Deploying Hotfixes or SP using WSUS

  • Fellow DBA's

    Has anybody used wsus to deploy Sql Server Hot Fixes or Service Packs using WSUS?

    if so can you let me know any pro's and Con's using WSUS..mainly CON's

    Thanks,

  • do not use it myself, but did partake in a post on this forum where wsus caused problems, see

    http://www.sqlservercentral.com/Forums/Topic612095-48-1.aspx

    personally I would not want any automated process applying patches to SQL, I would want full control of this, not least so I could be sure system db backups were taken beforehand.

    ---------------------------------------------------------------------

  • Thanks For Your Reply.

    We are not trying to update it automatically but more of a taking help of WSUS to push the patches after we take all the necessary backups.

    Can this be done?

    Thanks Again...

  • sorry I don't know wsus well enough to give a definitive answer, you would expect to be able to though.

    personally I would be only applying service packs on a per server basis so would go the manual route. applying individual hotfixes or patches is quite rare so I don't see how wsus helps with SQL patching. I can see how it assists with OS patching but I don't think SQL patching is the same ballgame.

    ---------------------------------------------------------------------

  • George,

    We have like 100 sql servers and suppose we have to install the latest and greatest hotfix or sp on all of them after testing on the test servers..will WSUS help us in anyway.

    This is just a question..i am trying to find out...

    Thanks in Advance!

  • sorry, as I said , don't feel qualified to give a steer either way..............

    You would want to check if wsus has advantages over an unattended install from the command line using scripts.

    ---------------------------------------------------------------------

  • Thanks For Your Suggestions.

  • If I understand you correctly, you'd like to push out the service pack to all of your servers using WSUS, but then apply it manually on each server. This would depend on what kind of update schedule your servers are on. When you push updates out via WSUS, they do just sit until it's time for them to be applied. For example, our production servers only get updated once a month, but our Windows admins usually push them out as they approved from dev/test. We were thinking about using this to push out SP3 rather than having to physically copy it to every server, but I was just told that it's not available for SP3 yet.

  • Jennifer Vanderschans (1/8/2009)


    If I understand you correctly, you'd like to push out the service pack to all of your servers using WSUS, but then apply it manually on each server. This would depend on what kind of update schedule your servers are on. When you push updates out via WSUS, they do just sit until it's time for them to be applied. For example, our production servers only get updated once a month, but our Windows admins usually push them out as they approved from dev/test. We were thinking about using this to push out SP3 rather than having to physically copy it to every server, but I was just told that it's not available for SP3 yet.

    so you would use wsus to push the SP out to the servers but not actually apply it? How is this an advantage over say keeping a single copy of the SP on a fileshare available on the network or is the SP then applied as part of the monthly updates?

    ---------------------------------------------------------------------

  • We were going to test applying it as part of the monthly updates, but since SP 3 is not available in WSUS yet, we probably won't do it this way. As far as pushing it out instead of running it over a network share, we find that the run time is much faster if we run patches and sp's locally than over the network. Maybe it's just our network, but I don't want to start a fight with the network guys by asking.

  • Can we not contol when we can apply in WSUS rather than automatically apply whenever it's available?

    This way we can do it after the backups are completed and the users are off the system..

    Thanks,

  • I wasn't referring to when you push it out with WSUS, but to when it gets applied to the system. Not being sure how your WSUS is configured, I can't tell you for sure if your systems will wait to apply the patches being pushed out. But in our case, every system that gets its updates from WSUS has it's own schedule as to when it applies the updates that it downloads from WSUS. The same as it would if you were downloading the updates directly from Microsoft instead.

  • Thanks For Your Patience and Insight on this.

  • Best way you use WSUS

    Set WSUS Server to use Group Policy ( with this u r setting your WSUS for "Client side Targeting")

    Create WSUS Computer Groups

    Create OUs in AD

    Create one GPO per OU and enable "Client side targeting", specify WSUS Computer group you created

    and "Download updates and install"

    Now when you approve particular update it will be automatically installed on client machine and rebooted.

    so even you have "Download updates and install" option enabled via GPO ,patches will not be pushed until they are approved.

    Avinash

Viewing 14 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic. Login to reply