Patch Management Best Practices – Deployment
Patches don’t always work as intended and can have unforeseeable consequences. It’s therefore recommended by industry experts to deploy patches in different stages to minimize the risk of unnecessary downtime.
Testing should, of course, be the first stage. Start by setting up test environments that model all critical and relevant production environments. Continue by establishing a test protocol (preferably this should be pre-established in a patch management policy). The protocol should basically lay out rules and procedures for testing patches. If the patch passes the test protocol one can move on to the following stage.
Don’t cut any corners in the testing stage! If something stops working in the production environment because of a poorly tested patch, you’ll end up spending more time trying to fix it!
When you have passed the predetermined criterias in the test stage, you can gradually start deploying the patch. But some issues might only surface in the actual production environment, it’s therefore best to not deploy the patch for everyone right away. Instead, start by deploying the patch to a few selected users that can provide you with feedback in case anything happens. This lowers the risk of unforeseen problems affecting a whole department or business unit. Hopefully the pilot stage is successful, and the patch can be mass deployed.
Finally it’s time for a full rollout. In this stage, you want to deploy the patch with minimal downtime. Business-critical applications, for example, should perhaps not be patched during peak hours. Furthermore, despite thorough testing issues may still arise so make sure to have a rollback plan in place in your patch management policy.
Analysis and Reporting Stage
After you have successfully deployed the patches, take some time to look for hidden issues and problems. Also make sure that there’s time afterwards for the patch management policy to be evaluated and improved. The IT landscape is constantly changing which means that strategies can’t stay static, they have to evolve as well. Go over the processes with your team and see if it can be improved.
Patch Management Best Practices – Further reading
If you are interested in learning more about patch management best practices, I recommend the articles below. Lastly for those of you interested in obtaining an automatically updated inventory of your IT assets to improve your patch management framework; head over to vScope Inventory & Reporting and find out how vScope can save you both time and keep track of patches for you.