OS Patching policy

UnixGuy

I'm trying to see how do you guys handle OS upgrades. I'm strictly talking about servers here, not laptops/desktops.




1) Do you schedule your OS (either Windows/Linux/Mac) updates to run periodically, say everyday?


2) For critical application, like a financial services databases, what's your policy on OS patching?


3) For Internet facing webservers, how often do you install OS updates?


4) For non critical servers, do you think it's a good idea to schedule OS updates to run automatically everyday?


Share your experience

tprice5

1. I deploy updates to all servers and set the deadline out in 2030. This way, the system owner can choose when the server is restarted and all they have to do is log in and all the needed updates are already queued up, ready to be fired off.

2. We don't have many critical servers/services that require high availability.

3. Our sharepoint front ends are all clustered so as long as they aren't all rebooted at once it doesn't really matter.

4. New updates are released once a month. Everyday seems unnecessary to me, though, I suppose it couldn't hurt assuming you don't have automatic reboots turned on.

Now I just need to learn how to do everything I can do in SCCM with Puppet