If you have a Unity failover setup with automatic failover configured, then you could safely install updates on the Primary server and allow failover/failback to work as configured. In this manner, Unity will failover when the server reboots and failover when the server is back online and services are up. Then when you update the failover server, it just requires install/reboot - i.e., all else is operating normally. The process can be done in the reverse as well. Update backup first, then primary.
As far as best practice is concerned, this is probably flexible since the SUW is usually a pretty benign process. The best practice would be to perform during off-hours when call volume is low. You shouldn't need to tweak any failover/failback settings as long as you're operating during an approved window.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.