TOP 10 WORST PATCH MANAGEMENT PRACTICES

This Wednesday | 12 PM EDT / 11 AM CET

REGISTER FOR THE WEBINAR

Getting Started

Endpoints

Patch Management

Vulnerability Management

Software Deployment & IT Assets

Automation & Remote Desktop

Real-Time Reports & Alerts

Account Access & Management

SSO Authentication

Security Concerns

Need Help?

Action1 5 Documentation 5 Update Ring

Update Rings

Understanding Update Rings

Action1’s autonomous patching uses update rings to roll out updates in stages. It can apply a variety of filters and automatically evaluate key metrics, such as success rates and deployment counts, to decide whether an update should continue to the next stage. Updates that pass the criteria in earlier (or ‘inner‘) rings move forward, to the outer rings. There is also an option to manually exclude updates if needed.

What are the success rate and success count?

  • Success count – number of updates successfully deployed on at least N endpoints in the ring. 
  • Success rate – calculated using the following formula: Success Count / (Success Count + Failure Count) × 100

This approach ensures that updates are regularly validated as they proceed from the inner to the outer rings, reducing the risks of failures.

Examples

 

  • Ring 0: IT Testing – Validates update installation and functionality within IT operations.
  • Ring 1: Early Adopters – Small group from IT and business teams providing feedback (~20%).
  • Ring 2: Broad Deployment – Rollout to the rest of the IT environment (~80%).

Automate Rollout of Software Updates with Update Rings

To implement a typical workflow for the automated rollout of software updates, do the following:

  1. Create Ring 0 to include the desired updates, selecting them from the list of currently missing updates. For details, see Only selected option description here.
  2. Create Ring 1 using the From previous (inner) update ring option and selecting Ring 0 as the inner ring. Optionally, you can configure filters (e.g., success rate) to apply to the selection of updates. For details, see From previous (inner) update ring option description here.
  3. Create all subsequent rings similarly.
  4. Monitor the update deployment status (by opening the Deployment Status view) for each ring.
To configure the automated rollout of software updates within each update ring:

  1. Navigate to the Automations  page.
  2. Click New Automation and select Update Ring.
Creating patch management automation - step 1
  1. Complete the wizard, following these steps:
    1. Configure Update Ring
    2. Select Endpoints:
        • Pick the applicable managed endpoints.
        • Add endpoints one by one, or select a group or all.
        • You can create a patch management automation that applies to all endpoints or just the most critical ones.
    3. Schedule:
        • Enter a name for the new automation and define the delivery schedule to push the updates.
        • Select the time that works best for your team, for example, every Saturday night.
        • Configure Missed schedule retry and maintenance window – specify the Automation completion deadline after the scheduled start time. This will instruct the offline or disconnected endpoints to retry the automation once they come online within the specified timeframe.
NOTE: If you need to update this setting, make sure not to set the time frame to an interval longer than the frequency of action execution (that is, do not set it to 48 hours if the action is executed every day).
Patch management - step 3
  1. Once ready, click Finish.

After completing the wizard, you will find the new automation on the Automations page.