Solved

Requiring general inputs from the experiences of Network Admin about managing Patch, Updates, Hotfix etx and the schedule associated with them

Posted on 2011-03-25
4
307 Views
Last Modified: 2012-05-11
Hi,
I have been ask to list every/any patches, hotfixes, updates possible on any/every IT equipment (hw/sw) possible. Then to put in place a procedure where any/every Critical items would be apply within 48 hours, Urgent = 7 days and any/every other type of update of any kind be apply at a minimum interval of within 4 months.

I am the network admin of a company of 250 employees with 350 computers and about 30 servers plus about 50 switches and other network equipment.
Do any one of you have a politic concerning "updates" and if yes how to you manage them?

Thank your for the inputs.

Philippe

0
Comment
Question by:SigSupport
4 Comments
 
LVL 6

Accepted Solution

by:
Lee_YCP earned 400 total points
ID: 35218777
If you are doing it all, you should find out your boss' commitment level becuase it takes manpower/time and/or money.  And there is usually a trade-off one way or the other.  You should look at ITIL and Configuration and Change Management for some best practices that would apply to your organization.  (ITIL is more a methodology than a turnkey solution.)  You would need to consider impact of changes to your environment.  In large datacenters like you mention, system owners should take some responsibiltiy for applying patches, after they have been reviewed and approved by a SME group with testing after the patch is applied and backout procedures already documented before they begin the change.

On the hardware side:   Every HW vendor sends periodic updates and usually periodically they will produce a HW service pack or update that roles up several updates to that point.  You need to consider who is testing those before implementation.  If something breaks due to a firmware or software update, can one person stop updating everything else to fix that.  Cisco produces ...Every vendor produces some kind of update when errors or flaws are found in their implementation.

The first thing you need to do is define the hardware in your responsibility in appropriate groupings.  Network, (ie switches, routers, PBXs) and Servers and Clients.

On the software side:  I would not blindly install patches on a server in a production environment.  If they break, it has obvious impact.  One client mahcine breaking is not as critical and a patch management tool of some type makes sense.  It kind of depends on your environment, ie all Microsoft, or some Solaris, or some VMX, or some...  Possibly setup a WSUS Server on one or your current server or add a new server.  It puts all the clients pulling the patches from one location and you control when and what is patched by criticality.  Other Options:  Microsoft SMS or SCCM, Dell KACE.

Dell has a Systems manager and HP has an insight manager, but both produce a downloadable package periodically to update their firmware and software, as do most companies like IBM, etc.  

0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 100 total points
ID: 35226102
One huge and often overlooked part of the patch cycle is a pilot group of less important servers and more-tolerant-of-failures clients. Roll patches out to the pilot group first and let them run for a few days at least before considering doing a corporate-wide patch rollout.

I've seen the results of not doing this, and it's not pretty. One patch (many many years ago) ended up taking down one client's entire network due to the way it interacted with their software. The pilot would have prevented that disaster.
0
 
LVL 4

Expert Comment

by:mathi28
ID: 35239400
try this patch mgmt product , you can automate the patch deployment

http://www.manageengine.com/products/desktop-central/windows-patch-management.html

thanks
Mathi
0
 

Author Closing Comment

by:SigSupport
ID: 35484081
Lee ycp answer was good, but I still need to find more information/arguments about this before giving my reports back.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Originally published Entrepreneur.com Booming numbers of freelancing professionals are changing the face of work. In the United States alone last year, the number of workers freelancing grew from 700,000 to 54 million, according to a Freelancers’…
We need a new way to communicate time sensitive or critical info.   The best part of my role at xMatters is visiting our clients all over the world to learn about how they operate their businesses, share insights that xMatters has gleaned across…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now