Hoping to ease the angst many corporate systems administrators experience in managing patches and updates, Microsoft is working on a cluster-based technology that allows the delivery of multiple patches across a number of servers simultaneously.
The Cluster Aware Update Wizard (CAUW), to be included with Windows Server 8, can administer updates to clustered systems without the need to take those machines offline, saving IT shops costly downtime.
In briefings in Redmond on Windows Server 8, Microsoft officials said CAUW was a direct response to many corporate customers that complained patching and updating is all too often an expensive and error-prone process.
“A big area of focus (with Windows Server 8) is on manageability and serviceability of cloud infrastructure without service downtime. We are delivering new technologies, such as 'cluster aware updating,' and the ability to script workflows with PowerShell to make it an easier and repeatable process to patch multiple servers while maintaining continuous service availability,” said Bill Laing, vice president in charge of Microsoft’s Server and Cloud Computing Division.
CAUW automates the application of updates to a failover cluster, with Windows Server 8 capable of supporting 63 nodes in a cluster. The updating software reportedly allows Microsoft’s security bulletin releases to be distributed with a single click, where all nodes in a cluster have their update levels verified and appropriate updates applied across the cluster. Microsoft officials said developers will be able to build new cluster-aware solutions that work with the CAUW.
Most IT professionals and those serving as consultants to IT shops see CAUW as a welcome relief. But they wonder how accommodating the technology will be to their existing procedures for testing and distributing updates, which vary widely from one shop to another.
“If they can deliver this and make it work the first time out, I’d be very interested in getting it into our shop,” said Jim Jensen, an IT administrator with a large defense contractor in northern Virginia. “But I would have to see how flexibly it can work with our (server) setup and patching procedures here.”
Larger companies with generally more skilled administrators should not have too much difficulty adapting CAUW to their particular methods of testing and delivering updates.
“It shouldn’t be too much trouble for larger shops. It just involves controlling the gating of when updates move across the boundary of Microsoft’s own release mechanisms to a customer’s in-house mechanisms. Most large companies are smart enough to manage that stuff for themselves,” said Ed Tittel, an independent consultant in Round Rock, Texas.
IT shops typically wait anywhere from 30 to 90 days to install an update after receiving it from Microsoft, Tittel said.
“Most companies have regular quarterly Windows updates they push out. Anything that is not rated yellow or red goes through their particular distribution mechanism. If they have a pressing vulnerability and the fix is in an update, many shops find an hour or two every 30 days to push out emergency patches. But the thing is, do people believe Microsoft’s critical rating for some of these patches? Right now they are the only ones who decide,” Tittel said.
Some administrators wish there was a quicker, more efficient way of determining if “critical” fixes are “critical” to their shops. Barring that, at least have an independent organization confirm Microsoft’s assessment that a particular fix should be installed sooner rather than later.
“When we scan down the list of critical fixes or updates on Patch Tuesday, we don’t really know what’s necessarily critical for us and what’s not. If we could determine that for sure, faster, that would save us time and money,” said Eugene Lee, a systems administrator with a large bank in Charlotte, N.C.
Let us know what you think about this story; email Ed Scannell at email@example.com.