Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Requiring general inputs from the experiences of Network Admin about managing Patch, Updates, Hotfix etx and the schedule associated with them

Posted on 2011-03-25
4
Medium Priority
?
352 Views
Last Modified: 2012-05-11
Hi,
I have been ask to list every/any patches, hotfixes, updates possible on any/every IT equipment (hw/sw) possible. Then to put in place a procedure where any/every Critical items would be apply within 48 hours, Urgent = 7 days and any/every other type of update of any kind be apply at a minimum interval of within 4 months.

I am the network admin of a company of 250 employees with 350 computers and about 30 servers plus about 50 switches and other network equipment.
Do any one of you have a politic concerning "updates" and if yes how to you manage them?

Thank your for the inputs.

Philippe

0
Comment
Question by:SigSupport
4 Comments
 
LVL 6

Accepted Solution

by:
Lee_YCP earned 1200 total points
ID: 35218777
If you are doing it all, you should find out your boss' commitment level becuase it takes manpower/time and/or money.  And there is usually a trade-off one way or the other.  You should look at ITIL and Configuration and Change Management for some best practices that would apply to your organization.  (ITIL is more a methodology than a turnkey solution.)  You would need to consider impact of changes to your environment.  In large datacenters like you mention, system owners should take some responsibiltiy for applying patches, after they have been reviewed and approved by a SME group with testing after the patch is applied and backout procedures already documented before they begin the change.

On the hardware side:   Every HW vendor sends periodic updates and usually periodically they will produce a HW service pack or update that roles up several updates to that point.  You need to consider who is testing those before implementation.  If something breaks due to a firmware or software update, can one person stop updating everything else to fix that.  Cisco produces ...Every vendor produces some kind of update when errors or flaws are found in their implementation.

The first thing you need to do is define the hardware in your responsibility in appropriate groupings.  Network, (ie switches, routers, PBXs) and Servers and Clients.

On the software side:  I would not blindly install patches on a server in a production environment.  If they break, it has obvious impact.  One client mahcine breaking is not as critical and a patch management tool of some type makes sense.  It kind of depends on your environment, ie all Microsoft, or some Solaris, or some VMX, or some...  Possibly setup a WSUS Server on one or your current server or add a new server.  It puts all the clients pulling the patches from one location and you control when and what is patched by criticality.  Other Options:  Microsoft SMS or SCCM, Dell KACE.

Dell has a Systems manager and HP has an insight manager, but both produce a downloadable package periodically to update their firmware and software, as do most companies like IBM, etc.  

0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 300 total points
ID: 35226102
One huge and often overlooked part of the patch cycle is a pilot group of less important servers and more-tolerant-of-failures clients. Roll patches out to the pilot group first and let them run for a few days at least before considering doing a corporate-wide patch rollout.

I've seen the results of not doing this, and it's not pretty. One patch (many many years ago) ended up taking down one client's entire network due to the way it interacted with their software. The pilot would have prevented that disaster.
0
 
LVL 4

Expert Comment

by:mathi28
ID: 35239400
try this patch mgmt product , you can automate the patch deployment

http://www.manageengine.com/products/desktop-central/windows-patch-management.html

thanks
Mathi
0
 

Author Closing Comment

by:SigSupport
ID: 35484081
Lee ycp answer was good, but I still need to find more information/arguments about this before giving my reports back.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question