You need to keep your servers up to date. That much is clear to even the most novice sysadmin. What isn’t necessarily clear is how you’re to do that.
Should you do as so many other departments are doing, and rely solely on automation? Or should you roll up your sleeves and do everything by hand? The answer’s actually not as simple as you’d think.
In Favor Of An Automatic Approach
Let’s be honest – most IT professionals are already overworked as it is. A survey carried out back in 2013 found that nearly a third of administrators felt overly stressed, and that many of them had lost pride in their work. Automating your update cycle can take away at least a bit of that stress – you’re leaving server management in the hands of a system designed to deal with it, after all.
Not bad, right?
At the same time, there’s a certain element of risk to automating your software updates. There’s a good chance that, by completely automating things, you could end up causing a catastrophe. With that in mind, it seems manual is the way to go…isn’t it?
In Favor Of Manual Updates
As you probably already know, computers are finicky beasts. A piece of software that’s perfectly serviceable on one system could send another into conniptions, while bringing a third crashing spectacularly down. Taking manual control of every update cycle in your enterprise ensures that nothing passes through to the users without your direct say-so.
Yeah…remember how IT professionals feel overworked? Manually updating all your devices – especially in a large enterprise setting – is a surefire way to give yourself an aneurism. Manual updates, then, aren’t perfect either.
So…what’s the right choice, then?
Which One Is Best?
Honestly? Take a mixed approach. While it’s certainly acceptable to let minor updates apply themselves automatically, anything major – security updates in particular – should be thoroughly tested and vetted before it’s allowed into your infrastructure. Keep a test environment that lets you apply and run updates so you can ensure nothing major breaks with each cycle.
Beyond that, you can probably let everything apply itself automatically.
Do be advised that depending on how large your server environment is, this cycle could be anywhere from a few weeks to a few months. Also keep in mind that different devices are going to require different patching processes – workstations, for instance, can likely be updated immediately and automatically, while server patches may require a bit more legwork.
Oh, and one last thing – you need an EMM/MDM solution for mobile devices, or else they’re going to be an absolute nightmare to keep up to date.