Atera allows you to automate patch installation on your devices using IT Automation profiles. This feature enables patch installation via the WUA API. For more information about patch management and WUA API roles, please visit the Atera Patch Management article.
In this article, we will discuss the best practices when it comes to using Patch Management and IT Automation profiles in Atera and getting a high success rate.
Run order for Tasks
IT Automation profiles offer various tasks, including updating devices, installing third-party software applications, and performing maintenance tasks like rebooting and shutting down.
When running an IT Automation profile, all selected tasks may run simultaneously or in random order. Therefore, we recommend creating multiple IT Automation profiles with different tasks to ensure reliability.
The only task that does not run in a random order is the "Reboot if needed" task. This task will run only after patches are installed and if a reboot is required.
The "Reboot" task within IT Automation profiles can run in a random order or simultaneously with other tasks. If a profile includes the Reboot task along with other tasks and the devices reboot before the other tasks run, there is no need for concern. The remaining tasks will run once the devices are back online in Atera. By keeping all tasks in the backend, we guarantee that all selected tasks within a profile will execute, regardless of the order.
Despite the reliability of this process, we still recommend splitting your tasks into multiple IT Automation profiles, following the best practices listed below.
Best practices
It is important not to use one IT automation profile for all your monitored agents. First, please ensure to split the profiles based on systems' OS: Windows (workstations and servers), macOS, and Linux.
Next, separate main tasks into separate profiles based on how much weight they put on a system. Also, schedule them to run for one hour or one hour and a half between each other.
An example of how you can create the profiles:
1. First profile to Create System Restore Point (this takes a while)
2. Second Profile to Delete Temp Files then Delete internet history
3. Third profile to perform the necessary updates
The recommended approach for implementing patches and updates that necessitate a system reboot would be to activate the "Reboot if needed" feature. This feature ensures that devices are only restarted if an update specifically requires it. Additionally, you have the flexibility to customize the timing of the reboot through Configuration policies. For more information on this topic, please refer to the Configuration policies article.
NOTE: Do take into account devices that are offline during the profile execution as that could cause unwanted reboots when the profile is triggered (based on "Run on offline agents" setting). We recommend running all profiles outside of business hours and instructing the users to not turn off their machines to ensure a high success rate.
Low feedback success score
Sometimes you may get a low success rate after executing an IT Automation profile and checking the Feedback report.
Do note that the Patch & Automation Feedback email is always sent one hour after the IT automation was executed. However, if the "Run on offline agents" setting is set for more than 1 hour then more results will keep coming after the email was sent and the report will be different from the e-mail. Therefore, while some tasks may still be running in the backend, the feedback report would show these as failed.
In this case, try to schedule/check the Feedback report a few hours after the profile was executed.
Run the profile on newly installed agents
Having multiple profiles with the option "Run the profile on newly installed agents", on the same customer, can create conflicts when the profile runs on a newly installed agent. Make sure to use tasks that do not conflict with each other, in case you have scripts on each profile, make sure that both can run at the same time.
For more details on patch management troubleshooting, please check this article.