SQL Cluster Patching with Tanium Automate - Tanium Tech Talks #126

SQL Server clusters remain mission-critical in many enterprise environments—even in the era of cloud and SaaS. But patching them is notoriously tricky, requiring careful coordination to avoid service disruption. That’s where Tanium Automate comes in.

Building on the momentum of Tanium’s Autonomous Endpoint Management (AEM) innovations, this session dives into real-world orchestration strategies that help reduce downtime and risk during patch cycles.

Rob walks us through a hands-on example of how to use Tanium Automate, Patch, and custom-built sensors and packages (developed specifically for demonstration purposes) to orchestrate SQL cluster patching in a controlled and repeatable way. This episode is especially valuable for IT teams looking to reduce manual effort, improve reliability, and tailor patching workflows to their unique environments. Every cluster setup may require different orchestration logic.

If you’ve ever spent a weekend manually patching SQL clusters—or dreading the aftermath—this episode is for you. Watch the full video to see how Tanium Automate helps turn a high-effort, high-risk task into a structured, flexible process: complete with built-in checks and customizable steps to match your operational requirements.

Key takeaways

• Tanium Automate enables orchestrated, step-by-step control of SQL cluster patching. Rob demonstrates how to use Automate to coordinate failovers, validate node health, and sequence actions across cluster nodes—minimizing disruption and human error.

In your environment, you are probably gonna have requirements and things that must be done in a particular way. What we’re just trying to show you is how you could use Automate and Patch and various other things within Tanium to achieve that.

• Custom-built sensors and packages provide the foundation for orchestration. Rob introduces a PowerShell-based sensor that checks SQL Availability Group replica status and a package that performs a switchover using Microsoft’s SQL PowerShell module (which must be pre-installed on the SQL servers).
• Patch and Automate integrate to deliver controlled, policy-driven patch deployment. The playbook uses Patch to scan for applicable updates, apply dynamic patch lists, and manage reboots, supporting both OS and SQL Server patching based on your configuration.

I know my previous role, Patch Tuesday would come around… There’d be a team of people that would sit there and watch servers get patched, which is not very exciting. Probably quite expensive and everybody’s got better things to be doing on a Saturday… [Tanium Auomate] allows you to be automating the process, which is great ’cause you take away some of the manual errors but it also means you don’t have to sit there and watch it. You go and do something else, then it’ll tell you when stuff happens.

• Notifications and validation steps help streamline operations. Automate can send alerts if a step fails or requires attention, and end-of-playbook checks confirm all cluster nodes are healthy—minimizing the need for manual intervention.
• The playbook is reusable and adaptable today—and will be even more powerful tomorrow. Playbooks can be cloned and modified for different clusters, and upcoming features like parameterized playbooks and gallery templates will enhance scalability and reuse.

Additional resources

• AEM use case: SQL Cluster patching walkthrough (login required)
• Tanium Automate community (login required)
• Tanium Automate user guides
• Tanium training calendar – Filter for the “Tanium Custom Content” course to register for free sensor and package training
• Tanium Connect O365 email feature – Tanium Tech Talks #61
• Microsoft Azure Virtual Machine extension – Tanium Tech Talks #122