?
Solved

patch sql servers

Posted on 2006-07-10
2
Medium Priority
?
587 Views
Last Modified: 2008-03-06
what is the best way to patch sql servers with MS updates?
0
Comment
Question by:Aopoku
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 17077257
test it first on test server(s).

0) get a downtime time slot
1) just before the slot, run a full BACKUP of all databases AND of the system
2) apply the updates
3) restart if necessary
4) get another full backup of all databases
0
 
LVL 4

Accepted Solution

by:
csachdeva earned 1000 total points
ID: 17079141
The patch mostly fixes buffer overrun problems that allow a hacker to exploit SQL Server and gain full control of our server. If proper security is implemented, then the problems listed in this cumulative patch can be lessened. There is also an additional bug that allows a user with minimal access to the server to create scheduled jobs that would run under the authority of the account that starts SQL Server Agent. This could lead to a disruption in your SQL Server service or allow a hacker access to your operating system or overall network.
Before implementing Patch, follow the following steps:

 Step 1: Map your network
 Step 2: Perform an active scan
 Step 3: Check for SQL registrations
 Step 4: Probe remote services
 Step 5: Probe for SSNetlib.dll versions
 Step 6: Directly request version information

First, sort your list of SQL Server instances by SQL Server product release (SQL Server 6.5, 7.0, 2000, etc.), then by service pack, and finally by build. Identify which instances do not have the latest service pack for the current product, and calculate how long it will take to install the service packs on each instance (you can estimate this by performing at least one installation manually). Then, assuming you will apply all of the service packs, calculate the number of hotfixes that will need ...

Step 1: Segregate your scan results

First, sort your list of SQL Server instances by SQL Server product release (SQL Server 6.5, 7.0, 2000, etc.), then by service pack, and finally by build. Identify which instances do not have the latest service pack for the current product, and calculate how long it will take to install the service packs on each instance (you can estimate this by performing at least one installation manually). Then, assuming you will apply all of the service packs, calculate the number of hotfixes that will need to be deployed to reach an acceptable patch level and how long these will take. You should end up with information like this, which will help you plan the downtime:

Service Pack installations:

Product Service Pack Upgrade Path Count Est. Install TIme
SQL Server 6.5 4 to 5a 2 2 hrs.
SQL Server 7.0 2 to 4 3 3 hrs.
SQL Server 2000 Gold to 3a 23 13 hrs.
SQL Server 2000 2 to 3a 34 18 hrs.

Hot-fix installations:

Product Build Count Est. Install TIme
SQL Server 6.5 6.50.480 2 10 min.
SQL Server 7.0 7.00.1077 3 20 min.
SQL Server 2000 8.00.878 23 3 hrs.

(This is only a suggestion. The point is to obtain some estimated metrics so you can properly set expectations for resources needed. Much of this will depend on whether your deployments are manual or automated.)

Step 2: Obtain service packs and prepare for deployment
 
First, download the service pack from Microsoft's Web site by searching for "service pack" and selecting "SQL Server" as the product. You should be able to easily locate the service pack needed for your SQL Server product version, download it and store it on a file server if you want to prevent having to burn it to a CD.

Before you proceed with deployment, you should back up all user databases as well as the master, msdb, and model databases on each SQL Server instance. In addition, you'll need to inform personnel who depend on those systems about the downtime window since it can be quite large for service packs.

Step 3: Deploy service packs
 
Next, determine if you're going to perform each installation interactively or perform the installations remotely. Service packs are a major undertaking and can take a significant amount of time depending on the size and processing power of your SQL Server hardware. For large, mission-critical SQL Server instances, it is usually best to perform them manually and interactively (by sitting at the console or using Terminal Services) so you can watch for any irregularities and respond to them.

For less critical systems, you may wish to perform the service pack installations remotely and in bulk using the unattended installation files. However, the instructions for doing this are very complicated and require significant planning. If you decide to do that, please refer to the documentation that comes with the service pack for instructions on performing unattended, remote installations.

Step 4: Obtain hotfixes and prepare for deployment
 
Now that you've deployed the service packs, you need to download the latest hotfix for your SQL Server products. Refer to the database of SQL Server versions Web site to see the latest hotfix that is available for your supported SQL Server product.
You can also search for hotfixes by visiting http://www.microsoft.com/downloads, searching for "hotfix" and selecting "SQL Server" as the product. Once the results are returned, change the sort order to "Date" to see the latest recommended, publicly available hotfix at the top of the list.

 Step 5: Deploy hotfixes

 Step 6: Re-assess network

hope the above steps can help you to sort out your query.

Regards,
Chetan Sachdeva
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question