Richard:

I have a small set of scripts that you might be able to implement with just some config-file changes.

I employ a standard directory structure for all software, including hotfixes and service packs. This structure is replicated between physical sites on the WAN, and across into the DMZ segments via a secure channel.

There is a Kix script in the root of this structure, and kix is available in a \bin folder. Running INSTALL.BAT invokes the kix script via the copy of kix in the bin folder, so there is no reliance of any software on the target system. The install command can install any product (including O/S upgrades) as well as alternate versions, collections (packages) of hotfixes, and service packs via simple command line args.

For critical updates, we have a DEPLOY tool. A master (XLS) list of systems is maintained, with fields to sort on site or O/S, or even key products. This generates a text file of server names that we want to push a patch to. When you run DEPLOY from your admin workstation, you specify the product and installation args, the start time/date, and the system list file. You can then push out scheduled tasks to run at the determined time (or next reboot) to all systems. We generally push it to all trusted servers throughout the WAN from one workstation, but each target system is able to actually determine its closest software distribution server and update over the LAN. We've scheduled 7 deployments for the recent patch - 160 trusted servers system-wide, and a few dozen more in 6 DMZ segments. Takes about 15 minutes to prep and push, and about an hour to execute, since we build in delays to spread out net traffic.

For automated, rolling maintenance, I have a MAINT kix script that runs as a monthly scheduled task. It determines a maintenance "cycle" - monthly, quarterly, semi-annual, or manual. It checks a central config file on the closest SW Distribution server, compares the requirements to the current system configuration (SP, hotfixes, application versions, etc) and installs anything defined and needed. It can "survive" multiple reboots, and forces a reboot after every O/S update. (SP or HotFix package) It processes the O/S maintenance by cycle (annual, semi-annual, quarterly, monthly) and then starts on application install/uninstall and patching.

BTW - the directory structure also integrates into SMS fairly easily, and the installation batch files can be used directly by SMS and Tivoli software distribution.

I have lots of documentation on this that I can send you to review before making any code or file structure commitments.. let me know and I'll send off a ZIP of the docs.

We've been using this to maintain a few hundred servers (300+) across 5 sites for the past 2 years.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D