Automated Monthly OS Patching
Where I work, we patch our operating systems running SAP on a monthly basis. The company runs 24/7/365 and the directive from management around the patch process is to limit end-user downtime in Production (zero downtime if possible).
We have three separate patch evenings following the release of new updates (Sandbox/Dev, QA and Production). Currently, I have scripts to shutdown our SAP instances in Sandbox/Dev/QA and the patches are applied, the systems rebooted if necessary and then I run our scripts to bring the SAP instances back online. In Production, it is more of a manual effort as I must ensure that the systems are as available as possible for colleagues around the world.
Ultimately, we would like to eliminate the need for a member of the Basis team to be online for the OS patching process, but rather available on-call for any issues that pop up as we always are.
Has anyone gone through the process of fully automating their periodic OS patching process? This would include SAP instance shutdown, patch application, system reboot(s), update compliance check via SCCM reporting, continued patch application attempts if patching fails the first time through, SAP instance start-up once a system reports back as compliant. These steps would most likely be performed in a cascading fashion - passive/active nodes with fail-over, application servers, Java/Enterprise Portal/web dispatcher servers, miscellaneous servers not directly impacting end users.
I appreciate any insight here.