Sergey Nivens - Fotolia
Data center administrators play an ever-present game of catch-up with server patch management. And it only gets harder when you have a mix of Linux and Windows servers.
Microsoft's proverbial Patch Tuesday can take precious hours away from a Windows administrator's day, transitioning the updates and patches pushed down from Microsoft seamlessly into the data center infrastructure. Add to this monthly exercise the problem of ensuring that the server patches and updates interact cohesively with -- or at least don't become an obstacle to -- other non-Microsoft products such as Apache Web servers and Linux workstations. Server patch management in an often volatile data center can take on a life of its own that may be wholly different than that practiced within traditional enterprise networks.
The problem of cross-platform -- Linux and Windows for example -- management constantly arises during operating system updates. In a typical heterogeneous network, many workstations and file servers communicate via the Server Message Block (SMB) protocol. If Microsoft pushed out a security update addressing concerns within its implementation of SMB, this could affect connected Linux servers that communicate with updated Windows machines via Samba shares. Simply put, the data center staff may address its Windows concerns, but adversely affect their Linux infrastructure, without a patch management process that accounts for both.
There are server patch management tools to alleviate these problems, such as Lumension's Patch Manager DataCenter. The PMDC provides a centralized dashboard for administrators that helps ensure that updates and patches pushed down from Microsoft do not adversely affect a data center's non-Windows footprint.
Patch management methodology
Update and patch management within the data center is not simply a matter of buying the right tool. As in most things in the IT profession, the human aspect must not be overlooked when it comes to implementing updates within the data center.
Having high-end tools can be a tremendous help, but room must be made for human intuition. For example, if Cisco were to push out a security update for a certain type of network switch, IT teams cannot simply install the update and allow patch management software to take care of the rest. The best update and patch management process is to replicate the update within an isolated lab, and allow appropriate administrators to throw different scenarios at it. In this case, network administrators working on the newly updated switch can examine whether or not the update will adversely affect VLAN configuration or network configuration. Administrators can also test the effect the update has on adjacent network devices, such file and database servers. After the update has been simulated within an isolated lab environment, network administrators will feel more comfortable implementing the update into their live production infrastructure.
While the right software assists with patch and change management, OS and network inventory updates, every effort should be made to have IT pros examine results prior to live implementation. If done properly, IT shops can strike a balance between the automation and human interaction.
Ease updates with rigorous IT asset management
ITAM and wasted money: A case study
How to get a patch management tool req
Making one server, multiple OSes work