R
RP
Question regarding SUS and how Patch Dependancies are
handled.
I have and W2K Server environment that we're currently
preparing to implement SUS for. Up to now our 300 +
servers have been patched either manually or thru
packaged distribution. We've standardized on x number of
patches, however I'm taking the worse case thought that
in our environment there are going to be a large number
of servers that have the majority of our standard patches
but still missing a few.
The struggle I'm having is with the intial deployment,
since many of the MS security hotfixes have dependancies
of a previous hotfix before they can be installed or
required reboots . I want to avoid multiple reboots if
possible since it is a production server environment and
we want to ensure end user disruption is minimal.
Scenario
- All standard updates and hotfixes are approved on SUS
Admin Server
- SUS Client server connects to admin server and
downloads missing patches (A, B, C, D,E )and schedules
the install for x day at x time
- Patch C, D, and E all require a reboot and Patch C is
dependant on Patch A
My questions -
Will Patch A thru E install properly and only require a
single reboot regardless of dependancies since SUS will
perform the installations sequentially? or will I be
required to shedule multiple reboots for each patch that
requires a reboot before additional ones can be installed?
If multiple reboots are required, does anyone know of a
good site to easily identify patch dependancies so I can
plan for a staggered approach for my initial SUS
deployment?
Any guidance is appreciated and thanks in advance
handled.
I have and W2K Server environment that we're currently
preparing to implement SUS for. Up to now our 300 +
servers have been patched either manually or thru
packaged distribution. We've standardized on x number of
patches, however I'm taking the worse case thought that
in our environment there are going to be a large number
of servers that have the majority of our standard patches
but still missing a few.
The struggle I'm having is with the intial deployment,
since many of the MS security hotfixes have dependancies
of a previous hotfix before they can be installed or
required reboots . I want to avoid multiple reboots if
possible since it is a production server environment and
we want to ensure end user disruption is minimal.
Scenario
- All standard updates and hotfixes are approved on SUS
Admin Server
- SUS Client server connects to admin server and
downloads missing patches (A, B, C, D,E )and schedules
the install for x day at x time
- Patch C, D, and E all require a reboot and Patch C is
dependant on Patch A
My questions -
Will Patch A thru E install properly and only require a
single reboot regardless of dependancies since SUS will
perform the installations sequentially? or will I be
required to shedule multiple reboots for each patch that
requires a reboot before additional ones can be installed?
If multiple reboots are required, does anyone know of a
good site to easily identify patch dependancies so I can
plan for a staggered approach for my initial SUS
deployment?
Any guidance is appreciated and thanks in advance