"Patch, patch, patch, test, test, test, test," says Tim Rice, a network systems analyst. Those two steps, repeated in multiples year in and year out, more than any others are the keys to patching systems from any vendor. Rice doesn't apologize for the apparent simplicity, because he knows the task is anything but.
What most IT managers say is that it takes a process to save a village.
David Giambruno agrees with that. His tip? "Fail fast."
For Giambruno, director of strategic infrastructure and security for Pitney Bowes, that means he knows where his pain points are in the network and he has documented why and how they may fail. "Fix the pain points last. Find out what is problematic, and once you do that, you will find you have a large area that is probably pretty easy to patch and [is] pretty vanilla. You get comfortable, and you can do those areas quickly."
As for the pain points? "You are going to have to ask for forgiveness initially," Giambruno says. But eventually, you document why certain systems are not patched or protected in other ways, such as with firewalls, because of ageing applications, configurations, hardware or department heads with their own issues. Documenting those anomalies lets you answer intelligently the inevitable C-level question: "Why weren't those systems patched?" Giambruno says if you can't answer that question, "you are the sacrificial lamb at that point".
Rice also has tips for keeping client upgrades as easy as possible. "Keep the hardware consistent. Windows XP is making that a lot easier," he says. "We build an image, put all of our software on that image, do a system prep and drop the image on the hardware. At most, we run a repair."
For Bruce Alcock, IT architect for Integris Health, one of the keys to client upgrades is preparation. His organization has forced end users to put their key files on network shares. "Everything is already on the network, so we've found this is not only beneficial for client upgrades, but if a user's PC goes out, they lose whatever is on the local drive. Forcing them to the network solves lots of problems."