On many a Saturday morning at 2 am, Shahin Yousefi could be found installing security patches. His work didn't end there. After each patch update, Yousefi spent Monday mornings making sure each server was in compliance, always a tedious endeavor.
Receiving and completing security patch updates was a time-consuming problem for Ciena Corp., where Yousefi is a database administrator. Finding time to schedule the four hours of downtime needed to update servers usually resulted in working during non-work hours. Further, surfing the Web daily to find which security patches Ciena needed also ate up a chunk of Yousefi's time. "I knew there had to be a better way," he said.
Yousefi wanted an automated way to get patch information. He also wanted to decrease his time commitment rolling out the patches to the 25 SQL servers he manages. Four thousand employees strong, Linthicum, MD-based Ciena makes optical switching equipment. It has a total of 300 servers running Windows 2000 and Unix.
So, Yousefi and other IT personal at Ciena set out to find a viable patch management product. The team researched Microsoft's Systems Management Server (SMS). They also checked out PatchLink Corporation's PatchLink Update, recommended by Yousefi's friend, a PatchLink employee.
PatchLink Update came out on top. SMS, the team found, would require rigid maintenance at a high cost. Through a PatchLink demo, Yousefi learned that PatchLink Update offered a targeted approach to installing security patches and at a fraction of the cost of SMS.
PatchLink Update provides a management framework to patch and fix security vulnerabilities on all the computers on a network, said Chris Andrew, vice president of product management at Scottsdale, AZ-based PatchLink. Installed on a Windows Web server running Internet Information Server (IIS), Update automatically receives patch information daily from a PatchLink database.
Once the viral and worm-related information is received, administrators can see at a glance which computers or servers on their network need patches. "The administrator then has the choice of when he wants to roll out the patch," said Andrew. The server software starts at $995 and is $12 per single user license.
Yousefi has been running a pilot program of Update 3.0 for the past month. He said he easily installed Update on Ciena's Web server. He then installed the client portion on 15 of Ciena's SQL servers and registered them.
Soon after, Yousefi knew exactly what patches were on the machines. He also knew what patches were critical to have and what patches he didn't need at all.
Being able to schedule when the patches will be updated is very useful, too, said Yousefi. When scheduled patches are complete, Update notifies him that they have been finished either successfully or unsuccessfully. Further, "if I have a group that needs a patch, I can schedule just that group to get that patch," he said.
In the past, Yousefi said, it would take 20 minutes to patch just one server. Now, "in the time it would take to patch one server, we can schedule everything."
Update's proactive nature is its best attribute, according to Yousefi. He knows immediately when a server needs a patch, he said, but may wait to deploy it depending on the severity of the security vulnerability.
Yousefi is quite satisfied with Update's service. He expects that Ciena will roll it out to the rest of the servers early next year. Maybe now he'll get a good night's sleep on Saturday, or at least spend the time away from the office.
FOR MORE INFORMATION