Help

Software Update Policies - not necessarily casper related

Kedgar
Contributor

Posted on ‎03-01-2010 06:27 PM

Hello,

A new requirement at work requires us to have a backout and verification plan for any change to production systems. This requirement also affects software update patching for servers (and probably desktops). We have to patch servers quarterly.

I would like to know if you have a procedure for patching... and what your backout plan is if something goes wrong. The only backout I can think of... and it is a pain... is to back up the OS drive using CCC or SuperDuper!. Unfortunately I do not have a server test environment to test patches and updates against.

Thank you,
Ken

0 Kudos
Reply
1 REPLY 1

Bukira
Contributor

Posted on ‎03-02-2010 12:36 AM

Hi Ken,

We have a strict policy on any changes to a system be it client, server, network etc, what would you like to know?

For patching, if something goes wrong on a client it would be a reimage and on a server a rebuild from a set of instructions,

However we rarely get to that point as we fully test.

We have a live network and a lab network, the lab is meant to be a replica of the live system as best as possible, any server patch or upgrade is applied to the test servers and tested before we sign off to install on the live.

For the Macs we have 4 live servers and 2 test servers, so when 7.2 is released of Casper we will install on the test casper server where i will test, then if i am happy with it i write a request form to apply the update to the live servers, then everyone in the department can comment on my decision, i include role back procedure which would be to remove capser and reinstall with version 7.1 and reimport the database, also stating whole long each stage will take and any risks and disruption to users, this is then signed off by management so if all goes badly wrong i am not held accountable as we all signed off on it as a group.

As for clients i decide if an update is appropriate, we dont use SUS, i then test on my mac and test deployment via casper policies, then our test team test on various macs, and reimage if need be, then again i put in an update form as above and then after it is signed off by testing it goes live.

By fully testing in a lab and on test macs we reduce any issues, also not deploying test or beta versions help, i wait a week or so after an update just to make sure apple hasnt messed up, and also dont deploy 10.x until it reaches 10.x.4+ and same with server versions, i probably wont deploy 7.2 for a month or so after release or maybe until september when i release 10.6

Criss

Criss Myers
Senior Customer Support Analyst (Mac Services)
iPhone Developer
Apple Certified Technical Coordinator v10.5
LIS Development Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

0 Kudos
Reply