Feeds

Server patching principles

The nirvana process

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Workshop In the imperfect world we live in, patching stuff, be it desktops, software or servers is a fact of life. We do it or we risk being exposed to the latest security threat, missing out on new functionality or suffering performance degradation.

We discussed desktop client patching over in the desktop management workshop. In this leg of the workshop we’re all about servers, but in practice, is patching just patching? Beyond the obvious - a server running a critical application is more important to the business than a single desktop - is what you patch the real issue or is it more important to have the right tools and processes in place?

I’m going with process. Anyway, nobody in their right mind spends money on tools without first working out to at least some degree where and how they will be used. Erm, right? So what does a patch management process look like?

In practice, a series of stages need to be worked though to create and operate a process for patch management. Like most processes, those for patch management span more than one domain. The development, operations and security groups are all involved. There’s a list of things you need a handle on: hardware and network inventory, asset management, change and configuration management, not to mention a degree of formalized planning for areas such as costs, maintenance and communications plans.

Needless to say, you can’t set up a ‘proper’ process without an audit somewhere: creating an inventory of what software runs on what machines and linking this in with asset, change and configuration management, will do nicely. Then you get everyone to agree on monitoring for new vulnerabilities and available patches, and that representatives from the three groups will work together to ensure patches can be rolled out to a timetable which includes testing, distribution, exception handling, tracking and reporting.

When you look at all the pieces, the effort required to get a ‘proper’ process in place might look a bit daunting. However, not having such a process in place is almost guaranteed to be even more problematic, with service interruptions and security breaches more likely to occur and then requiring considerable fire-fighting effort to put things right.

But where do you start if you do want to make improvements? For many IT shops, the area of asset and configuration management may be the biggest challenge, especially if things have been allowed, for whatever reason – resourcing usually – to drift out of date. However, if you don’t know what you have in your environment, don’t know what version of x is running or don’t know what the last change made to a specific item was, you can’t do proper patching.

It’s not going to get any easier either. The spread of virtualisation technology poses some interesting difficulties. For example, how do you ensure dormant machines are patched? It may be worth getting some plain and simple measures in place right now to govern the virtual stuff. A starter for ten might be: ‘If your VM isn’t worth patching, we’re not keeping it.’

With all this in mind, if your IT shop has moved from a chaotic or simply labour intensive patching regime to an altogether happier place, you’ve discovered the ‘best tool ever’ or virtualisation is playing havoc with your regime, we’d love to hear all about it. ®

The essential guide to IT transformation

More from The Register

next story
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Samsung Gear S: Quick, LAUNCH IT – before Apple straps on iWatch
Full specs for wrist-mounted device here ... but who'll buy it?
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Now that's FIRE WIRE: HP recalls 6 MILLION burn-risk laptop cables
Right in the middle of Burning Mains Man week
HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE
Noo! Hand not big enough! Don't look at meee!
AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else
Chip maker claims the Radeon R9 285 is 'best in its class'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.