Strategies

Strategies are a critical step in designing your system that defines What, When, and How to implement your patching.

Create a Strategy in v10.0+

In TPM, creating new patching strategies is comprised of four simple steps:

  1. Overview - Enter a Name, Description, and Enable the Strategy.

  2. What to Patch - Include all the Products you'd like to patch.

  3. When to Patch - Set a schedule for when you'd like your Strategy to run.

  4. How to Patch - Set up how you'd like to patch to specific Business Units and add Transitions that let you control the behavior of how the strategy is executed and how patches are deployed.

Below is an example that incorporates several features of the new Strategy configuration with a staged approach to ensure successful deployment for pilot to production devices. This is a common use case that you will likely want to implement in your own environment.

  1. Click Strategies from the side bar navigation.

  2. Enter a Name and an optional Description.

  3. Toggle ON Strategy Enabled.

  4. Toggle ON Include All Products or choose individual products.

  5. Click OK.

  6. Click When to Patch then select Browse and select 2nd Tuesday of Month (00hrs) from the table.

  7. Click OK.

  8. Click How to Patch then select + Add Deployment Ring.

  9. Click Browse and select the built-in 1% of Workstations (Built-in Pilot) business unit.

  10. Click + Add Transition > Delay Transition and enter 3 days.

    This will ensure that 3 days will have passed before the next operation in the strategy is triggered.

  11. Click + Add Transition > Approval Transition and add an approver(s).

    • Set the Minimum Approvals Needed to 1 and Reminder Interval to 2 hours.

  12. Select + Add Transition > Success gate.

    1. Minimum Success Threshold set to 80% and Maximum Failure Threshold to 5%.

      This will ensure that at least 80% of devices must succeed AND no more than 5% can fail deployment.

    2. Failure Action

      • Set to Roll back, remove from next ring, and continue

      This failure action will roll back any patches that may have been installed on successful devices, then the patch will be removed from the deployment, and then the deployment will continue from here.

    3. Roles to Notify

      • Set to desired Roles.

    4. Communication Provider

      • Set to the desired provider.

    5. Notification Message

      • Write a descriptive message. (e.g., Patch failed to install on greater than 5% of targets. Failing patch was {PatchName}.)

  13. Click + Add Transition > Deployment Ring and select All devices

You have now created a new Strategy that effectively deploys to a pilot business unit for testing, then a pre-production business unit for a larger subset of devices to ensure further validate a successful deployment, and finally a production business unit to deploy to all devices.

If you would like to run your Strategy immediately instead of waiting for the selected scheduled time, you can select the ellipses (...) next to your Strategy name in the table and the select Run Strategy.

Deployment plan details

Below is some additional information regarding the Transition settings in the How to Patch section of the Strategy walkthrough.

Add deployment ring

Adding a Deployment Ring will allow you to choose which Business Units you'd like the Strategy to target for deployment.

Add a transition

Transitions give you the ability to create objects that dictate the behavior of how a patch should be deployed.

Approval

You can add an Approval Transition that will require a patch to get an approval prior to deployment. With an Approval Transition, you can specify:

  • Which Role will be the approval body

  • Whether or not you need unanimous approvals or a minimum number of approvals needed

  • When to send reminders to approvers after an approval request has been sent

Delay

Delay Transition allows you to delay the deployment of a patch by a specified time after it is received.

Enter Delay Duration in Days, Hours, and Minutes.

Success gates

You can create Success Gate Transitions to test on a smaller Business Unit before deploying out to a broader scope of devices. After creating your Strategy with a Success Gate, a Deployment Wave is automatically generated.

With a Success Gate you can define things like:

  • A Minimum Success Threshold sets how many deployments must succeed by percentage of devices before continuing. For example, if you have 2 devices and you set Minimum Success Threshold to 50%, at least 1 device must be successful before continuing the Patching Process pipeline.

  • Similar to Minimum Success Threshold, you can set a Maximum Failure Threshold that will fail a Patching Process if the percentage of unsuccessful deployments is exceeded. In the same scenario of 2 devices, if you set the maximum to 50% and 1 device failed, it will trigger the Failure Action.

  • If a particular patch deployment fails, you can specify whether or not to send a Failure Notification and if you want it to:

    • Abort

    • Continue

    • Remove from next wave and continue

    • Roll back, remove from next wave, and continue