Patch Deployment Overview

Security Controls allows local and remote patch deployment via a few simple mouse clicks. From one management console you can deploy missing patches and product levels to a single machine or to many machines.

Product levels should be applied before all patches. For this reason Security Controls will not allow you to deploy product levels and patches in the same deployment.

If you deploy a patch to a specific SQL Server instance, the patch is applied to all instances on that machine.

Patch Deployments Are Performed As Background Tasks

All patch deployments are performed as background tasks, regardless of how they are initiated. In other words, the deployment is launched as its own separate Windows task. This means you can initiate a patch deployment and then move on to other concurrent work within Security Controls without having to wait for the deployment to complete. This also means you can have multiple patch deployments active at the same time.

Deployment Considerations

  • Is there a practical limit to the number of deployments you can have active at the same time?
  • Yes. It is dependent on the CPU and memory size of the console machine. It is also dependent on the number of other tasks currently active (for example, other patch downloads, patch deployments, etc.). While there is no exact answer, you'll know you've reached a practical limit if Security Controls starts responding slowly.

  • Is there a problem if the same machine is included in two or more concurrent deployments?
  • You should avoid concurrent deployments to the same machine. Exactly what will happen is dependent on a number of issues. The second deployment may overwrite the patch files already deployed, it may fail if the files are currently in use by the first deployment, or it may fail if the first deployment reboots the machine while the second deployment is still in progress.

  • How will I know when a deployment is complete?
  • The Operations Monitor will display the status of the patch deployment. From the Security Controls console's perspective, the deployment is complete when all necessary files have been copied to the target machine and the deployment is scheduled.