Suggest a patch automation solution for this architecture type

Hello Ansible Enthusiasts,
The scenario is:

  • my organization has large internal server network that has Windows 2008/2008 R2/2012/2012 R2 and Linux flavors.
  • distributed in 5 domains.
  • these are on Internal Network and sits behind firewall.
  • LINUX machines are allowed to communicate with Red Hat Servers for updates. (yum update).
  • for WINDOWS no active internet connection.
  • so use of third party patch management tool that needs manual interference to select machine/group, approve updates and deploy.
  • this takes several hours to do, several weeks to patch all machines.
  • one reason being, there is requirement to take Machine Snapshot (i dont know how mandatory but for safety purpose) and sometimes pause some robots running on other machines.

This is all lengthy and time consuming process.
I am asked to automate this patching process given above scenario.

Can anyone help here suggest a solution.
******* Please ask for more information if need to help me *********

Along side I have some queries too:

  1. Can windows update be applied in background to these servers?
  2. Will these cause any failure?
  3. For this reason is it required to take snapshot all the time?
    4, Do not want to REBOOT immediately, but schedule reboot on weekend…

Is there a solution for this? I want to reduce or eliminate a manual interference as much as possible and automate this repetitive process.

Is there a language where "ansible" translates to "i need help"?

Pardon me. I didn’t get that Ben.