Self Patching ... Can Machines configure themselves?
Murali Mohan Josyula (JMM)
AVP - Member of Technical Staff - AT&T Communication Services India Pvt. Ltd.
Have you heard about SELF - PATCHING... The name itself is very interesting. Right?
Somewhat sounding similar to SELF-HEALING... but not the same. And of course it is not about Self Service for patching... Wherein we will have a UI (User Interface), through which users can configure and execute patching, using SCORCH (System Center Orchestrator) & SCCM (System Center Configuration Manager), Shell Scripts or any other technologies...
Imagine, if a Server checks its health by its own, Checks the software versions it has and get/pull the new or desired configurations/versions from somewhere and patches/upgrades it by its own, in a timely fashion… In short, machines/servers are upgrading themselves to the desired configuration on its own... Sounding great right... this is what nothing but SELF - PATCHING...
In general, Logically Patching should happen in two modes PUSH or PULL
In PUSH, we will trigger the patching through command line, or through Self Service Portal or through some other means. Here patching might be an automated process. But it needs to be PUSHED.
In PULL, patching process will get triggered by machines/servers automatically.
The machine/server checks its configurations in a timely fashion and gets/pulls the required updates/patches from a source/other Server automatically and the patching process is executed.
In deed it is really interesting. For Linux/Unix Os, we can use frameworks like Chef or Puppet...or other tools.
For Microsoft OS, we need to use Power Shell Scripts to achieve this. There is a concept /technology called "Desired State Configuration" (DSC) - this is a Microsoft Technology, released as part of WMF 4.0 (Windows Management Framework 4.0, that has Power Shell 4.0)
The Self Patching happens through Desired State Configurations. When executed in PowerShell, it will produce MOF file (Management Object Format) for each target machine/server/node.
In short, everything happens through configuration /manifest files. We need to have agents to run on target nodes/machines which will poll the source server master configurations and executes the patch process/scripts accordingly in a timely fashion.
So, machines/servers can configure themselves, through PowerShell Desired State Configurations. Of course, this is one of the technical options ...
I hope it helps, as a starting point.
Happy Patching…
Regards
JMM
Hi..Father of DevOps++, Congratulations!
Associate Principal
10 年And IBM Endpoint Manager is one best tool to do it. It works for Servers, Desktops and as well for mobiles.
Associate Principal
10 年Hello Mohan, The idea very much works. But there is one problem that I see. When a Windows server is patched, most of the Security patches would require a system reboot. And as well, it is better to track any patch management using a change. :-) I hope in this case Self-Patching might not work..
Global Leader Digital and Enterprise
10 年JMM , Very interesting concept , can self patching be done for Apps such as SAP ?