R: Re: Patch Management on Critical Servers (Healthcare)



We indeed adopted a three layer way to deploy fix. First of all, there's a complete virtual domain hosted on a VS 2005 R2 server with 2 DC, 2 Exchange server in MSTSC and other 15 virtual servers to replicate the most critical aspects of our network.

We deploy fix in this virtual domain. If all goes well, we deploy them on limited number of member servers, for example passive cluster nodes, NLB hosts with higher priority, ..., and on a limited number of representative workstations that resumes production environment.

If all goes well we approve fixes for all production environments. These fix will be deployed on different days for different groups to avoid the denial of service if a fix slip out of all these controls.

All this was accomplished using WUS.

Michele Nappa

-----Messaggio originale-----
Da: gabe406@xxxxxxx [mailto:gabe406@xxxxxxx]
Inviato: mercoledì 10 maggio 2006 15.57
A: focus-ms@xxxxxxxxxxxxxxxxx
Oggetto: Re: Re: Patch Management on Critical Servers (Healthcare)

Hello,

I can't comment on the FDA approved configurations, but I can give you our experiences with patch management in the healthcare industry. I maintain a network of servers for a non-profit company in the healthcare provider services area so budgets are examined closely as well as security of our data. After researching several options to secure our network with patch management we started using Patchlink Update (www.patchlink.com). To our surprise Patchlink gave us an efficient and customized process of deploying patches to our servers and nodes.

With Patchlink each patch released by Microsoft is tested and then released which makes our testing easier. So we just wait for Patchlink to test and release the patch then we apply the patch in our test environment and monitor any negative effects. We then select a few users on our network and deploy the patch using Patchlink. If all goes well, within a week the patch is completely deployed to all appropriate nodes and servers.

Downtime is easily managed by Patchlink, using the reboot scheduling options of each patch. For example, on our Exchange server will deploy the newest patch MS06-019 (after testing) on Saturday at 11:00pm and then have Patchlink reboot the server to complete the process so downtime is minimal.

Please feel free to contact me for any details or items I did not answer.


Gabriel Selmi

Network Administrator

---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Blow-out correction
    ... have flaws in them was a bit supercilious, ... kinds in many situations) we learn to avoid, protect, correct, construe, ... We certainly don't blame others who can't fix our errors as you are wont ... You don't wait for an important shot to learn how to rescue. ...
    (rec.photo.digital)
  • Re: Xilinx FPGA editor tips?
    ... Not necessarily because it's a bad tool, but even if it were awesome it's still an unwise design practice to hand-route--as you have found, it will take hours and hours to fix one net, and you will never save time in the long run. ... the hours spend hand-routing are in vain if you ever change the source again. ... make explicit all multicycle paths and ignored paths to free up routing resources. ... Try to avoid any sort of manual routing or routing guide files. ...
    (comp.arch.fpga)
  • Re: Xilinx FPGA editor tips?
    ... My advice is to avoid FPGA Editor at all costs. ... Not necessarily because it's a bad tool, but even if it were awesome it's still an unwise design practice to hand-route--as you have found, it will take hours and hours to fix one net, and you will never save time in the long run. ... the hours spend hand-routing are in vain if you ever change the source again. ... Try to avoid any sort of manual routing or routing guide files. ...
    (comp.arch.fpga)
  • Re: Toolbar Buttons Too Wide
    ... MS has always said that they could not "reproduce" the problem and thus they could not fix it. ... Is the cause of the bug is known; I mean in a way that would allow me to avoid it in the future? ... or grab the bottom of the toolbar with the double arrow ... arrows at the right end of the toolbar: ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: [PATCH] 2.6 workaround for Athlon/Opteron prefetch errata
    ... To avoid really ugly source code it would probably be desirable to just ... just like to avoid having the test or the fix at all on my Intel systems. ... And if I read correctly, that errata will be fixed in future Athlon CPUs, ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)