Lesson 2: Updating Infrastructure
The Updating Team :
Identifying individuals with the right mix of technical and project management skills for deploying updates is one of the first decisions that you, and your management, will make. Even before staffing can begin, however, you need to identify the team roles, or areas of expertise, required for update management. Microsoft suggests using the Microsoft Solutions Framework (MSF) team model, which is based on six interdependent multidisciplinary roles: product management, program management, development,testing, user experience, and release management.
■ Product management. Product management is responsible for identifying the organization’s business needs and the needs of the end users, and for making sure those needs are supported by the updating process.
■ Program management. The program management team’s goal is to deliver updates within project constraints. Program management is responsible for managing the updating schedule and budget, and for reporting status, managing project-related risk factors (such as staff illnesses), and managing the design of the updating process.
■ Development. The development team builds the updating infrastructure according to specification. The team’s responsibilities include specifying the features of the updating infrastructure, estimating the time and effort required to deploy the updating infrastructure, and preparing the infrastructure for deployment.
■ Testing. The testing team ensures that updates are released into the production environment only after all quality issues have been identified and resolved. The team’s responsibilities include developing the testing strategy, designing and building the updating lab, developing the test plan, and conducting tests.
■ User experience. The user experience team ensures that the updating process meets the users’ needs. The team gathers, analyzes, and prioritizes user requirements and complaints.
■ Release management. The release management team is responsible for deploying the updates. In large environments, the release management team also designs and manages a pilot deployment of an update to ensure that the update is sufficiently stable for deployment into the production environment.
Assessing Your Environment :
The first step in planning your strategy to deploy updates is to assess your current environment.
Specifically, you need to know what operating systems and applications you have installed in order to identify updates that need to be deployed. You also need to understand the security requirements for each computer system, including which computers store highly confidential information, which are connected to the public Internet, and which will connect to exterior networks.
For each computer in your environment, gather the following information:
■ Operating system. Document the operating system version and update level. Also document which optional components, such as IIS, are installed.
■ Applications. Document every application installed on the computer, including versions and updates.
■ Network connectivity. Document which networks the computer connects to,including whether the computer is connected to the public Internet, whether it connects to other networks across a VPN or dial-up connection, and whether it is a mobile computer that might connect to networks at other locations.
■ Vulnerability-limiting factors. Firewalls and virus checkers might protect a computer against a known vulnerability, making the update unnecessary. For firewalls,document which ports are open.
■ Site. If your organization has multiple sites, you can choose to deploy updates to computers from a server located at each site to optimize bandwidth usage. Knowing which site a computer is located in allows you to efficiently deploy the updates.
■ Bandwidth. Computers connected across low-bandwidth links have special requirements. You can choose to transfer large updates during nonbusiness hours. For dial-up users, it might be more efficient to bypass the network link and transfer updates on removable media, such as CD-ROMs.
■ Administrator responsibility. You must understand who is responsible for deploying the updates, and who will fix a problem if a computer fails during the updating process. If others are responsible for individual applications or services, make note of that as well.
■ Uptime requirements. Understand any service level agreements or service level guarantees that apply to a particular computer, and whether scheduled downtime counts against the total uptime. This will enable you to prioritize computers when troubleshooting and testing updates.
■ Scheduling dependencies. Applying updates requires planning systems to be offline. This can be a disruption for users, even if the computer only requires a quick reboot. Understand who depends on a particular computer so that you can clear downtime with them ahead of time.
Deploying Updates :
To meet the needs of various types of organizations, Microsoft provides several different methods for applying updates. The preferred method for deploying updates is Software Update Services (SUS). Large organizations currently using Group Policy objects to distribute software might prefer to use Group Policy objects for deploying updates as well, because it allows them to deploy the update to many systems simultaneously. Group Policy objects can be used to automatically install updates on computers, or to make them available to users through the Add/Remove Programs tool. Finally, enterprises that use Microsoft Systems Management Server (SMS) can use SMS to deploy updates. You can even avoid manually installing updates on new systems by integrating the update directly into the Windows Server 2003 setup files.