What is the best way to automate the staged deployment of patches to ~200 servers each month?
Our deployment consists of development and test servers one week after Patch Tuesday, then production servers the following week. Ideally, we'd like both deployments to be scheduled/automated so that they can occur during a late night/early morning maintenance window without someone having to babysit.
We also want to make sure that the patches deployed to production servers are exactly the same as the ones that were deployed to development and test servers one week prior. In other words, we want to ensure that if any new patches are released during that week between development/test patching and production patching, they don't get deployed to production servers since they haven't had a chance to be tested.
Finally, along these same lines, we also want to have an easy way to prevent or exclude a patch from being deployed to production servers if an issue is found on development/test servers.
Is anyone successfully doing anything along these lines? Would love to hear some thoughts and ideas on your setup and how you're doing it.
In case you weren't aware of it - our Best Practices Guide for Protect does have a section titled "Automating Patch Management In An Agentless Environment" with some info on how to set this up.
Hopefully that will be helpful for you. I'm afraid that some of what you want to be able to do with Protect might just be limited due to the features that are available. If you have an idea, but there doesn't appear to be a feature that exists in Protect you can submit a request at our Shavlik Feature Request Form.