R: Re: Patch Management on Critical Servers (Healthcare)

We indeed adopted a three layer way to deploy fix. First of all, there's a complete virtual domain hosted on a VS 2005 R2 server with 2 DC, 2 Exchange server in MSTSC and other 15 virtual servers to replicate the most critical aspects of our network.

We deploy fix in this virtual domain. If all goes well, we deploy them on limited number of member servers, for example passive cluster nodes, NLB hosts with higher priority, ..., and on a limited number of representative workstations that resumes production environment.

If all goes well we approve fixes for all production environments. These fix will be deployed on different days for different groups to avoid the denial of service if a fix slip out of all these controls.

All this was accomplished using WUS.

Michele Nappa

-----Messaggio originale-----
Da: gabe406@xxxxxxx [mailto:gabe406@xxxxxxx]
Inviato: mercoledì 10 maggio 2006 15.57
A: focus-ms@xxxxxxxxxxxxxxxxx
Oggetto: Re: Re: Patch Management on Critical Servers (Healthcare)


I can't comment on the FDA approved configurations, but I can give you our experiences with patch management in the healthcare industry. I maintain a network of servers for a non-profit company in the healthcare provider services area so budgets are examined closely as well as security of our data. After researching several options to secure our network with patch management we started using Patchlink Update (www.patchlink.com). To our surprise Patchlink gave us an efficient and customized process of deploying patches to our servers and nodes.

With Patchlink each patch released by Microsoft is tested and then released which makes our testing easier. So we just wait for Patchlink to test and release the patch then we apply the patch in our test environment and monitor any negative effects. We then select a few users on our network and deploy the patch using Patchlink. If all goes well, within a week the patch is completely deployed to all appropriate nodes and servers.

Downtime is easily managed by Patchlink, using the reboot scheduling options of each patch. For example, on our Exchange server will deploy the newest patch MS06-019 (after testing) on Saturday at 11:00pm and then have Patchlink reboot the server to complete the process so downtime is minimal.

Please feel free to contact me for any details or items I did not answer.

Gabriel Selmi

Network Administrator