Windows Updates
Ensuring Secure and Reliable Windows Patching: A Look into our Process
At Digital Technology Partners we understand the importance of maintaining the security and stability of your IT infrastructure; a critical element of that goal is ensuring that your systems are up-to-date and protected against potential vulnerabilities. In this article, we'll provide insights into our Windows patching process and shed light on our schedule and methodology to keep your servers and virtual machines secure.
Our Patching Schedule:
Our patching operations are carried out through Connectwise Automate, our Remote Management and Monitoring software. We have meticulously designed a schedule to minimize disruption to your operations while ensuring timely installation of critical patches. Patching is scheduled to occur on Friday mornings, between 2:00 AM and 6:00 AM.
Patch Group Classification:
Your servers are divided into different patch groups based on their criticality and specific requirements(the Practice Management or Imaging software an office uses, for example). Each group may have a different patching window, ensuring that the most critical systems receive patches first.
Priority on VM Hosts:
For environments with virtual machines, we give priority to VM hosts, patching them two hours before the VMs. This methodology ensures that patching virtual environments goes smoothly and that the underlying infrastructure is secure before addressing individual VMs.
Approval Policy:
We understand that not all patches are suitable for every environment, which is why we deploy an Approval Policy. Our team of experts diligently reviews new patches weekly and processes them through the Approval Policy before deployment. This step allows us to filter out any patches that may cause compatibility issues or are not suitable for your specific environment. In cases where a patch is more harmful than helpful(for example if it breaks Practice Management software or prevents sensors/other hardware from working) we are able to blacklist the patch in question and uninstall it from endpoints where it has already been deployed.
Reboot Considerations:
When patches require a reboot, we issue the reboot command during the scheduled patch window. However, if the patches do not require immediate reboot or if there is insufficient time for a reboot, servers will reboot automatically after 30 days of continuous uptime. This approach ensures that servers are rebooted efficiently to apply critical updates while maintaining system stability and minimizing interruptions to your daily operations.
Our Commitment to Your Business:
At every step of the patching process, our dedicated team of experienced technicians closely monitors the operations to ensure the smooth installation of patches without any disruptions to your business.
Constant Vigilance:
Patching is an ongoing process, and we remain vigilant to keep your systems up-to-date with the latest security patches. Our team is always on the lookout for emerging threats and vulnerabilities to proactively protect your infrastructure. We do this through vendor alerts, patch mailing lists, and robust MSP community involvement.
Transparency and Communication:
We value transparency and open communication with our customers. If you have any specific concerns or questions regarding our patching process, please don't hesitate to reach out to our support team.
As your partner in technology, our goal is to provide a safe and secure IT environment for your business. With our careful and well-planned patching process, you can rest assured that your systems are in capable hands.
Thank you for entrusting us with your technology needs. We remain committed to delivering exceptional service and safeguarding your valuable data.