cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Automated Monthly OS Patching

Former Member

on ‎09-11-2014 3:59 PM

0 Kudos

Hi All,

Where I work, we patch our operating systems running SAP on a monthly basis.  The company runs 24/7/365 and the directive from management around the patch process is to limit end-user downtime in Production (zero downtime if possible). 

We have three separate patch evenings following the release of new updates (Sandbox/Dev, QA and Production).  Currently, I have scripts to shutdown our SAP instances in Sandbox/Dev/QA and the patches are applied, the systems rebooted if necessary and then I run our scripts to bring the SAP instances back online.  In Production, it is more of a manual effort as I must ensure that the systems are as available as possible for colleagues around the world.

Ultimately, we would like to eliminate the need for a member of the Basis team to be online for the OS patching process, but rather available on-call for any issues that pop up as we always are.

Has anyone gone through the process of fully automating their periodic OS patching process?  This would include SAP instance shutdown, patch application, system reboot(s), update compliance check via SCCM reporting, continued patch application attempts if patching fails the first time through, SAP instance start-up once a system reports back as compliant.  These steps would most likely be performed in a cascading fashion - passive/active nodes with fail-over, application servers, Java/Enterprise Portal/web dispatcher servers, miscellaneous servers not directly impacting end users.

I appreciate any insight here.

Thanks,

Jeff

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

xymanuel
Active Participant
‎09-12-2014 7:53 AM
0 Kudos

Hi Jeff, i expect a jobscheduler like uc4, control-m or kind of that in a company that size.

I would say you are able to schedule these steps in there.

I know companies which schedule the SAP part in the scheduler, and then start the patching process in scom. After SCOM is finished, they start SAP again.

We are trying to implement this process at the moment in our scheduler, but we do not have a scom.

I'm using normal stop/start scripts to stop SAP. Then i use the powershellscript of gregory strike

http://www.gregorystrike.com/2011/04/07/force-windows-automatic-updates-with-powershell/

to patch the OS. I extend the script to get different returncodes, if there are applicable updates or not to get a controlstructure in my scheduler (e.G. script ends with RC 100 if there are no updates, or 200 if there are updates available per WSUS).

Regards

Manuel

Show replies
Show replies
Former Member
‎09-12-2014 4:01 PM
0 Kudos

Hi Manuel,

We do not use UC4 or Control-M, but would like to integrate SCCM with Orchestrator for this automation project (unless there are other good suggestions).

The general gist of the patch flow would look like the following:

I have not included it here, but we would also be sending out notification e-mails for failed updates and status at checkpoints along the way.

After speaking with an SAP cloud hosting provider as well as Microsoft last year at TechEd, it does not seem like very many companies are doing this sort of thing where patching occurs within a couple of hours, human interaction is not needed and downtime to end users is zero.

We can start/stop SAP instances with our PowerShell scripts and apply updates via SCCM, but the cascading fashion in which this is done and the compliance aspect are the keys here.

Thanks,

Jeff

Ask a Question