you can copy the SQL Server Updates content and set a “Default” action after you understand your environment and then use it with the Patch Policy feature.

Server Automation Module
I havn’t really used this module, if someone can provide more experience with it - it will be much helpful

Rest API
You can make almost everything with this option. sky is the limit.
Filter Fixlets, add them to baseline or add them directly to action with default action that you choose, schedule when to deploy etc…

But Keep it Simple - You can start with Baselines, after that understand the Patch Policy and then Rest API

3 Likes

It is important that you know your SQL environment, are they in a cluster configuration?
If so, then you will need to take in consideration which nodes can go down first and then patch the rest.

We use BigFix Server Automation for our clustered SQL Server Environments, where we have created custom scripts that will perform some pre-patching tasks in order to make sure that there is always an active node. And then apply a baseline as @orbiton already mentioned in a sequenced deployment, checking that some criteria are met before continuing with the rest of the servers.

If you don’t have BigFix Server Automation in your BigFix environment then you can start using simple baselines and deploy the actions manually, and then go from there.

Once you get familiar with it you can start the full automation with the usage of the BigFix REST API, where there is no limitation :).

1 Like

Thank you for your input. The Wintel team has already configured automatic OS patching with a defined maintenance window. We do not want to modify the existing configurations that have been running smoothly for OS patch installations.

Our plan is to create a new baseline in BigFix to apply SQL Server patches 5 hours after the OS patching is completed.

I have a question:
Is there a way in BigFix to add a condition to check if a server is pending a reboot? This would help us include it as a prerequisite condition before starting the SQL Server patching process.
Thanks