Best Practice dictates that any patch being deployed to a production environment should be tested in a non-production environment prior to deployment. The reason for this is to eliminate updates that could affect production negatively. You want to ensure a predictable roll-out once a patch is deployed and detect any conflicts with existing configurations that may be unique to your environment. Following are steps that can be taken to ensure a smooth roll-out:
- Take a thorough inventory of your environment; you need to know what applications you have and how those applications are configured. Develop a business application profile. This will help you prioritize which patches may be urgent and what your allowable downtime is going to be.
- Identify which security issues are relevant to your environment. Will the risk of not installing the patch mitigate the cost of installing it? Prioritize patches that are urgent against those that are less critical. Consider vendor-reported criticality when calculating the patch’s significance.
- Once patches are obtained, source and integrity should be verified. Typically, a digital signature is used for checking validity.
Ideally, you should have a test system that is identical to your production system. Virtual environments are great for this type of testing. Using a virtual environment allows for exact replication of your production environment. Using this type of environment can also save time, money and space. Once up and running, virtual environments allow for development testing, disaster recovery testing, and applications testing as well.
You will need to test for successful installation of patches once they are deployed to the replicated environment. Verify that basic system functions are working. Test for program failures and basic network connectivity. Test mission critical applications and services, and test that policies and rights are functioning correctly. Once this is done, you want to go into mission critical applications for testing to be sure that creation and saving of documents is functioning, and that you can open and access documents saved in older versions of the software. Check print capabilities and use of templates.
It’s always a good idea to document everything and have this information forwarded to applicable parties prior to deployment. This information should have the patch name, patch description, criticality, time to install, recommended sequence of install, and any errors or abnormalities.
Keep these tips in mind when you’re ready to patch and you should find you’re on your way to a successful and smooth deployment!