Examining the evolution of phased deployments for more effective and secure patching
With the rapid increase exploited software vulnerabilities, patching endpoints quickly is important to keep endpoints secure. However, it’s essential that patches are deployed with device compatibility and incident prevention in mind. Phased deployments can accomplish this goal. IT pros know that patch deployment rings are a best practice for ensuring that patches are rolled out in a tiered model. However, with advancements in intelligent automation, Deployment Waves within OneSite patch offer distinct benefits.
As I recently discussed in Riding the Waves of Change: Part I, Deployment Waves transform the typical, labor-intensive patching approach into a streamlined process, here I discuss the advantage of waves over traditional ring deployment.
The Ring Deployment Standard
Patches and software updates are essential for maintaining system security and functionality. According to Gartner, “An effective ring-based strategy will significantly reduce incidents arising from patching failure, due to the ability to detect and respond to issues earlier in the deployment.”1 Rolling them out in rings ensures that each update is thoroughly validated, keeping systems stable and secure without disrupting users. The advantages of ring deployments include:
- Risk Reduction: By deploying in controlled phases, IT administrators can mitigate risks associated with widespread system updates
- Feedback Loops: Each ring provides valuable feedback, allowing for adjustments before broader deployment
- Enhanced Security: Thorough testing ensures that patches are reliable and secure before full implementation
- Stability and Reliability: Gradual rollout through rings maintains system stability and minimizes disruptions
However, managing deployment rings manually can be cumbersome, and getting real-time visibility from each ring deployment often leads to delays and inaccurate data. Gartner® notes, “Outdated patching processes that depend on extensive testing and monolithic rollout processes increase overhead and limit the ability to keep pace with the increased cadence and volume of Windows and application updates.”2 This is where the innovation of Deployment Waves in OneSite patch management comes into play, significantly improving patching success.
Why Deployment Waves Surpass Ring Deployment
Deployment Waves within OneSite Patch mark a significant advancement from ring deployment strategies. This approach has benefits that directly address the core challenges faced by IT pros. Each of the following aspects contributes to a more effective patch management process, and the advances of deployment waves include:
- Accelerated Patching: Automated deployment waves reduce the time and money spent on manual rollouts.
- Scalability: Easily adjustable to suit the size and scope of each deployment, they are ideal for managing large volume deployments.
- Improved Visibility: Real-time reporting in OneSite Patch enables IT managers to monitor the progress and success of each deployment wave, facilitating agile decision-making.
- Customized Deployment: Different waves can be tailored to specific user groups or system types and scheduled at different times for optimal deployment.
- Flexibility: Unlike rings, you can create an unlimited number of waves, offering a greater level of control and granularity.
Setting Up Wave Deployments in OneSite Patch
As recently discussed, Deployment Waves in OneSite patch management are designed to group Business Units logically for phased software deployment. This setup allows for controlled and validated deployment of each wave, complete with appropriate controls, verification, and notifications.
In the Deployment Waves section, IT administrators can manage Waves and Wave Entries. Waves are containers for one or more Wave Entries, each containing one or more Business Units. Adding a new wave is as simple as clicking the "Add Wave" button, creating a section for Wave Entries:
Select "Create Wave Entry" to add a new entry to a Wave. Then, choose a Business Unit and decide whether to include child Business Units.
Options for including child Business Units range from the selected business unit only to all 5th level children, allowing for a detailed and logical arrangement of Business Units.
To target all desired devices efficiently, IT administrators can repeat this process for adding additional Business Units to the same Wave or for creating new Deployment Waves. Once set up, simply click "Save" to implement the configuration. Deployment waves can then be added to patching strategies and as soon as new patches are available, they will be patched according to the pre-set waves automatically.
The Power of Deployment Waves
Deployment Waves in OneSite Patch empowers IT pros to manage patch deployments with unparalleled precision and flexibility, while saving time over traditional ring deployments. OneSite Patch simplifies the setup of phased deployments, allowing for a one-time configuration that can be applied across different scenarios. For administrators, this means a more efficient, controlled, and adaptable patch management process, tailor-made for the unique needs of their organization.
[1] Source: Gartner, Accelerate Windows and Third-Party Patching, Tom Cipolla et al., 13 Feb 2023
2 Source: Gartner, Accelerate Windows and Third-Party Patching, Tom Cipolla et al., 13 Feb 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Disclosure: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.