Imagine having the ability to patch multiple systems while maintaining continuous Windows Server availability. Sounds like an IT manager’s dream.
Well, that’s exactly what Microsoft is promising with Windows Server 8.
As Microsoft’s Bill Laing wrote on the Server and Cloud Platform blog, “one of the most common customer comments we have heard is that patching and updating servers is a costly and error prone process.” The same could be said for the automobiles we drive and the homes we live in; anything of substance or value is going to have to be maintained and we’re going to have bumps in the road along the way.
It’s not the process that’s really the problem. We’re merely experiencing a side effect of continually emerging threats, system architecture weaknesses and, arguably, code quality problems. Mix all of this into today’s complex IT environments and it’s a recipe for oversights, exploits and business downtime.
Laing goes on to say that Windows Server 8 will have “the ability to script workflows with PowerShell to make it an easier and repeatable process to patch multiple servers while maintaining continuous service availability.” This begs the question: why don’t we have an easy and repeatable process in place already? It’s 2011 for crying out loud. We know what needs to be done and we have the means to do it.
I believe the real problem lies in Windows administrators not having the proper tools (patch management and vulnerability management) to get the insight into their environments that they really need. This is the perfect example of my mantra: you can’t secure what you don’t acknowledge. It’ll be wonderful if Microsoft can help take the pain out of the patching process and set administrators and businesses up for success by helping them to “keep the joint running.” The clustering and cloud features in Windows Server 8 will no doubt help. We just can’t rely on Microsoft alone to fix all our security problems.
So, Microsoft promises high IT service uptime in Windows Server 8, but what’ll that really translate into? I remember when Windows Server 2003 was going to be a game-changer, especially given its timing with Microsoft’s Trusted Computing initiative. As we saw, it ended up being more of the same. Exploit, patch. Exploit, patch. Fast forward to today and patching Windows servers is as important as ever especially given how simple it can be for an insider – or outsider who has forced his way in – to find and exploit a missing Windows patch with the free and amazingly simple to use Metasploit tool.
Maybe I’ve got it all wrong. Perhaps soon we’ll see that the marriage of multi-server patching and continuous availability in Windows Server 8 equals painless updates with no downtime akin to Novell NetWare when it was in its prime. I’m not holding my breath.
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security. Kevin can be reached at www.principlelogic.com or you can follow in on Twitter at @kevinbeaver or connect to him on LinkedIn.
This was first published in October 2011