Server farm - MS patching procedures

I wonder if anyone can comment on the schedule and procedures for MS patching.  I am drafting procedures for the server farm and want to see other advice/experiences
1 - Place "test" servers in their own group within WSUS environment.  
2 - Synchronize the WSUS server 8 days before the scheduled outage date (can be automated.)
3 - Approve Critical patches for the test group 1 week before the outage window, and alert users when the patches have been approved.
4 -  install the patches on test servers, reboot if necessary, and test servers for functionality during the week before the scheduled outage.
5 - alert the IT if the patches are causing a degradation of service, or unexpected detriment to the servers.  If so, the patches would be set for uninstall, and would not be installed during the scheduled outage.  If the patches do not cause any issues, users will inform the IT that they can approve the same patches for the remaining servers.
6 - Starting at first scheduled outage day, IT will take snapshots of VMs and install patches on remaining servers, and reboot if necessary.  IT will inform users once all servers are available.
7 - If patches are found to negatively affect other servers in the environment, the patches can be set to be uninstalled within the WSUS console.
8 - If patches are found to work as expected, IT will remove the snapshot of the VM.

Sounds good?
LVL 17
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
All looks good, but for 6 and 8, we do not use Snapshots anymore, because of growth of snapshot, and performance degrataion whilst in snapshot mode, also we had issues with snapshots also causing issues with backup products, Veeam, vDR, Backup Exec, vRanger, which also use Snapshots for Backup and  Change Block Tracking,.

So part of of our Change Control, and Change Board, Rollback plan, is we specifically run a special Patch Backup of the VM, and also a Clone Backup of the VM for Rollback if the Patch fails QA.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tiras25Author Commented:
Are you talking about the Vmware snapshots or storage snapshots?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Vmware snapshots
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
if you are using SAN based Snapshots, you've got no issues.
Tiras25Author Commented:
Right.. we use FT so VMware snapshots aren't possible correct?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.