Strategies

Strategies are a critical step in designing your system that defines What, When, and How to implement your patching.

Create a Strategy in v10.0+

In OneSite Patch, creating new patching strategies is comprised of four simple steps:

1. Overview - Enter a Name, Description, and Enable the Strategy.

2. What to Patch - Include all the Products you'd like to patch.

3. When to Patch - Set a schedule for when you'd like your Strategy to run.

4. How to Patch - Set up how you'd like to patch to specific Business Units and add Transitions that let you control the behavior of how the strategy is executed and how patches are deployed.

Below is an example that incorporates several features of the new Strategy configuration with a staged approach to ensure successful deployment for pilot to production devices. This is a common use case that you will likely want to implement in your own environment.

Navigation

1. Click Strategies from the side bar navigation.

2. Click New Strategy.

Overview

1. Enter a Name and an optional Description.

2. Toggle ON Strategy Enabled.

   

What to patch

1. Toggle ON Include All Products or choose individual products.

2. Click OK.

   
3. Click Next.

When to patch

1. Select Browse next to Schedules.

2. Click the Schedules folder and select 2nd Tuesday of Month (00hrs) from the table.

3. Click OK.

   
4. Click Next.

How to patch

1. Click Next then select + Add Deployment Ring.

2. Click Browse and select the built-in 1% of All Devices (Built-in Pilot) business unit.

   • 1% of All Devices (Built-in Pilot) selects devices at random. If you want a more specific pilot group that represents all aspects of your environment (OS, device type, etc.), please see our Create Business Unit page.

     
3. Click + Add Transition > Delay Transition and enter 3 days.

   • This will allow your admin time to test and verify these devices before deploying to production devices.

4. Click + Add Transition > Approval Transition and add an approver(s).

   1. Set the Minimum Approvals Needed to 1 and Reminder Interval to 2 hours.

   
5. Add a pre-production Deployment Ring that has a larger subset of devices than your Pilot Business Unit.

6. Select + Add Transition > Success gate.

   1. Minimum Success Threshold set to 80% and Maximum Failure Threshold to 5%.

      • This will ensure that at least 80% of devices must succeed AND no more than 5% can fail deployment.

   2. Failure Action

      • Set to Roll back, remove from next ring, and continue.

      • This failure action will roll back any patches that may have been installed on successful devices, then the patch will be removed from the deployment, and then the deployment will continue from here.

   3. Roles to Notify

      • Set to desired Roles.

   4. Communication Provider

      • Set to desired provider.

   5. Notification Message

      • Write a descriptive message. e.g. Patch failed to install on greater than 5% of targets. Failing patch was {PatchName}.

      
7. Click + Add Transition > Deployment Ring and select All devices.

   

You have now created a new Strategy that:

• Deploys to a pilot business unit for initial testing.

• Deploys to a pre-production business unit with a success gate to a larger subset of devices for further validation.

• Deploys to a production business unit to deploy to all remaining devices.

If you would like to run your Strategy immediately instead of waiting for the selected scheduled time, you can select the ellipses (...) next to your Strategy name in the table and the select Run Strategy.

Deployment plan details

Below is some additional information regarding the Transition settings in the How to Patch section of the Strategy walkthrough.

Add deployment ring

Adding a Deployment Ring will allow you to choose which Business Units you'd like the Strategy to target for deployment.

Add a transition

Transitions give you the ability to create objects that dictate the behavior of how a patch should be deployed.

Approval

You can add an Approval Transition that will require a patch to get an approval prior to deployment. With an Approval Transition, you can specify:

• Which Role will be the approval body

• Whether or not you need unanimous approvals or a minimum number of approvals needed

• When to send reminders to approvers after an approval request has been sent

  

Delay

Delay Transition allows you to delay the deployment of a patch by a specified time after it is received.

• Enter Delay Duration in Days, Hours, Minutes.

  

Success gates

You can create Success Gate Transitions to test on a smaller Business Unit before deploying out to a broader scope of devices. After creating your Strategy with a Success Gate, a Deployment wave will be automatically generated.

With a Success Gate you can define things like:

• A Minimum Success Threshold sets how many deployments must succeed by percentage of devices before continuing. For example, if you have 2 devices and you set Minimum Success Threshold to 50%, at least 1 device must be successful before continuing the Patching Proccess pipeline.

• Similar to Minimum Success Threshold, you can set a Maximum Failure Threshold that will fail a Patching Process if the percentage of unsuccessful deployments is exceeded. In the same scenario of 2 devices, if you set the maximum to 50% and 1 device failed, it will trigger the Failure Action.

• If a particular patch deployment fails, you can specify whether or not to send a Failure Notification and if you want it to:

  • Abort

  • Continue

  • Remove from next wave and continue

  • Roll back, remove from next wave, and continue