http://thwack.solarwinds.com/community/application-and-server_tht/patchzoneBack in the day, patch management had to be done using large spreadsheets, linking each patch to its specific version number in order to track what needed to be patched.  Tracking the software versions to be patched with a spreadsheet can be a nightmare for administrators.  Microsoft improved upon this process with the introduction of Windows Server Update Services (WSUS) in 2007, which made patching Microsoft updates easier.


Today, with the introduction of virtualization, administrators are faced with a different kind of problem: how do you distribute and deploy patches to multiple machines across the network when many of those systems are all shut down?  It is a very time intensive task for admins to turn on off-line physical systems or dormant virtual machines.  
Luckily, there are several approaches to solve for this issue,


• Administrators can announce a particular maintenance time were they can ask users to leave their desktops powered on.
• WSUS has a feature of notifying the user through balloon notification about the available update.  In this case, the desktop must be part of the WSUS automatic patch deployment processes.
• Administrators can use a remote wake up feature using a third party application, so administrators can switch on or reboot user systems remotely.  For virtual machines that are off-line, you can manipulate the bits on the VHD (virtual hard disk) file or you can power the machine on, update the machine using WSUS and then power the machine back down.


Scheduling maintenance time can cause network downtime and may become infeasible in large enterprise as it is difficult to determine whether the systems are turned off or on. And if your organization uses WSUS, end users can deny the update from happening by cancelling it.


Which is the best option?

Wake-On LAN might be the best alternative because you are able to reboot computers after the patch is applied.  Once more, if you are using a patch management tool, you can run a report to see if the patch was successful before you power-down the system.


How do you patch off-line servers & desktops? Please comment and share your experiences!

 

Sign up for alerts on PatchZone news & tips here.