We do patching monthly (mandatory), but manually one side at a time during the maintenance window. We do have a powershell script to allow all servers on a side to get patches installed at once, and use the script to control clean service shutdown, set to manual, and also service start order. There are 24x7 sites that have agents working, but they are aware of the patching window required by our security policies - once we spoke through the “outage” (minutes per side, really - more blips than outages) they were fine with it. In event of longer outages they did work up more survivability configurations to implement if necessary. When security rules all these “downtime required” discussions are a lot easier. I think an SCCM push would be fine as long as you had procedures to do testing after the push and reboot. I am aware of other companies doing it.
Sent from my iPhone > On Sep 18, 2019, at 12:06 PM, Ryan Burtch <rburt...@gmail.com> wrote: > > All, > > I have a customer who wants to do windows patching via SCCM on all their > UCCE/CVP Servers - PGs, RTRs, LGRs, CVP CSs, etc. > > Problem, they have 24x7 environments w/ active agents. Does anyone have any > best practices on how to go about this? > > > > Sincerely, > > Ryan Burtch > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
