Newsletter April 2008
Patch Tuesday, Microsoft Windows, Convergence Networks, and YOU
by Eric Pasti
“Patch Tuesday”, created by Microsoft in an effort to help Network Administrators with the daunting task of patching, is the second Tuesday of each month. On that day, Microsoft releases new patches, designed to plug security holes in the various versions of the Windows Operating Systems (and their components, such as Internet Explorer, the .NET framework, etc.)
Patching is no small task these days, presenting a number of problems such as:
- Patches need to be reviewed and researched before installation to prevent the installation of a “bad” patch that breaks another function of the server or workstation. For example, a few years ago there was a “Security Rollup” package for Windows 2000 Servers that Microsoft released. It was designed to fix a bunch of security holes in their Operating System, which it did. However, it also broke the Citrix functionality so that any Windows 2000 Servers running Citrix no longer worked. Not good!
- Patches require CPU/Memory resources to install. That leaves two choices when it comes to patching Desktops and Laptops.
- Leave the machines powered on over night so that they can receive the patches during the night and not disrupt the workday.
- Power the machines off over night. This forces the patches to install during the day. This may lead to a loss in productivity because the patches will slow down a computer while they are being installed, sometime to the point it isn’t usable until the patching finished. We recommend everyone leave their PC’s turned on each night.
- Patches often require the machine to be stopped and restarted. We call this a reboot. This is a much bigger problem with servers since no one wants their network “offline” during business hours for server reboots. With remote access being the norm, many employees work from home in the evenings and early mornings making it difficult to find a good time for server reboots.
As you can see, the simple act of Microsoft releasing security patches quickly evolves into a large problem with lots of moving parts.
This is where Convergence Networks comes in. In the past, Convergence has used a free tool from Microsoft to help organize and handle patching on each network. While this approach worked, it had some shortcomings and lacked true centralization.
Now, Convergence has taken patching to a new level by utilizing a product called Deverra, which we have been rolling out to all networks over the past few months.
Convergence is now able to centrally audit the existing patch levels of each machine and patch not just Windows, but also Office, Exchange, SQL, and soon we will be able to address 3rd party applications such as Adobe and Java.
We are now able to easily schedule patches during specific days of the week, at specific times, and we are able to specify which actions happen after the patching completes. For example, when patching servers, we do not want them to reboot willy-nilly so we have it configured so that the servers will email when they are done patching and ready for a reboot. Now, we can reboot them in the late evening and not disrupt business.
Additionally, it is easy for Convergence to exclude certain machines from receiving all, or just specific, patches. This will allow us to keep ALL machines at current, and known, patch levels which in turn keeps your network and data more secure.
Here is the schedule that Convergence is going to use for patching workstations:
- Patch Tuesday occurs. We will research the patches for a week.
- 1 week after Patch Tuesday, we will roll out the patches deemed “ok” to a select few clients.
- 2 weeks after Patch Tuesday, ALL client workstations will receive the patches (except for the “special” machines specifically excluded).
Server patching will follow a similar timeline but over a longer period of time to allow for additional testing of the patches.
If you would like to receive more information simply contact us.
What People Are Saying
- “He was so fast to respond with a call back to me!! Great service!”
- Jason Riddiough, La-Z-Boy Furniture Galleries – Portland