corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » Do you have a patching plan?


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author Do you have a patching plan?
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
   28th Jun 12 at 15:04   View Garage View User's Profile U2U Member Reply With Quote

Those of you who work in a Windows environment, do you have a patching plan?

I'd like to hear what others are doing. I'm currently in an environment which has to be up and running 24/7 for the factory to operate but half of Sunday its completely closed so no problems bouncing network/servers. AFAIK MS release patches every Tuesday, do you guys just smash the patches on and reboot when you feel like? I've come from a background when a server reboot wasn't the done thing as it must ALWAYS be up.

Neo
Member

Registered: 20th Feb 07
Location: Essex
User status: Offline
28th Jun 12 at 15:06   View User's Profile U2U Member Reply With Quote

Exactly that Will, I put them on, schedule downtime (in your case half of sunday) reboot then.

Only problems occur when archaic hardware doesn't come back up
John
Member

Registered: 30th Jun 03
User status: Offline
28th Jun 12 at 15:07   View User's Profile U2U Member Reply With Quote

All the SBS ones just apply as per default SBS policy.

24/7 environments don't get done unless it needs it, still the odd windows update that causes major hassle.
Neo
Member

Registered: 20th Feb 07
Location: Essex
User status: Offline
28th Jun 12 at 15:07   View User's Profile U2U Member Reply With Quote

Oh, and I try and only reboot once a month tops. Simply because otherwise i'd be constantly chasing updates.
John
Member

Registered: 30th Jun 03
User status: Offline
28th Jun 12 at 15:09   View User's Profile U2U Member Reply With Quote

Servers don't get rebooted unless I'm rebooting for something else or it needs to be done right then.
Aaron
Member

Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
28th Jun 12 at 16:18   View User's Profile U2U Member Reply With Quote

WSUS for clients, with a scheduled re-boot when needed.

Servers re-booted once change requests are done and approved (ITIL shite)
Dom
Member

Registered: 13th Sep 03
User status: Offline
28th Jun 12 at 17:14   View User's Profile U2U Member Reply With Quote

Not a 24/7 environment but clients are WSUS and sort themselves out (weekly scheduled reboots) and the servers get taken down one at a time and updated when needed during the evenings/nights. If there's any issue with one then the other doesn't get touched until the first is fixed, just incase there is an issue with the updates.
VrsTurbo
Premium Member

Registered: 8th Jun 10
User status: Offline
28th Jun 12 at 17:42   View Garage View User's Profile U2U Member Reply With Quote

You have a virtual environment. So take a copy run the updates to test if the servers still work once they have been updated. Then schedule the production installs
Kyle T
Premium Member

Avatar

Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
28th Jun 12 at 17:48   View Garage View User's Profile U2U Member Reply With Quote

Ugh we're just starting to tackle this now.

Previously we had a WSUS server but only used it to apply bug fixes for things which were causing us problems, we were too scared to be proactive about it.

We're deploying SCCM2012 as I type so we're going to use that going forward, and we've decided to operate a suck it and see mentality with critical updates and security updates. Patch away, reboot when convenient and then address any problems as they arise, we don't really have the manpower to test each update in detail.

Out biggest issue isn't arranging server downtime, it's an irrational fear of rebooting client PC's or asking them to reboot. It's ridiculous, we seem to be terrified of our users so I've propsed a transparent approach of notifying the user of a required install - allowing them to choose a time/date for the install and then again for the reboot if required. If they keep ignoring notifications they'll trigger a deadline and get installed/rebooted anyway.


Lotus Elise 111R

Impreza WRX STi
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
28th Jun 12 at 19:20   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by VrsTurbo
You have a virtual environment. So take a copy run the updates to test if the servers still work once they have been updated. Then schedule the production installs


I'm not too bothered about the servers failing, but it is in the back of my mind at all times that a new patch thats been introduced would fuck everything.

With the once a month idea (my boss wants it once every 2 months) I guess I could do the testbed idea, what would be the best way to approach this? Run the testbed VM on my PC? Or copy it on the cluster then run it? I'm guessing I'd have to kill off all the network interfaces on the clone so it doesnt come up and absolutely fuck everything with ip conflicts and what not.

Thanks for everyones input
Ian
Site Administrator

Avatar

Registered: 28th Aug 99
Location: Liverpool
User status: Offline
28th Jun 12 at 19:46   View Garage View User's Profile U2U Member Reply With Quote

Interfaces on the VM won't go external to the VM unless you specify it.
M2RTY
Member

Registered: 25th May 01
User status: Offline
28th Jun 12 at 19:49   View User's Profile U2U Member Reply With Quote

4 wsus servers, test/dev, live, 2x DMZs

400ish servers in total. vms and physical

patches come out every 2nd tuesday of month (usually)

patch every sunday 8am-4am the monday morn, roughly 10 every 2 hour, all automated

week 2 - test/dev

week 3 and 4 - live and dmz

week 5 - live

clusters need a bit of thought, few issues with servers not rebooting as people forget to log off

set up the system myself, was O patching prior, had w2000 servers with 200 missing patches still, security auditors went nuts!
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
28th Jun 12 at 19:59   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Ian
Interfaces on the VM won't go external to the VM unless you specify it.


yes mate.
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
4th Jul 12 at 09:34   View Garage View User's Profile U2U Member Reply With Quote

tttttttttt
Dom
Member

Registered: 13th Sep 03
User status: Offline
4th Jul 12 at 10:06   View User's Profile U2U Member Reply With Quote

Not gone with the 'Suck it and see' approach?
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
4th Jul 12 at 10:12   View Garage View User's Profile U2U Member Reply With Quote

What you on about bro
pow
Premium Member

Avatar

Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
4th Jul 12 at 13:16   View Garage View User's Profile U2U Member Reply With Quote

Clients on WSUS, servers are rebooted remotely over weekends/evenings when they aren't required (Hyper-V machines so take snapshots if anything big is happening)

 
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
what do you argue about? Je11ybubb1es General Chat 79 3125
23rd Mar 03 at 14:24
by Jodi_the_g
 
WAR paul.mitchell1984 Geek Day 13 752
15th Sep 08 at 19:34
by paul.mitchell1984
 
Patching Fuel Tank Mertin Help Zone, Modification and ICE Advice 3 129
23rd Oct 08 at 09:10
by johnhara1
 
New iPad/iPod/iPhone jailbreak out now.... Ste L Geek Day 131 7242
21st Oct 10 at 13:24
by Rob_Quads
 
Which Fallout game A1EX Geek Day 20 401
20th Aug 11 at 12:54
by Marc
 

Corsa Sport » Message Board » Off Day » Geek Day » Do you have a patching plan? 29 database queries in 0.0127361 seconds