When I joined LeSaint Logistics in 2015, one of the pain points of the IT Operations department was managing and deploying Windows Updates to all of the servers in a manageable way. I first attempted to deploy a WSUS server but was met with inconsistent results with minimal control for automating server update maintenance windows. So I designed a system where we could specify a maintenance window per server and an agent on each server would download updates, install them, and report back to a central control server on the progress of the updates. Here are what went into each component built in this system.

The agent

Each server was a Windows service built with C# that would check in with a central server and listen for maintenance windows configured on that server. During a configured maintenance window, the agent would do the following:

  1. Check for updates and download packages.
  2. Install the update packages.
  3. Reboot the servers as needed.
  4. Repeat the above loop until no packages were available or the maintenance window would close.
  5. Report the logs and status back to the central control server.

Group Policy was configured for the servers to deploy the agent using a PowerShell script.

The server

There was a single central control server deployed to AWS EC2 running Ubuntu that the agents would communicate with. It was a simple website built with NodeJS, Vue, and MongoDB. The Vue front end would be used by the team to configure a maintenance window for the servers that would be a time range configured for each server. An API was available for the agents to check in with.

The result

Once this project was deployed, techs no longer had to manually install updates over a long 4-8 hour maintenance window and users within the organization would be able to resume operations since the updates would install across all servers at the same time with little manual intervention.