What is the best way to automate the staged deployment of patches to ~200 servers each month?
Our deployment consists of development and test servers one week after Patch Tuesday, then production servers the following week. Ideally, we'd like both deployments to be scheduled/automated so that they can occur during a late night/early morning maintenance window without someone having to babysit.
We also want to make sure that the patches deployed to production servers are exactly the same as the ones that were deployed to development and test servers one week prior. In other words, we want to ensure that if any new patches are released during that week between development/test patching and production patching, they don't get deployed to production servers since they haven't had a chance to be tested.
Finally, along these same lines, we also want to have an easy way to prevent or exclude a patch from being deployed to production servers if an issue is found on development/test servers.
Is anyone successfully doing anything along these lines? Would love to hear some thoughts and ideas on your setup and how you're doing it.