Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How do you use Patch Management for Servers in your environment?

Created: 07 Jan 2011 • Updated: 18 Oct 2012 | 2 comments

We are looking to deploy patch management for our servers (400).  I would like to know how others are using it and how they have it deployed.

We are currently thinking about deploying patches to DEVELOPMENT servers on the 2nd Saturday of the month.  This would get all the new patches after patch Tuesday and hopefully if there was a big fall out from a patch I will know it before I deploy on Saturday.  If everything goes well the following week we will deploy those same patches on PRODUCTION servers the following Saturday.

My intent is to get all servers up to date, then after that I would create a deployment policy for the new patches and apply it only to the DEV Collection.  Applying that on Saturday at 2AM with a reboot at the end.  If all went well, then I would apply the same policy to the PROD servers to apply the following Saturday at 2AM with a reboot at the end.

Thanks for any help, I'm open to all suggestions.

Comments 2 CommentsJump to latest comment

Adrian_Ayala's picture

We have grouped a high number of our Windows nodes into several phases, this excludes our Tier 1 & 2 Production systems.

Phase 1 - All Dev/Test/QA are patched 1-2 after release (but recently it has been on a Thursday since the PMI for some reason only receives on Wednesday)

Phase 2 - Selected domain controllers Friday @ morning

Phase 3 - Misc. systems that Operations utilizes Friday @ evening

Phase 4 - DCs and file servers out in PacRim offices Saturday morning

Phase 5 - DCs and file servers out in Europe offices Friday evening week after

Phase 6 - DC and file server out in small US office Friday evening week after

Phase 7 - DC and file server out in small PacRim offices Saturday morning week after

darkblue's picture

We are using a combination of 60 Maintenance Windows and the Default Software Update Policy for our monthly security patch rollout.