Sergey Nivens - Fotolia

Tip

Server patch management for multi-OS data centers

If you have a multi-OS data center, you know the struggle that is server patch management. Don't fret, the right combination of tools and human intuition can alleviate the pain.

Data center administrators play an ever-present game of catch-up with server patch management. And it only gets harder when you have a mix of Linux and Windows servers.

Microsoft's proverbial Patch Tuesday can take precious hours away from a Windows administrator's day, transitioning the updates and patches pushed down from Microsoft seamlessly into the data center infrastructure. Add to this monthly exercise the problem of ensuring that the server patches and updates interact cohesively with -- or at least don't become an obstacle to -- other non-Microsoft products such as Apache Web servers and Linux workstations. Server patch management in an often volatile data center can take on a life of its own that may be wholly different than that practiced within traditional enterprise networks.

You can maintain stability in the midst of heterogeneous networks, where one segment changes without regard for the others, with a patch management strategy.

The problem of cross-platform -- Linux and Windows for example -- management constantly arises during operating system updates. In a typical heterogeneous network, many workstations and file servers communicate via the Server Message Block (SMB) protocol. If Microsoft pushed out a security update addressing concerns within its implementation of SMB, this could affect connected Linux servers that communicate with updated Windows machines via Samba shares. Simply put, the data center staff may address its Windows concerns, but adversely affect their Linux infrastructure, without a patch management process that accounts for both.

There are server patch management tools to alleviate these problems, such as Lumension's Patch Manager DataCenter. The PMDC provides a centralized dashboard for administrators that helps ensure that updates and patches pushed down from Microsoft do not adversely affect a data center's non-Windows footprint.

Patch management methodology

Update and patch management within the data center is not simply a matter of buying the right tool. As in most things in the IT profession, the human aspect must not be overlooked when it comes to implementing updates within the data center.

Having high-end tools can be a tremendous help, but room must be made for human intuition. For example, if Cisco were to push out a security update for a certain type of network switch, IT teams cannot simply install the update and allow patch management software to take care of the rest. The best update and patch management process is to replicate the update within an isolated lab, and allow appropriate administrators to throw different scenarios at it. In this case, network administrators working on the newly updated switch can examine whether or not the update will adversely affect VLAN configuration or network configuration. Administrators can also test the effect the update has on adjacent network devices, such file and database servers. After the update has been simulated within an isolated lab environment, network administrators will feel more comfortable implementing the update into their live production infrastructure.

While the right software assists with patch and change management, OS and network inventory updates, every effort should be made to have IT pros examine results prior to live implementation. If done properly, IT shops can strike a balance between the automation and human interaction.

Next Steps

Ease updates with rigorous IT asset management

ITAM and wasted money: A case study

How to get a patch management tool req

Making one server, multiple OSes work

Dig Deeper on Systems automation and orchestration