Best way to apply patches/updates to servers that have .net applications/business applications?

hi guys

The environment I'm working in has around 150+ servers. Our team have to apply patches and keep these servers updated on a regular basis which they haven't done as yet. Now, the issue we have is that these servers are not just owned by the infrastructure and security teams, as that would be easy to manage. But the business analysts, business intelligence and applications teams own a good percentage of these too.

I need to put strategies in place so that my team, infrastructure&security, ensures that when these updates are applied that the impact is minimised and that we don't suddenly have updates which affect the applications sitting on those servers and firefighting errors.

One of my ideas was to ensure that there is a testing environment. But if I did, would I then liaise with the development teams to replicate everything that is on the production environment onto their testing too and regularly? So that when they make changes to development, they do the same onto testing?

What is the approach you have found works best?

Thanks for helping
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPRetiredCommented:
wait 7 days then approve all updates and install them this way I can see if there are any  breaking updates.
YashyAuthor Commented:
Would you build a test environment for all of these servers?
David Johnson, CD, MVPRetiredCommented:
Actually the machines are owned by the company, must meet the standards set by the security team and then allocated (not owned) by the other business units.If you just apply security updates (after the 1 week wait) then I'd not bother testing just approve and get them installed.
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

In many cases, updates should be applied in steps by creating groups of machines to allow phased testing.

Group 1 - initial test
Approve updates and monitor to confirm nothing dodgy occurs.
Put a selection of test/dev/IT dept machines in here. non critical systems only.

Group 2 - Test machines spread around the business.
Assuming no issues occurred in group 1, release updates to this group.
Let each dept/functionary specify which of their server(s) can be used as a test, encouraging them to allow you one of each 'type' to ensure you have tested all eventualities.
e.g. one of their web servers, one of their app servers, one of their DB servers.

By using this group, they can quickly identify if any issue/outage occurs on the servers designated as test servers and whether recent updates may be the cause or not.

Group 3 - remaining servers
Assuming test group 2 is a valid set servers for testing purposes and no issues were found, releasing updates to the remaining servers should be minimal risk as the updates have already been proved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YashyAuthor Commented:
Steve, thank you for that.
Anytime :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.