We have an automated app that handles updating for us. When we run the app, it checks the version, if an update is needed it does...
1. Downloads the latest build
2. Verifies the digital signature
3. Stops IIS and waits to confirm that the w3wp processes are all gone
4. Stops SmarterMail and waits to confirm that the mailservice.exe process is gone
5. Runs the uninstall of the current build
6. Reboots the machine
7. We log back in and the app restarts
8. Stops IIS again if needed
9. Verifies no SM services are running etc.
10. Installs the new build
11. Waits for SM to fully start, then starts IIS