Don’t install untested patches in a Production environment

From Slashdot – Unreliable Linux Dumped from Crest Electronics

I Have My Doubts About the Guy (Score:5, Informative)
by Comatose51 (687974) on Thursday September 29, @01:14PM (#13672938)

the machine would basically, putting it in Windows terms, core dump or blue screen at random.

Blue screen is a Windows thing but core dump is not [wikipedia.org].

Crest Electronics is trialling Microsoft’s Windows Server Update Service, which allows automatic patching for the operating system and other Microsoft software on servers and desktop machines across a corporate network. Its benefits are one of the key reasons why Mr Horton stands by his decision to switch from Linux to Windows.

“We run Linux on our web server and for an accounting package with great success and we do use the auto-patching in those environments,”

I work in a Windows shop but we don’t do automatic patching. We don’t patch until we’ve done extensive testing on our own to make sure it works in our environment first. SUS/WUSS/whatever is great in the sense that it allows you to control how patches to your Windows workstations are distributed. You can change the workstations’ auto-update behavior so they only update from your SUS servers, etc. But the automatic update thing, from what I’ve heard, is rarely used in a production environment. In fact, Microsoft gives you a considerable amount of control over its behavior, probably because in recognition of the dangers of auto updating in a production environment.

Mr Horton disagrees: “It might be fine for things like security patches, which don’t impact SAP certification rules but with some patches you still actually have to check the release levels and then check against the SAP site. Otherwise SAP might ask you to roll back to the previous version before they will support it.”

Give me a break! The same thing happens in the Windows environment. It took Bloomberg and our other vendors a while before they supported Windows XP SP2. When SP2 first came out, a lot of vendors blamed SP2 for problems that may or may not have been SP2’s fault. It took Windows vendors a while to adpot SP2 as well.

In any case, the whole patching issue he takes with Linux seems absurd. Just a few days ago, I think our server guys patched their cluster with a Microsoft service pack. Now the cluster refuses to fail over properly. Patching in a production environment is ALWAYS a big headache if you want to do it right. Unfortunately for our server guys, we don’t have a spare cluster sitting around for them to test patches on like they normally do with other servers.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments are closed.