Blackout windows and patching windows - share your thoughts!

Do you have blackout windows for patching, where you are not allowed to roll out any patches, no matter how critical? Correspondingly, do you have designated patch windows when you’re allowed to push out patches and reboot machines?

We’re asking because we’re looking at improving the scheduling options in the console. We’re also considering the value of a global console blackout feature, where you can forbid any patch policies from accidentally being scheduled during set timeframes locally or in a standard time. Let us know your thoughts!

3 Likes

The majority of our customers are patching windows, but blackouts are used as well.
We get X hours to patch and reboot on the majority, but during specific periods of the year, we aren’t able to do anything due to quarter end or something similiar.

3 Likes

Our servers have dedicated patching windows, where we can only take down the system(s) for a set period of time (e.g. 6:00-10:00 am EST on a Saturday morning). This maintenance window varies by server group. Our workstations can be patched at any time, thankfully.

We really do not want our servers to be patched & restarted unless they’re inside of a planned patching window. If there’s a critical out-of-band patch for our servers, then we’ll schedule an impromptu patch window.

A blackout feature could be interesting. We’ve had an issue in the past where one user accidentally patched/rebooted thousands of servers (using a different patching tool) right before Christmas. It was a very long weekend dealing with the fallout.

6 Likes

Yes. Our Point of Sales machines are managed with Automox and can’t have updates going out during business hours or critical shopping days like Black Friday, etc.

2 Likes

Yes, this would be a major enhancement for us as we have both situations with our customer’s server environments.

Setting the schedules to a standard time instead of running off machine local time will be a big help as well since many of the Enterprise maintenance windows are globally synchronized. They begin at 10e/9c for example.

2 Likes

That makes sense! Would your organization benefit from both a global time and a local time for different reasons or would you prefer to only have the standard time?

I could see both being useful: local time for workstations, global time for servers (where coordinating outages is required).

2 Likes

Agreed with Chris, I can think of some instances where small groups might like to have their servers set to follow local time, and definitely see the value for workstations. Server environments though right now for us are entirely global time.

2 Likes

One of our other tools handles this nicely actually. It defaults to the timezone you have in your profile, but gives you the option of changing it.

image

2 Likes

Cool thanks for sharing the screenshot!

We have blackout days for 90% of end user devices from the 7th - 15th every month excluding Zero Day. The closest I can get to this currently is the 8th - 14th by selecting all except the 2nd week. It would be nice to have the granularity to select/unselect days of the month.

1 Like

Thanks for the feedback @mscro! You are not alone in this feedback on how to schedule within days of the month. We have it as an item to resolve this challenge though we do not have a timeline for that yet. We’re aiming for this year at the very least.

2 Likes