I'm looking for guidance on the recommended way to automatically apply SQL security and CU updates (excluding service pack updates) for a 2 node SQL AlwaysOn availability group with the orchestration group feature in MECM.
Our infrastructure team wants to use the orchestration group feature to update the active node first, let it fail over to the other node with the reboot of the active node, then update the other (now active) node. This way when the second node reboots, the AG fails back over to the original active node.
Our DBA team wants MECM to identify and update the passive node first, reboot, then fail the active node over making it the passive node and then finish the update. My concern with this is that the orchestration group order will not be able to identify the passive node as it may not always be the same node each update cycle.
Is there a recommended way to automatically update SQL in an AG with the orchestration group feature? How are you other admins doing this?