Skip navigation

India User Group

7 Posts authored by: Adil Rathore
Share:|

Got servers? Then you need to perform server patch management. Not annually, not once a quarter, not when you feel like getting around to it. Microsoft releases patches on a monthly basis to make it easier for IT professionals to plan their server patch management activities on a predictable cycle, but those out of band patches mean you have to be prepared to do server patch management on very short notice. Remaining completely reactive is not the way to go; it will lead to errors, failures, and missed patches, and that can lead to compromised servers. Here are five fundamental tips for server patch management that will help you do things the right way:

1. Stay informed

Microsoft releases patches on a predictable schedule to facilitate server patch management strategies, but they also release out of band patches when necessary. Your application vendors (and other o/s vendors if you are not a pure MS shop) tend to release patches when they will. Subscribe to all of your vendors’ notification lists, and use a distribution list to make sure nothing is missed because someone is on vacation. Also subscribe to one or more of the leading independent security bulletins so you stay aware of needed patches.

2. Stick to a schedule

Remember that schedule? Use it to make your own server patch management schedule with predictable, published, and inviolate maintenance windows. Patching is not an optional activity, and when the rest of the business knows you patch on the third Thursday of the month, they won’t schedule conflicting tasks. Well, some of them will try, but patching trumps all.

3. Test

Patching goes badly only when patches are deployed to production without testing. Whether you maintain a DR facility that can be used for testing, a scaled down physical environment, or you just take snapshots of your production VMs and test patches in a sandbox, make sure your server patch management strategy includes testing. Vendors test against their vanilla deployments, and against as many combinations as they can of things that follow supported scenarios and best practices. Unless you know for absolute certainty that your systems are ‘pure’, testing is the only way to be sure you won’t run into production issues.

4. Automate automate automate

Even the smallest shops on a shoe string budget can use the free WSUS for the server patch management, but there are very affordable third party applications that can also handle third party applications in the patching process, which you can also leverage when patching your workstations. Even the most expensive, top of the line server patch management applications will be less expensive than the recovery costs associated with that one server that was exploited because it was missing a critical patch.

5. Verify verify verify

Review your server patch management application logs, spot check individual machines, and then run periodic scans with MBSA or a vulnerability assessment tool to make sure that all servers were patched, and any new systems added to your network are fully up to date.

Bonus tip: redundancy is your friend

Nobody wants to spend an entire evening to patch. Having redundancy for all critical services enables you to patch during the day. This improves work life balance sure, but it also means that if a patch does go awry, all hands are already on deck, wide awake, and able to lend a hand, rather than leaving the guy who drew the short straw trying to figure it out alone in the middle of the night, or having to wake everyone else up to assist. Look for redundant domain controllers, overlapping DHCP scopes, using FRS shares instead of relying on a single file server, NLB or clustered applications, etc., to keep single instance services to a minimum.

Use these fundamental tips to make your server patch management strategy the best it can be. Your server uptime and performance will reap the benefits, your users will never suffer from outages, and you might just get to experience some of that work life balance you keep hearing about. Server patch management doesn’t have to be painful; these six tips are the way to go.

 

Reference: http://www.gfi.com/blog/server-patch-management/

Share:|

Industry experts agree, service quality and business agility can suffer without adequate software management. Information would always be inaccurate on computer software unless you reconcile it.

 

Rollout of enterprise applications can become a complex affair if the asset management approach would not provide the needed information.

 

We need to have an intimate knowledge of how to reconcile the desktops, laptops and servers in terms of the software that is installed on them. An effective software asset management approach must track and manage software that runs in many different environments very keenly and with utmost precision.

Share:|

Have we ever thought of what would happen next if some of your collegues buys a software program and you all in the team install it on your workstations. The issue with this is that it is not legal. The company you work with is not compliant with licensing agreements pertaining to software applications and may face a stiff fine if caught up in an audit.

  

So we need to protect our organization and ensure we only use the software for which our company has purchased the license for our department.

Share:|

In an IT enterprise managed by a centralised configuration management software, we often come up with situations where we are not able to completely determine our target due to client agents not working on the workstaitons due to one reason other the other.

 

The common issues being client agent data corruption, the duplicate workstations issue (due to improper OS builds), inventory update issues, configuration management infrastructure issue or so on.

 

It is a better approach to mark the boundaries using the AD OU structure and cross check the data in the AD OUs with that of your inventory management database, so as to confirm are the assets present in enterprise are entirely managed by the configuration management software.

Share:|

IT Companies usually start with automating simple tasks that are well-defined and neat, and then extend their work on the ugly and the timeconsuming ones. But is that what they should go for? Rightly, it is a tough decision to get going with fixing the ugly processes.

 

It is always fruitful to start with the complex manual multi-step processes. These process are highly time consuming and would save a lot on recursive efforts. Also, these task may require inputs from multiple people/departments and would ease their work as well.

 

So start with the ugly and the most common faulty processes.

Share:|

Automation lets applications take over menial tasks and help staff focus on innovative stuff. These applications can be used to automate L1 and L3 support roles as well and many complex activities that occupy IT staff reclessly.

 

The automation systems follow the same processes and give much accurate results and thus the right information to the requester and thus can help him make important decisions well ahead of time. These systems make it possible to automate virtually any IT function defined in an organisaton.

Share:|

We the IT personnel are responsible for keeping the systems running all the time. And for that we need to spend time and effort. On an average we spend half of our production hours just to ensure that the servers and the systems as up and running.

 

Each and every industry just like our IT industry has faced this challenge at their times and they preferred automation just to ease the human workforce tasks. Automation has thus helped them to discover new business areas and excel in their industry.

 

But still, in IT support the use of automation is still too feverish. We use basic scripting, run-book automation but still it is just about scratching the surface. We still have most of the noisiest work running in the foreground that we need to fix at the first instant.

Filter Blog

By date:
By tag: