Feeds

Server patching principles

The nirvana process

  • alert
  • submit to reddit

Build a business case: developing custom apps

Workshop In the imperfect world we live in, patching stuff, be it desktops, software or servers is a fact of life. We do it or we risk being exposed to the latest security threat, missing out on new functionality or suffering performance degradation.

We discussed desktop client patching over in the desktop management workshop. In this leg of the workshop we’re all about servers, but in practice, is patching just patching? Beyond the obvious - a server running a critical application is more important to the business than a single desktop - is what you patch the real issue or is it more important to have the right tools and processes in place?

I’m going with process. Anyway, nobody in their right mind spends money on tools without first working out to at least some degree where and how they will be used. Erm, right? So what does a patch management process look like?

In practice, a series of stages need to be worked though to create and operate a process for patch management. Like most processes, those for patch management span more than one domain. The development, operations and security groups are all involved. There’s a list of things you need a handle on: hardware and network inventory, asset management, change and configuration management, not to mention a degree of formalized planning for areas such as costs, maintenance and communications plans.

Needless to say, you can’t set up a ‘proper’ process without an audit somewhere: creating an inventory of what software runs on what machines and linking this in with asset, change and configuration management, will do nicely. Then you get everyone to agree on monitoring for new vulnerabilities and available patches, and that representatives from the three groups will work together to ensure patches can be rolled out to a timetable which includes testing, distribution, exception handling, tracking and reporting.

When you look at all the pieces, the effort required to get a ‘proper’ process in place might look a bit daunting. However, not having such a process in place is almost guaranteed to be even more problematic, with service interruptions and security breaches more likely to occur and then requiring considerable fire-fighting effort to put things right.

But where do you start if you do want to make improvements? For many IT shops, the area of asset and configuration management may be the biggest challenge, especially if things have been allowed, for whatever reason – resourcing usually – to drift out of date. However, if you don’t know what you have in your environment, don’t know what version of x is running or don’t know what the last change made to a specific item was, you can’t do proper patching.

It’s not going to get any easier either. The spread of virtualisation technology poses some interesting difficulties. For example, how do you ensure dormant machines are patched? It may be worth getting some plain and simple measures in place right now to govern the virtual stuff. A starter for ten might be: ‘If your VM isn’t worth patching, we’re not keeping it.’

With all this in mind, if your IT shop has moved from a chaotic or simply labour intensive patching regime to an altogether happier place, you’ve discovered the ‘best tool ever’ or virtualisation is playing havoc with your regime, we’d love to hear all about it. ®

Build a business case: developing custom apps

More from The Register

next story
The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
And yes it does need a fat HDD (or SSD, it's cool with either)
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Apple to build WORLD'S BIGGEST iStore in Dubai
It's not the size of your shiny-shiny...
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
Apple analyst: fruity firm set to shift 75 million iPhones
We'll have some of whatever he's having please
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.