SnaPatch – Patch Management Addon for Microsoft SCCM

SnaPatch - Patch Management

SnaPatch integrates with your existing Microsoft SCCM environment to schedule a snapshot of your virtual machines prior to the deployment of WIndow's patches.

SnapShot Master Tick

Integrates directly with Microsoft's SCCM.

SnapShot Master Tick

Snapshot your virtual machines automatically and to a schedule.

SnapShot Master Tick

Deploy patches directly from SnaPatch to your SCCM clients.

SnapShot Master Tick

Automatically delete snapshots based on retention policy.

SnapShot Master Tick

See patching compliance at a glance.

Connect to your existing Microsoft SCCM environment

Microsoft Azure

Access and interact with your SCCM environment – view collections and servers, along with detailed information including make, model, OS and serial numbers.

Patching compliance at a glance

SCCM Patching View

Check the compliance level of each server from within each collection. See detailed information such as the number of updates missing for each class (ie. security, critical, service packs, etc.)

Snapshot your servers before deploying patches

VM Cloning

Remove the risk of patching your virtual Windows fleet by automatically taking a snapshot before deploying any patches.

Patches are only deployed to servers that have had a successful snapshot performed. If the snapshot fails, then no updates are deployed to those servers.

Automatically delete snapshots based on retention policy

Automate SCCM

You decide how long to keep snapshots before the system automatically deletes them, and even get reminder emails before it happens! You   also have the option to exclude servers from the snapshot auto-delete policy.

Notifications

SCCM Email Notifications

Stay informed every step of the way. You may configure SnaPatch to inform you when a job starts, snapshots are complete, patching is finished and when snapshots are due to be deleted.


SnaPatch Overview

SnaPatch (now on Version 3.42) connects and interacts with Microsoft’s System Centre Configuration Manager  SCCM , VMware’s ESX and now also Microsoft’s HyperV. By bridging all of these platforms it allows us to remove the inherent risk associated with patching and updating servers. This is achieved by automatically taking snapshots of the virtual server prior to deploying any patches. This ability gives you a reliable and fast roll back if any of those updates cause an issue to your virtual machines.

SnaPatch also connects to your SCCM SQL database to pull vasts amount of information to provide you with the clearest and most up to date picture of your environment.

SCCM is a fantastic tool for deploying updates to your Windows fleet, however, it relies on companies and system administrators to have dedicated test environments to determine the possibility of a patch having a detrimental effect on any particular server or application. Even if the patch doesn’t cause any issues within a test environment, that doesn’t necessarily mean it won’t cause an issue in production. The safest and easiest way to remove this risk is to take a snapshot of the virtual server before deploying updates.

However, this is quite a time consuming and arduous task. It requires timing and dedicated resources typically working late at night. It also means having to keep track of any snapshots and ensuring they are deleted, which often doesn’t happen.

SnaPatch removes all of these issues. Everything is automated and scheduled, and runs according to your preferences. Below is a quick walk through of the steps to create a patch schedule.3


SnaPatch – Key Features

View collections and members

SnaPatch reads and lists all the collections within SCCM. It also shows you the members of each collection.

Easy to set up and configure

SnaPatch has been designed with one thing in mind, keeping it simple and easy. Be up and running in less than 30 minutes.

View patching compliance

Quickly see the patching compliance for each individual server. It shows you the break down of how many patches are missing, and what those missing patches consist of (i.e. critical, rollups, service packs, etc.)

Easily differentiate between physical and virtual machines

The main window of SnaPatch allows you to very easily differentiate which machine is physical and which is virtual.

Create Software Update Groups

Select the updates you wish to deploy and create a Software Update Group without needing to use the Configuration Manager console.

Take a snapshot of a virtual server before deploying any patches

Take a snapshot of the servers you’ve selected to patch before any patches are installed.

View detailed information for every update

Search and filter updates based on operating system and classification. Also view detailed information for every update, such as article ID, hotfix link and whether or not it’s been deployed, superseded or expired.

Search for a server and lists its memberships

Searching for a server or computer will return a list of all the collections that machine is a member of.

The dashboard keeps you up to date on every task

Launch the dashboard to see what’s happening at that very moment. Instantly know what task is being run on each server.

Set a schedule to perform all the tasks

Select the servers you want to patch and set a schedule. The system will then go off and snapshot the servers and deploy the patches you’ve selected all according the schedule.

Create a maintenance window

Set a maintenance window as part of the schedule to determine when the patches can be installed.

Easily manage scheduled jobs

The scheduled jobs window allows you to manage all your jobs. Start, stop, delete and see which servers are part of a scheduled job.

Deploy patches to both physical and virtual servers

SnaPatch allows you to deploy updates not only to virtual servers but also to physical. Of course however you don’t have the option to snapshot physical servers before deploying updates.

Get email notifications to keep you informed

Select optional email notifications to keep you informed every step of the way. You can set it to email you when a job starts, when snapshots have been completed and when patching is completed – along with the outcome of the installation.

Keep track of and automatically delete snapshots

Enabling this option lets you determine how long snapshots should be retained before they are automatically deleted.

Receive emails before snapshots are deleted

Receive an email a set number of days before any snapshot is deleted. This way you will know well ahead of time before any snapshot is deleted.

Exclude servers from the snapshot auto-delete policy

If you have sensitive servers that you want to exclude from the snapshot auto-delete policy you can easily do that too.

Include virtual machine memory as part of the snapshot

Choosing to include the VM memory as part of the snapshot will increase the time it takes to perform the snapshot but also allows you to return to active (running) point in time. This is optional as it is not always necessary to return to a previously running instance.

Scan for desktops and laptops as well as servers

The system allows you to include desktops and laptops as part of the scan. You may view detailed information for every device in your environment – including make, model, serial number, operating system and patching compliance.

Create computer groups

Create your own computer groups to re-use and deploy patches quickly.

SnaPatch Patch Management Screen Shots

SnaPatch Patch Management Dashboard
SnaPatch Patching Dashboard
SnaPatch Patch Management Home
SnaPatch Console Screen
SnaPatch Patch Management Updates Selection
SnaPatch Patch Management Updates Selection
SnaPatch Patch Management Schedule
SnaPatch Patch Management Schedule


SnaPatch FAQ

Q – What are the requirements for SnaPatch?

SnaPatch requires that you have SCCM 2012 R2, at least one vCenter running 5.0 (or above) or SCVMM and a SQL server containing the SCCM database. The SQL instance may reside on the same server as the SCCM server or on a remote SQL server. As for hardware and OS, SnaPatch needs very little, 2 vCPU, 4GB RAM and 10GB free space. It will run on Server 2008R2 SP1 (SP1 is a requirement for 2008R2), Server 2012 or Server 2012R2, 2016.

Q – What permissions are required for SnaPatch to function?

You must have local administrator access on the server to run SnaPatch. It also requires that the powershell execution policies for both x64 and x86 are set to “remotesigned”. As SnaPatch communicates and interacts with SCCM, VMware, SQL, HyperV and remote computers, you must provide accounts that have the relevant level of permissions to perform certain functions. Details around these requirements can be found under the support pages.  

Q – Some of my servers don’t show an image or the image isn’t correct

We have tried to provide an image for as many servers and computers as we could, however it’s impossible to cover them all. If you have a machine that is not showing an image or the image is incorrect, please let us know the make and model and we will gladly add it to the image database as part of the next release.

Q – Does SnaPatch require an agent to be deployed?

No, SnaPatch does not use any agents. It communicates using the .NET framework, custom PowerShell code, WMI and SQL queries.

Q – Can SnaPatch deploy patches to physical servers?

Absolutely! You may deploy patches to physical servers just same as virtual servers, of course however, snapshots will not be taken.

Q – How does licensing work?

SnaPatch is licensed based on the number of servers within your SCCM database. For example, if you purchase a 250 server license but have more than 250 servers in your environment, SnaPatch will only display the first 250.

Q – Can I upgrade my license to cover more servers?

Certainly, just send us an email with your current details and what license level you would like to upgrade to and we will help you out.