Article

Freight company hauls in 37,000 Windows patches

Matthew A. DeBellis, News Writer

LAS VEGAS -- In what seems like an entry for the book of Guinness World Records, Roger Wilding and his IT colleagues at CNF Inc., a $4.8 billion freight transport firm, have installed 37,000 Windows patches on company desktops since August.

Wilding, senior technical engineer for desktop infrastructure, dropped this staggering statistic while speaking as part of a customer panel this week at the Microsoft Management Summit. He talked later with SearchWindowsManageability.com about CNF's stringent patch management procedures. That's when Wilding corrected himself and said that, as of Monday morning, the CNF IT department actually had implemented 37,142 patches.

With that kind of patch total, it might seem that Palo Alto, Calif.-based CNF waves every patch through with little care but, in fact, the opposite is true. After Microsoft issues a patch bulletin, Wilding's desktop group decides whether it's necessary. They don't bother with every patch. For instance, CNF passed on a Windows patch for a fax feature, something the company doesn't use.

If a patch is relevant, an engineer in the desktop group tests the software on a workstation using VMware Inc.'s virtual machine software. This might take an hour or two. If the patch doesn't break the workstation, an engineer installs it on each of the IT department's 30 PCs where, during their day-to-day work, engineers in the server and desktop groups watch for problems. Engineers leave the patch alone

Requires Free Membership to View

for several days, sometimes a few weeks. If no issues arise, then the desktop team uses Systems Management Server 2.0 in conjunction with Software Update Services Feature Pack to send the patch to all the company's PCs, Wilding said.

CNF's process of qualifying Microsoft's patches requires constant attention, but it's work time well spent. Wilding's desktop group -- three people, including himself -- are charged with supporting 1,200 PCs running various Windows operating systems, including Windows NT 4, Windows 95 and Windows XP. More stable operating systems mean fewer help desk calls from users, Wilding said.

He didn't claim perfection. "We've had issues, but we haven't broken a machine," he said.

CNF's desktop group wasn't always so up-to-date and proficient. Up until July 2002, Wilding's group installed patches on a quarterly basis or whenever an engineer happened to be working on a machine. The reason CNF has installed 37,000 plus patches in less than a year is because the company had to catch up. The IT department had to sift through a few years' worth of patches.

Because patching Windows is a never-ending job, organizations must have procedures in place to effectively deploy them, Wilding said. CNF got religion last summer and started using the Microsoft Operations Framework, which provides technical and procedural guidance for a range of Windows management issues, including patch management. Wilding constantly tweaks and improves the suggested procedures to better suit CNF.

"If you don't have the process to accept the patch, you're at risk of accepting a patch that could impact your environment," Wilding said. "That control needs to be there."

FOR MORE INFORMATION:

News from Microsoft Management Summit 2003

Administrators crave instrumentation guidance

The Best Web Links on Windows 2000 system management


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: