Not quite two years ago, SAP founder Hasso Plattner was asked why his company was developing an appliance for running an entire SAP instance in RAM. His response was surprising.
"The simple reality is that 15 seconds is the longest anyone will wait for an answer on an iPhone," Plattner said. And a moment later he added, "So the real key is not so much the speed of our technology, but rather how we apply the speed to business."
In my opinion, this one statement encapsulates a recent paradigm shift in IT toward speed, agility, and heroic levels of availability. A decade ago, if the e-mail server went down, it wasn't the end of the world as long as external customers weren't impacted. These days, your internal customers are as demanding as external ones, and they know your phone number. People demand 24/7 access to all their applications, and they're getting it from their personal and social apps. Why shouldn't you be able to provide the same?
In my experience, this translates into ever smaller maintenance windows. In the past, we might have had all weekend to get an application upgraded, or to troubleshoot a failed patch. That's just not the case anymore. In addition to shrinking time windows, more and more applications that aren't customer facing are being added to the increased maintenance demands.
What I want to know is how this shift is affecting your patching schedules, methodologies, and applications. How can we possibly be expected to keep applications patched and available in an environment like this? The number of applications is growing, the number of "servers" is growing, thanks to virtualization. With the ever-increasing emphasis on security, the sheer multitude of patches that are released every month now is mind-boggling. And to top it all off, the increasing number of regulatory audits means you have to apply even the most irrelevant patches IMMEDIATELY.
So how are IT people out there managing patching when the battle is so asymmetrical? How are you balancing the need for availability, with the need for constant patching? Also, in your most critical production environments, how are you managing to patch quickly in an automated fashion, while still providing for necessary post-patch testing and verification in a shrinking maintenance window?
I hope we can have some fruitful discussion over the next few weeks on these topics that will help us, and our fellow troops!