|
How can I update my server when I have a fixed maintenance window? |
| If you're trying to hit a four hour window, then try this scenario: Set one installation time at the start of the maintenance window on the specified day. Set deadlines on all approved server updates to be the start time of the maintenance window. Set a short detection cycle on the server GPO. The detection cycle should be no greater than the amount of time that would elapse from the latest possible approval to the start of the maintenance window. What we're trying to accomplish here is to guarantee that a detection cycle runs between the time the update(s) are approved, and the start of the maintenance window. If the maintenance window is on Sunday night, and you're approving on Friday afternoon (at the latest), then this is really a non issue, as even a 22 hour detection cycle will guarantee this desired result. Here's what will happen in this situation -- and it's been somewhat demonstrated in my update-from-scratch of the XP RTM presented earlier this month. (1) The AU client on the server will run a detection cycle sometime prior to the start of the maintenance window. At this time, the updates do not have an expired deadline, so the server's AU client will download the update(s) and schedule them for installation at the start of the maintenance window. EXCEPTION: If one or more of the updates is marked as 'mandatory' or 'exclusive', as is the case with Windows Installer v3.1, for example, then the AU client will only download the /first/ of any mandatory updates and this first mandatory update will be scheduled for installation at the start of the maintenance window. (2) Here's where the deadline becomes relevant: After installing the first 'mandatory' update at the start of the maintenance window, the system will execute a restart. Now.. to digress.. you might be asking: What if the update does not require a restart? Well, I'm assuming that the option "Auto install minor updates" is enabled, so the only updates that are being installed during the maintenance window are updates that do require a restart. So.... (3) The system restarts. After the restart, the AU client always performs another detection cycle. This cycle is performed regardless of the next scheduled cycle, and it does not change the time of the next scheduled cycle. Now, this cycle will run and either discover the next 'mandatory' or 'exclusive' update, or it will discover all of the rest of the updates that are not 'mandatory'. If there is another 'mandatory' or 'exclusive' update, then the system will cycle between the above steps (1) through (3) until all 'mandatory' and 'exclusive' updates are installed. Then it will execute a detection cycle and download the remainder of the updates. But what else it will do, is also recognize that all of those updates downloaded after the start of the maintenance window are past the deadline, and it will force installation of each of those updates immediately, and execute a restart following installation. (4) Returning from the last restart, the AU client executes another detection cycle, and will discover -0- updates to be applied. No further maintenance activity will be necessary. Now, the one 'open' issue with this scenario is that there's no active methodology to 'terminate' the maintenance activity at the end of the window, but since we're talking about a four hour window, and we've already demonstrated that a slow machine on a slow network connection can fully update XP RTM to XP SP2, plus post-SP2 updates in 3 hours using this technique -- I highly doubt you'll ever blow a four hour maintenance window installing monthly updates. btw... you might be able to put a wrapper around the window for this activity by scripting the shutdown of the Automatic Updates service on the server to occur at the end of the maintenance window. If the AU service is shutdown at 4am by script.. then it will be impossible for the AU client to install any additional updates, or restart the system. |