OperationsUpdated July 3, 2026
OHEMR Epic Patching
referencepatchingmaintenanceazureautomationtaggingschedulesconfiguration-management
OHEMR Epic Patching
Naming Convention
Naming is important because it explains the schedule. The convention is as follows:
| CSP | Recurrence | Week | Day | Hour |
|---|---|---|---|---|
| Z: Azure | M: Monthly | W0 | D[0-6] | H[00-23] |
| W:Weekly | W[1-4] | D[0-6] | H[00-23] |
Examples
ZWW0D0H02 - Weekly, Week 0, Day 0 (Sunday), 02AM ZWW0D2H06 - Weekly, Week 0, Day 2 (Tuesday), 06AM ZMW3D4H20 - Monthly, Week 3, Day 4 (Thursday), 8PM
Notes
- The 5th week of the month will never be used because if a patch falls on an impossible day it would be skipped
- 0:Sunday, 1:Monday, 2:Tuesday, 3:Wednesday, 4:Thursday, 5:Friday, 6:Saturday
- All Maintenance Configurations are set to reboot after patching, even if no patches were applied.
- All weekly schedules will use Week 0, (W0)
Azure Configuration
- Servers patch based on the PatchSchedule tag
- Maintenance Configurations must be duplicated in each subscription for them to work in that subscription
- Dynamic Scopes are attached to each Maintenance Configuration that point to the PatchSchedule Tag.
- There is a tagging policy that must be modified if you are creating new Schedules. That is stored in the policy repo, not in the repo that you're adding to.
- If you need to temporarily disable patching on a server, apply ALL_DO_NOT_PATCH.
RACI Document
This document establishes the roles for Patching.
| Abb | Role |
|---|---|
| R | Responsible (does the work) |
| A | Accountable (owns the result / makes the final decision) |
| C | Consulted (provides input) |
| I | Informed (kept in the loop) |
| Category | Task/Activity | Server Operations | Patching Team | Network Operations | Infrastructure Operations Management | Application Operations | Epic Support | Cyber Defense | Citrix Team |
|---|---|---|---|---|---|---|---|---|---|
| (Benny Butler's Team) | (Charles Smith's Team) | (John Mouser's Team) | (Randy Olinger's Team) | (Rafal Kamieniecki's Team ) | |||||
| Patching | Approve New Patching Maintenance Window | C | I | R/A | |||||
| Patching | Create New Patching Maintenance Window | R/A | |||||||
| Patching | Configuring Resource for Patching (Patch Orchestration & Tagging) | A | C | I | I | ||||
| Patching | Verifying Resources Configured Correctly for Patching <br/>(Patch Orchestration & Patch Tag) | R/A | C | ||||||
| Patching | Verifying Scheduled Patches Performed Successfully | I | R/A | ||||||
| Patching | Ad-hoc Performing Patching (including creating the Change Request) | R | R/A | I | C | I | |||
| Patching | Triage and Recovery Actions from Patch-Related Incidents | R/A | R | I | C | I | |||
| Patching | Report Patching Compliance | C | RA | ||||||
| Patching | Monitor Post-Patching Health | C | R/A | ||||||
| Patching | VDA Patching, monthly based on updated golden image | R/A | |||||||
| Vulnerability | Monitor Security Platform Portal (Day to Day) | R | A | ||||||
| Vulnerability | Operating System vulnerability remediation for Critical, High, and Known Exploitables (VMs, OS, Golden Image) | R/A | |||||||
| Vulnerability | Cloud Configuration vulnerability remediation for Critical, High, and Known Exploitables (Azure Storage, Key Vault, etc.) | R/A | |||||||
| Vulnerability | Application-level vulnerability remediation for Critical, High, and Known Exploitables (Epic, SQL, Web Apps) | I | I | R/A | |||||
| Vulnerability | Firewall vulnerability remediation for Critical, High, and Known Exploitables | R/A | |||||||
| Vulnerability | Report Vulnerability Status | R/A | |||||||
| Security | Remediating issues with Agents on all VMs and Servers | R/A | |||||||
| Security | Monitor OHEMR Policy Compliance | R/A | |||||||
| Security | Remediating VM and Servers when Non-Compliant with any OHEMR Policy | A | |||||||
| Security | Monitoring Core Infrastructure from Cyber Attacks | R/A | |||||||
| Security | Monitoring Core Infrastructure Performance and Availability | R/A | |||||||
| Security | Monitoring Application Performance and Availability | R/A |