Define a Process to Help You Deploy Patches on Time
Handling patches is like paying your bills. If you don’t have a system, you’re likely to overlook one and then have to deal with serious consequences later. In some ways it’s even worse than missing a bill—if you miss a bill, the company you owe will send you reminders. Miss a patch, and you may not feel any impact until you experience a breach.
Before Implementing a Patching Process
There are a couple of prerequisites before you implement your patching process. First, management needs to commit to this as a priority. Both IT management and business management need to understand that patching is a priority function that may occasionally delay other IT work.
Second, no patching process can be effective if you don’t have an accurate list of systems to be patched and their patch levels. Make sure you have a complete inventory of all your resources, and develop a process that keeps it up to date when systems are brought online or shut down.
You should also define standard timeframes within which patches will be installed. For example, critical patches must be tested and installed on high-priority systems within two days and across all systems within one month; low priority patches tested and installed within three months. The actual time periods should reflect the sensitivity of your systems and the capabilities of your support team. It’s important that management buys into and commits to the timeline and acknowledges the potential consequences if they prevent patches from being installed due to other priorities.
Design Your Patching Process
Your patching process can be tailored to your particular environment, but you’ll need to include these steps:
You’ll generally receive notifications from vendors of new patches, along with details of their priority. Notification of patches should be recorded in a central system so they can’t simply be “lost.” Build your patch process around vendor patch distribution schedules, and have an “exceptions” process to handle urgent patches that are released off-schedule.
Leaping into action and installing a patch as soon as you’re notified of its availability is likely to cause you problems later. Patches can have unexpected impacts on systems, so before installing them in production, the patch should be installed and validated in a test environment.
If your data center consists of only a single server, you can skip planning and install the patch as soon as the test process verifies no negative impacts. When you’ve got more than one server and critical jobs running, though, you’ll need to do some planning to figure out which systems are most vulnerable to the risk the patch will fix and when you can install the patch with minimal impact on production workloads.
Create an up-to-date backup of the target servers, then install the patch on all affected systems.
Be sure to record which have had the patch installed. If any problems occur and the patch needs to be backed out, be sure to note the systems it’s removed from.
Get help with your patch management process and all your routine infrastructure support from Prescient Solutions. Our IT consulting and managed services help businesses in Chicago and Schaumburg keep their IT running efficiently. Contact us to learn how our services can help you.