Solved

What is the best approach to implement a patching solution for servers if you have two sites?

Posted on 2013-12-21
5
437 Views
Last Modified: 2014-01-23
We have site A and site B. Both two seperate network segments but both sites can communicate across the WAN with each other. We are trying out Shavlik Protect 9 as a patching solution for our servers (all Windows VMs). What is the best approach in setting up a patch solution for both sites? So far, I got the console loaded only on one site (site A). Should the Shavlik console also be installed on Site B? I can deploy patches from site A to site B, but that is going across the WAN, which is slower. What should my approach be?
0
Comment
Question by:jaedenone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39733765
It is best to use a Single Path solution and Management Console for ALL servers, you can define groups in Shavlik, e.g.

Site A and Site B, and the Shavlik console would then hold all the updates and be a repo, for all sites.

Deploy Patches at night, out of core hours, how slow is your WAN?

Does internet access run over the same WAN, because another Shavlik installation, would create a duplicate repo (store) of the updates, and it would download them all over the WAN.

Once you are up to date with patches, Updates are quite small.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39743123
here is the main point is WAN bandwidth

its not recommended to run updates on windows vm, from one site to another site.

here you should take a test of WSUS configuration.



please share the output
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39745063
As other experts have mentioned you should control / approve your update from one site but at the other site you should cache the approved updates so client will connect to their local update server instead of the remote server. In WSUS this is a upstream downstream set up...
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question