Patch Deployment is fun!?!?! Dont roll the Patch Management dice.
When you deploy a new VM from a template, you get a fully patched and up to date image which is nice. One month from now it is no longer not so nice – it’s unpatched and vulnerable as another Patch Tuesday release from Microsoft has passed. Lots of new security holes have patched by the new updates released. Of course it may be that the second Tuesday of the month has passed without much to talk about, but it may also be that immediately after Patch Tuesday, you have Exploit or Rollback Wednesday.
Of course the other problem this gets you is how are you going to test these patches? Remember, when you have your own bespoke server configuration that inevitably begins to deviate from the off-the-shelf installation that Microsoft gave you, you’re increasing the risk of future updates going wrong. In all of the cases I know of, where you have professional teams managing infrastructure, they’re installing patches in dedicated testing environments, making sure things play nice then pushing them out. In other words, are you happy to maintain a mirror copy of the VM just to make sure patches aren’t breaking your things?
Do you have the resources and time to perform User Acceptance Testing after patch deployment/
Or is this your testing strategy deploying to Production servers and taking the huge risk that no issues arise?
You can alleviate this risk by utilising SnaPatch. SnaPatch is a Patch Management Addon for Microsoft’s SCCM, that will automate a snapshot of your virtual servers to give you a quick rollback position prior to deploying those risky updates. It notifies you with emails throughout the process, will even delete the snapshot after a certain amount of time (also notifying you that it is going to delete them, so you can stop that if you dont want to.).
Patching your environment is never fun and very time consuming. With SnaPatch you will get back some of your precious time.