Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 597
  • Last Modified:

patch sql servers

what is the best way to patch sql servers with MS updates?
0
Aopoku
Asked:
Aopoku
1 Solution
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
test it first on test server(s).

0) get a downtime time slot
1) just before the slot, run a full BACKUP of all databases AND of the system
2) apply the updates
3) restart if necessary
4) get another full backup of all databases
0
 
csachdevaCommented:
The patch mostly fixes buffer overrun problems that allow a hacker to exploit SQL Server and gain full control of our server. If proper security is implemented, then the problems listed in this cumulative patch can be lessened. There is also an additional bug that allows a user with minimal access to the server to create scheduled jobs that would run under the authority of the account that starts SQL Server Agent. This could lead to a disruption in your SQL Server service or allow a hacker access to your operating system or overall network.
Before implementing Patch, follow the following steps:

 Step 1: Map your network
 Step 2: Perform an active scan
 Step 3: Check for SQL registrations
 Step 4: Probe remote services
 Step 5: Probe for SSNetlib.dll versions
 Step 6: Directly request version information

First, sort your list of SQL Server instances by SQL Server product release (SQL Server 6.5, 7.0, 2000, etc.), then by service pack, and finally by build. Identify which instances do not have the latest service pack for the current product, and calculate how long it will take to install the service packs on each instance (you can estimate this by performing at least one installation manually). Then, assuming you will apply all of the service packs, calculate the number of hotfixes that will need ...

Step 1: Segregate your scan results

First, sort your list of SQL Server instances by SQL Server product release (SQL Server 6.5, 7.0, 2000, etc.), then by service pack, and finally by build. Identify which instances do not have the latest service pack for the current product, and calculate how long it will take to install the service packs on each instance (you can estimate this by performing at least one installation manually). Then, assuming you will apply all of the service packs, calculate the number of hotfixes that will need to be deployed to reach an acceptable patch level and how long these will take. You should end up with information like this, which will help you plan the downtime:

Service Pack installations:

Product Service Pack Upgrade Path Count Est. Install TIme
SQL Server 6.5 4 to 5a 2 2 hrs.
SQL Server 7.0 2 to 4 3 3 hrs.
SQL Server 2000 Gold to 3a 23 13 hrs.
SQL Server 2000 2 to 3a 34 18 hrs.

Hot-fix installations:

Product Build Count Est. Install TIme
SQL Server 6.5 6.50.480 2 10 min.
SQL Server 7.0 7.00.1077 3 20 min.
SQL Server 2000 8.00.878 23 3 hrs.

(This is only a suggestion. The point is to obtain some estimated metrics so you can properly set expectations for resources needed. Much of this will depend on whether your deployments are manual or automated.)

Step 2: Obtain service packs and prepare for deployment
 
First, download the service pack from Microsoft's Web site by searching for "service pack" and selecting "SQL Server" as the product. You should be able to easily locate the service pack needed for your SQL Server product version, download it and store it on a file server if you want to prevent having to burn it to a CD.

Before you proceed with deployment, you should back up all user databases as well as the master, msdb, and model databases on each SQL Server instance. In addition, you'll need to inform personnel who depend on those systems about the downtime window since it can be quite large for service packs.

Step 3: Deploy service packs
 
Next, determine if you're going to perform each installation interactively or perform the installations remotely. Service packs are a major undertaking and can take a significant amount of time depending on the size and processing power of your SQL Server hardware. For large, mission-critical SQL Server instances, it is usually best to perform them manually and interactively (by sitting at the console or using Terminal Services) so you can watch for any irregularities and respond to them.

For less critical systems, you may wish to perform the service pack installations remotely and in bulk using the unattended installation files. However, the instructions for doing this are very complicated and require significant planning. If you decide to do that, please refer to the documentation that comes with the service pack for instructions on performing unattended, remote installations.

Step 4: Obtain hotfixes and prepare for deployment
 
Now that you've deployed the service packs, you need to download the latest hotfix for your SQL Server products. Refer to the database of SQL Server versions Web site to see the latest hotfix that is available for your supported SQL Server product.
You can also search for hotfixes by visiting http://www.microsoft.com/downloads, searching for "hotfix" and selecting "SQL Server" as the product. Once the results are returned, change the sort order to "Date" to see the latest recommended, publicly available hotfix at the top of the list.

 Step 5: Deploy hotfixes

 Step 6: Re-assess network

hope the above steps can help you to sort out your query.

Regards,
Chetan Sachdeva
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now