Solved

Requiring general inputs from the experiences of Network Admin about managing Patch, Updates, Hotfix etx and the schedule associated with them

Posted on 2011-03-25
4
304 Views
Last Modified: 2012-05-11
Hi,
I have been ask to list every/any patches, hotfixes, updates possible on any/every IT equipment (hw/sw) possible. Then to put in place a procedure where any/every Critical items would be apply within 48 hours, Urgent = 7 days and any/every other type of update of any kind be apply at a minimum interval of within 4 months.

I am the network admin of a company of 250 employees with 350 computers and about 30 servers plus about 50 switches and other network equipment.
Do any one of you have a politic concerning "updates" and if yes how to you manage them?

Thank your for the inputs.

Philippe

0
Comment
Question by:SigSupport
4 Comments
 
LVL 6

Accepted Solution

by:
Lee_YCP earned 400 total points
ID: 35218777
If you are doing it all, you should find out your boss' commitment level becuase it takes manpower/time and/or money.  And there is usually a trade-off one way or the other.  You should look at ITIL and Configuration and Change Management for some best practices that would apply to your organization.  (ITIL is more a methodology than a turnkey solution.)  You would need to consider impact of changes to your environment.  In large datacenters like you mention, system owners should take some responsibiltiy for applying patches, after they have been reviewed and approved by a SME group with testing after the patch is applied and backout procedures already documented before they begin the change.

On the hardware side:   Every HW vendor sends periodic updates and usually periodically they will produce a HW service pack or update that roles up several updates to that point.  You need to consider who is testing those before implementation.  If something breaks due to a firmware or software update, can one person stop updating everything else to fix that.  Cisco produces ...Every vendor produces some kind of update when errors or flaws are found in their implementation.

The first thing you need to do is define the hardware in your responsibility in appropriate groupings.  Network, (ie switches, routers, PBXs) and Servers and Clients.

On the software side:  I would not blindly install patches on a server in a production environment.  If they break, it has obvious impact.  One client mahcine breaking is not as critical and a patch management tool of some type makes sense.  It kind of depends on your environment, ie all Microsoft, or some Solaris, or some VMX, or some...  Possibly setup a WSUS Server on one or your current server or add a new server.  It puts all the clients pulling the patches from one location and you control when and what is patched by criticality.  Other Options:  Microsoft SMS or SCCM, Dell KACE.

Dell has a Systems manager and HP has an insight manager, but both produce a downloadable package periodically to update their firmware and software, as do most companies like IBM, etc.  

0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 100 total points
ID: 35226102
One huge and often overlooked part of the patch cycle is a pilot group of less important servers and more-tolerant-of-failures clients. Roll patches out to the pilot group first and let them run for a few days at least before considering doing a corporate-wide patch rollout.

I've seen the results of not doing this, and it's not pretty. One patch (many many years ago) ended up taking down one client's entire network due to the way it interacted with their software. The pilot would have prevented that disaster.
0
 
LVL 4

Expert Comment

by:mathi28
ID: 35239400
try this patch mgmt product , you can automate the patch deployment

http://www.manageengine.com/products/desktop-central/windows-patch-management.html

thanks
Mathi
0
 

Author Closing Comment

by:SigSupport
ID: 35484081
Lee ycp answer was good, but I still need to find more information/arguments about this before giving my reports back.
0

Featured Post

How to Backup Ubuntu to Amazon S3

CloudBerry Backup offers automatic cloud backup and restoration for Linux. It has both GUI and command line interface (CLI) ensuring its flexibility in use. Find out more

Join & Write a Comment

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now