The answer to this question is dependant on how you setup the deployment.
Scheduled Scan with Auto-deployment:
The scan would start at midnight. The built-in Scan Templates will scan 64 machines at the same time and will cycle through all of the machine in the Machine Group until completion. Scan times will vary. The deployment process would start after all the machines have been scanned. The deployment phase consists of downloading the patches from the vendor, building deployment files, copying all required files to the target machine and then setting the scheduler on the target machine to run the job immediatly. The deployment process is one machine at a time and cycles through until completion. So the answer would be no, the machines would not start the deployment process at the same time.
Deployment setup from a completed scan:
1. Not using a Distribution Server:
All of the required deployment files would be copied to the target machines immediately after scheduling the deployment. Since the files are already on the target machines at the scheduled time, all of the machines would start the deployment at the same time.
2. Using a Distribution Server:
All of the required deployment configuration files (not including the patches) would be copied to the target machines immediately after scheduling the deployment. The job would start at the scheduled time, the patches would be copied from the Distribution Server to the target machines. The patches will install on each machine once they have the required patches. This method would stagger the deployment times.
Please let me know if this answers your question or if you need more detail.
Thanks for the quick reply. Our university is seeking to automate large volume patching in an overnight window of 6 hours. (12:00 am to 6:00 am). Using Shavlik Protect, is it possible to have mass deployments whereby we could update 100 to 300 servers in that time window??
1 of 1 people found this helpful
Quite possibly yes.
The issue here is scan and deployment times vary depending on a number of variables so it is impossible for me to tell a customer how long a scan and deployment will take to complete.
I would start out by scanning all 300 servers to see how long the scan takes. Any scan times of under 2 hours would leave you with 4 hours of deployment process time which should be more than sufficient. The deployment comment is assuming you are not missing a large number (100+) patches on each server. If you do have a large amount of missing patches on each server, I would suggest install the missing service packs first before setting up a reoccurring job. This will greatly decrease the number of patches required on the servers.
I wouldn't be surprised if you could scan and deploy to all of your servers in less than 3 hours. Much less if your scans don't take too long.
You would use a reoccurring scheduled scan with auto-deployment to automate this once you are confident on the timing.