BETT Show 2013: Patch Management Lifecycle 101
This Part Of Patch Management 101 Series See At End Of Article Other Posts In The Series.
Patch Management & BETT Show 2013
It is that time of year again when people involved in technology in education descend like a swarm on London. Ladies and gentlemen it is the BETT Show 2013 and this year it has a new date and a new location at the ExCel Centre in heart of London Docklands. There is a post coming soon on what you can expect from Impero at the BETT show however one thing I can let you in on is that we will be showcasing our new patch management module. In this post I am not going to discuss the details of the module but about the concept of patch management.
Patch Management Lifecycle
Any kind of implementation of patch management the best starting place is the software patch lifecycle. FITS have a very good example in their Operation Managers Patch Management documentation. To be successful with any patch management solution you need to make sure that it covers the stages offering an automated way of completing each of them.
This is not all the story as even if you can automate each stage there are times when you need a way of interacting with the software manually. Lets take a closer look at each stage.
Audit Current State
The first step is to make sure you understand the current status of your network which means doing a full audit. Hopefully your solution on the first scan of your network should give you an overview of what is missing on each of your computers.
New Patch Available
Next there is a patch is available for one or more of your computers. You then have to decide what you want to do about the patch. You may not want to deploy certain patches to certain places or maybe you don’t want to have the system automate certain ones. This is often the forgotten part of patch management where a human uses their knowledge to decide the best way to implement.
After you have decided what is going where and when. Then your next step is to get the software packages onto your network. This is where a patch management solution comes into its own. Instead of 500 machines each downloading a patch from the internet your patch solution should use a central store to keep your patches. Saving you bandwidth and time getting the patch to the computers ready for deployment.
The next stage is vital and you shouldn’t miss it out. In the race against the bad guys and girls the vendors release patches as soon as they can. Which means patches once they are in the wild can and sometimes do have problems. Having a staged roll out will help you minimise the risk when patching your computers. It also means you don’t get a call from the boss asking why their PC has suddenly stopped working.
We have now reached the deployment stage after a successful test you now need to start deploying to the rest of your network to bring them in line with the test machines. Choose your main deployment day wisely the last thing you want is a failed patch bringing your network down first thing on a Monday morning. When I was working in education establishments I always choose Thursday at 4pm as my patch day. As 90% of the staff where in meetings which means the computers were free to upgrade.
The last but most important stage is reviewing the deployments to make sure they are successful as there is some many things that could stop a patch from deploying. Like with backups you do not want find things not working when it is too late.
This hopefully has given you a 101 introduction to patch management. Over the next few weeks I will start to look into each area in more detail. However an underlying factor of patch management is to take your time. If you take things slowly and in a methodical approach patch management can help you keep your network secure and running. In the meantime until the next post let me know what your top tips for patch management are?