Creating a great patch management strategy shouldn’t be a daunting task. While updating and patching servers can be quite tedious, having a strategy in place that is workable can remove some of this pain.
The first step is having the correct infrastructure in place to keep your servers and workstations up to date. You can use any of the fantastic tools developed by Microsoft. Microsoft System Centre Configuration Manager (SCCM), Windows Update Services (WSUS) or the newly released Windows Update for Business (WUB) while all are different, they all will report on patching compliance and can be set to deploy updates as you define.
In an ideal world, where you have Development/Test, UAT and Production environments that mimic one another, you can successfully deploy security updates to the lower environments, while performing successful UAT to make sure no new issues are introduced by any of the patches. Should a patch cause an issue, you can stop deployment to your Production servers, delaying deployment until a fix has been released that will fix this issue, or not deploying the patch at all.
Im not that lucky!
Not everyone has the luxury of lower environments that match the Production environment. The ability to successfully UAT patches prior to deployment to Production systems isn’t available to most administrators, making the patch deployment fraught with risk. Administrators would have to manually confirm all backups were successful prior as well as performing and confirming a successful snapshot of their virtual servers for added confidence and only then could they deploy the updates to their client servers, normally outside of business hours (I recall Sunday morning @ 3am was the norm). If there was an issue that did arise from a patch, many late night hours spent either trying to uninstall the patch (if that worked) or restoring from tape backup. Either way it was many hours and weekends late at night keeping everything up to date.
How can we help?
Having felt this pain on numerous occasions ourselves, we created SnaPatch Patch Management Software. SnaPatch interfaces with Microsoft’s SCCM and VMWare’s vCentre and Microsoft’s System Centre Virtual Machine Manager or known as SCVMM to automate the patch deployment and allow Administrators to have their weekends back. From the SnaPatch console, you can choose the servers you want to patch, what patches you want deployed, what servers you require to be snapshotted and what time you would like this all scheduled (a maintenance window will be set for this deployment). SnaPatch will automate all this and alert you with progress emails. Should a server’s snapshot not be successful, you will be alerted by email and that server will be excluded from patch deployment. Should an issue arise with one of the deployed patches, you can either uninstall the patch, revert to the snapshot created by SnaPatch or lastly and the most tedious, restore from backup tape.
SnaPatch is the best patch management addon for Microsoft’s SCCM that will help you alleviate the patching risk. To read more about the functions of SnaPatch Patch Management Software.
Like our motto says, “Lets make Administration EASY!”