Hey everyone! I'm looking to move away from SCCM for our server patching process and have a few specific requirements that need to be met. To give you an idea:
- I need a solution that supports n-1 patching.
- It must allow me to patch different server groups on certain days (for instance, patching group 1 on the 4th of every month).
- I want the option to schedule a patch immediately but be able to restart later or do it manually.
- It should provide reports on patch compliance for specific server groups.
- Ideally, I'd prefer a SaaS tool, but I'm open to other options too.
I've checked out a few commonly recommended tools mentioned online, but I haven't found one that fulfills all these needs yet. Any suggestions?
5 Answers
We use Ninja One and it checks all the boxes you've listed. It's been working well for our team!
Have you considered Azure Update Manager? It may fit your requirements quite well!
On-prem, Ivanti Security Controls (formerly Shavlik) can handle what you're asking. Their SaaS version might be Neurons?
You should look into Action1. They recently launched update rings; while there's no direct n-1 checkbox, you can delay updates for a certain time after successful deployments. It’s cloud-native and agent-based, so as long as your endpoints have an outbound connection, you should be good to go!
I switched to using Ansible for patching. It does require some customization, but it's super powerful once you set it up right.
Sounds great! I've heard positive things about Action1 too. Just keep in mind that if you set a GPO that overrides reboot options, it might lead to unexpected results. But overall, it seems like a solid choice!