Security

Download our spreadsheet for tracking system updates and patches

Tracking patches and updates to hardware, operating systems, and third-party software programs is one of the most challenging aspects of managing a network. Here is a strategy for getting on track and a free spreadsheet to make the job a little easier.


With hundreds, or even thousands, of systems to maintain, you have your hands full ensuring that these systems have the appropriate updates, patches, hotfixes, and service packs. Tracking and applying these updates can consume a large amount of your time. This article will describe the complexity of tracking these often-critical updates and provide suggestions on how to methodically make sure that your systems are running them. To help you meet the challenge, we've also created a downloadable Excel spreadsheet you can use to record information you need to track updates on individual systems, especially servers.

Why so complex?
Keeping your server systems up to date requires you to be diligent about tracking and installing a variety of items, including:
  • BIOS revisions
  • Firmware updates
  • Operating system patches
  • Hot fixes
  • Service packs
  • Updates to any third-party software

Let’s look at an example. Take a typical Dell 2400 Server running Windows 2000 and Exchange Server 5.5 that is needed for fax services. Dell’s BIOS revision A08 may be required to resolve a problem determining speeds with mixed microprocessor steppings. However, according to Dell, A08 cannot be applied until you have updated the embedded systems firmware to version A51.

Now Windows 2000 will need Service Pack 2 to resolve several security issues and bring the server to 128-bit encryption. Also, since the release of SP2, Microsoft has posted a couple of hot fixes to resolve some specific errors. Looking at Exchange 5.5, Service Pack 4 is almost a must, along with the MTA patch 2654.89 released last month to correct a mail flow issue. Last, but probably not least, is the fax software, which is currently at release 3.001.345 but should be at release 3.002.005 to provide a much-needed enhancement. Remember, this is just one system! You can easily see how these updates get very complex and labor-intensive when looking at all of your systems.

Capture and collect
Ultimately, no matter the manufacturer, operating system, or application(s) installed, you will have multiple updates that need to be tracked and applied. Determining the updates currently installed on all your servers is not an easy task. This information is necessary, however, to determine how much work is in store for you.

Unfortunately, much of this process may be manual unless you have the tools in place to automatically capture system information across your network. Most major server vendors have system management tools to assist with this task, such as Compaq’s Insight Manager, HP’s OpenManage, and IBM’s Netfinity Manager. These programs will check BIOS, firmware, and driver details across multiple servers.

The same holds true with major operating systems vendors. Novell’s ZENworks, Microsoft’s SMS, and Red Hat’s Network Software Manager can also capture information regarding currently installed service packs and patches. So what do you do once you have acquired all of this information? It has to be collected in a format that is easy to review and update. That's where our spreadsheet can help.

Evaluate and update
After you've entered the current system information in the spreadsheet, you can start to evaluate what updates, if any, you need to apply. Unfortunately, there is no easy way to accomplish this. Determining what updates are available and whether they are applicable to your systems will take some time.

Of course, you don't want to apply updates just because they are the newest and latest releases. Find out specifically what fix or enhancement the update provides. Weigh this against the risk and resources involved in applying the update. Ensure that you have done the appropriate testing and have a recovery procedure in place in case anything goes wrong. Remember Murphy’s Law!

Once you have applied all the appropriate system updates, establish a schedule for repeating the process of capturing, collecting, evaluating, and updating your systems. This may be once a week, once a month, or every quarter, depending on your resources and systems. If new critical updates are released, especially those dealing with security, you should have a special plan for applying them immediately. Larger updates, such as Microsoft service packs, may require a little more real-world testing before you feel comfortable applying them. Also, don’t forget to keep your spreadsheet updated.

As long as there are bugs to be fixed, security holes to be patched, and enhancements to be made, there will be system updates that need to be applied. A systematic approach to tracking and applying these updates is a crucial element to ensuring that the servers you support run optimally and that your systems remain secure.

How do you currently track system updates and patches?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.

 

Editor's Picks

Free Newsletters, In your Inbox