Important tips for server patch management

Although server patch management is unlikely to be a topic that excites the average network administrator, an effective strategy for the deployment of updates is essential to avoid unexpected downtime and risks to company data. As soon as knowledge of a new vulnerability becomes public, hackers and malware creators race to take advantage. Sensible network admins use a server patch management solution to ensure they are not one of the easy targets.

Updates to software packages and operating systems frequently require services to be taken offline and servers to be rebooted after installation, which can make planning and timing patching activities a headache for technical staff. Downtime results in staff who cannot carry out their duties, and customers who cannot interface with company systems. Neither scenario is likely to be popular with company management!

Network admins will therefore always benefit from taking the time to implement an effective server patch management system and following some simple tips to minimize downtime. A good strategy can also reduce the number of long nights spent in the office manually applying updates! Below are some points to keep in mind to make the best out of a server patch management system:

  1. Use a dedicated system for patch management, which detects missing patches across the network on a daily basis, providing time to deploy patches efficiently.
  2. Use a server patch management system that detects patches required on third-party software packages as well as operating system components.
  3. Always use a test infrastructure, closely mirroring the production environment, to properly test patches prior to live deployment. Although the cost of test servers can seem prohibitive on smaller networks, it is always preferable to releasing an untested patch onto a live system.
  4. Always ensure full server backups exist before applying patches to live servers.
  5. Where multiple servers provide the same services, make use of this redundancy and patch the servers at different times, resulting in no interruption to IT services.
  6. Use patch servers during times of minimal utilization—at night or during weekends. A good server patch management system will include a range of options to control reboots, removing the need for an IT presence in the office during these unsociable hours.
  7. Always have a regression plan, and use a server patch management tool that allows updates to be easily rolled back in the event of problems.

Staying up to date with updates across the network is much easier for IT professionals who use dedicated server patch management systems. These systems can often manage patches for all of the third-party software installed across the infrastructure, as well as the operating systems. Knowing that systems are as secure as possible, due to updates being tested and deployed quickly, brings extra peace of mind to the network administrator, as well as more time to spend on the more exciting aspects of the job!

This guest post was provided by Ben Taylor on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI server patch management software.

All product and company names herein may be trademarks of their respective owners.

make sure you subscribe to my RSS feed!