Update Rings
Update rings let you roll out remediations gradually instead of pushing to every endpoint at once. Start with a small test group, verify everything works, then expand. This is how teams avoid “we pushed a bad update to 10,000 machines at once” scenarios.
How rings work
Section titled “How rings work”A remediation scope can optionally have a ring policy that partitions its matched endpoints into ordered stages. When the scope is activated, only the first ring (ring 0) is dispatched. Later rings wait for manual promotion.
Ring policy modes
Section titled “Ring policy modes”| Mode | How endpoints are assigned |
|---|---|
| Tag-based | Endpoints are assigned to rings based on their tags. Each ring has a tag filter (e.g., ring 0 = canary, ring 1 = early-adopters, ring 2 = everyone else) |
| Percentage-based | Endpoints are deterministically split by percentage. Ring 0 gets 5%, ring 1 gets 20%, ring 2 gets the remaining 75% |
Ring lifecycle
Section titled “Ring lifecycle”pending → active → promoted → completed (last ring only)| Status | Meaning |
|---|---|
| Pending | Waiting for the previous ring to be promoted |
| Active | Dispatching executions for this ring’s endpoints |
| Promoted | Health gates passed; the next ring has been activated |
| Completed | The last ring transitions here when promoted (no successor to activate) |
Promotion and health gates
Section titled “Promotion and health gates”Promotion is always manual — there is no automatic advancement. Before a ring can be promoted, two health gates are evaluated.
Efficacy gate
Section titled “Efficacy gate”Checks whether the remediations in this ring actually worked. The rate is computed from efficacy verification: verified_fixed / total_verified. This rate must meet the ring’s minimum efficacy threshold.
If 95% of executions in ring 0 are verified fixed and the threshold is 90%, the gate passes.
Soak time gate
Section titled “Soak time gate”A minimum time must elapse since the last execution completed in the ring. This gives the team time to observe for side effects (application crashes, performance issues) before expanding.
Force override
Section titled “Force override”Both gates can be overridden. Overrides are audit-logged so there’s a record of who bypassed the gates and when.
New targets and rings
Section titled “New targets and rings”When a new target is discovered that matches a scope with a ring policy, Furl checks whether the target’s endpoint belongs to the currently active ring before remediating. Targets outside the active ring are skipped until their ring is promoted.
Scopes without rings
Section titled “Scopes without rings”When a scope has no ring policy, all matched targets are dispatched immediately on activation. Rings are entirely optional — use them for higher-risk rollouts (broad fleets, less-tested strategies) and skip them for routine, well-understood remediations.
Related
Section titled “Related”- Remediation Scopes — rings attach to scopes
- Strategy Executions — executions are created per ring
- Confidence Score — the efficacy gate uses verified outcomes