Patch management is a necessary evil these days. I've seen a single Mcafee update bring down an entire datacenter/company for several days. I've seen breakfix patches for monitoring software break other aspects of the product or open up new issues. I've seen patches re-introduce a previous bug that had been fixed and patched. I can't manage all the patching that goes on at my company, but for the ones that deal with my tools and systems I have a method that supports my madness so to speak. For OS and system patches, we patch and reboot DEV servers first....and wait a week before doing PROD servers. For product patches and updates we also follow the same philosophy to give us time to test and validate. We can't do a full regression test, but we have a representative group monitors and alerts on our DEV server to allow us to validate that what is in PROD works with the new patch/update.
↧