This article is about to say a patching process, generally patching process is divided into test environment testing and production environment installation two parts. If the size of the enterprise is small, there is no perfect process system, there are some patching principles can be followed, such as:
for various security patches above the security level should be distributed;
The security patches for the operating system should be distributed;
for various IE version security patches should be distributed;
for various other security patches (such as media Player, OutLook Express, etc.) should be distributed;
for security patches that have a status of updates revision, the system will be automatically released without manual approval;
In addition to the above-mentioned principles, for a slightly more complex enterprise, we can also carry out update updates in a more standardized and secure process through a combination of processes.
Microsoft's best practice is to install patches at least one months. Microsoft's Security Center will send a summary of the month's security bulletins around number 14th per month, and WSUS will receive patches from Microsoft at around 15th.
Here is a simple example, if our company has its own process management system (e-mail system can also be very troublesome). We can use a combination of some process management system to do patch testing, approval work.
(1) Each month by the patch administrator to check the new Microsoft release patches, the specific way to check is: through the WSUS console and access to TechNet Security Center to view the announcement;
(2) After the patch is received, the patch administrator initiates a test event and distributes the patches received during the month to the test group (the test machine of the testing group is provided by the feedback from other departments), and then notifies the groups to test the relevant patches (the notification can be either through process triage or by email notification);
The following diagram depicts a complete WSUS test patch approval process.
650) this.width=650; "title=" 121 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 121 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453445d4ca.png "height=" 363 "/>
650) this.width=650; "title=" 122 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 122 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453445blny.png "height=" 431 "/>
650) this.width=650; "title=" 123 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 123 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453446zfky.png "height=" 392 "/>
650) this.width=650; "title=" 124 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 124 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_13994534467zje.png "height=" 356 "/>
(3) Other departments to feedback the test results within a specified time (can be feedback by mail or process system);
If there is no problem with the test, we will approve the patch to the production environment, if there is a problem, first deal with the patch problem.
(4) Patch Manager According to the feedback of the current month patch to approve, release;
The following describes a procedure for WSUS to approve patches for a production environment.
650) this.width=650; "title=" "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px, "border=" 0 "alt=" src= "http:// Img1.51cto.com/attachment/201405/7/639838_1399453447olwt.png "height=" 351 "/>
650) this.width=650; "title=" 127 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 127 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453447pm6k.png "height="/>
650) this.width=650; "title=" "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px, "border=" 0 "alt=" "src="/HTTP/ Img1.51cto.com/attachment/201405/7/639838_1399453451tnvp.png "height=" 393 "/>
650) this.width=650; "title=" 129 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 129 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453451nurf.png "height=" 351 "/>
Note: If you are installing patches for the production server, you need to notify the departments in advance, after agreeing to install patches for the production server, and set a scheduled task to restart the server, and then remind the departments after the server restart is complete, pay attention to check the application.
When the client receives the patch, it can be installed, the general client we can set the automatic distribution through the Group Policy installation, so that the user does not require manual intervention.
The following describes a situation where a client is manually installed after a patch is received.
650) this.width=650; "title=" "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px, "border=" 0 "alt=" "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453452xumy.png "height=" 306 "/>
650) this.width=650; "title=" style= "border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px, "border=" 0 "alt=" src= "/HTTP// Img1.51cto.com/attachment/201405/7/639838_1399453455tgpg.png "height=" 390 "/>
650) this.width=650; "title=" 133 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 133 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453456kd6k.png "height=" 478 "/>
650) this.width=650; "title=" 162 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 162 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_13994534562ga1.png "height=" 333 "/>
Microsoft patches, some installed after the installation is not necessary to restart the server or client, some must restart the server or the client, the installation of an update does not need to restart the situation.
650) this.width=650; "title=" 163 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px; border-left:0px;padding-top:0px;padding-left:0px;padding-right:0px; "border=" 0 "alt=" 163 "src=" http:// Img1.51cto.com/attachment/201405/7/639838_1399453456ujpo.png "height=" 283 "/>
This article from "Zeng Hung Xin Technical column" blog, declined to reprint!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
