RHEL Security Patching Schedule

I don't want to reinvent the wheel so I thought I would start by asking what others are doing.
I support a 2000 node RHEL server environment consisting of DEV/TST/PROD. The applications are middle-ware, & databases. Security team would like to have RHEL security patches installed on a quarterly bases.
I can write scripts to automate or maybe use ansible.
The issue is the DBA's like to gracefully shutdown databases before a reboot and start them after. Middle-ware likes to ensure there applications are running after a reboot.

What tools are other SA's using to patch there enterprise environment?
How often are you adding security patches?
How do you address servers running databases & middle-ware?

Any help would be appreciated.
Thanks