Four-Phase Update Management Strategy
.gif "Cc526853.chm_head_left(en-us,TechNet.10).gif") |
|
.gif "Cc526853.chm_head_right(en-us,TechNet.10).gif") |
Four-Phase Update Management Strategy
The Microsoft-recommended update management process is a four-phase approach to managing updates, which is designed to give your organization control over the deployment and maintenance of interim software releases into your data center.
The four phases are:
- Assess
- Identify
- Evaluate and Plan
- Deploy
Assess
The process starts with the assess phase because you need to determine what you have in your production environment, what security threats and vulnerabilities you might face, and whether your organization is prepared to respond to a new software update.
Ideally, the assess phase is an ongoing process that you should follow to ensure that you always know what computing assets you have, how you can protect them, and how you can ensure that your software distribution architecture is able to support update management.
The key requirements for ongoing assessment are that you:
- Inventory existing computing assets
- Assess security threats and vulnerabilities
- Determine the best source for information about software updates
- Assess the existing software distribution infrastructure
- Assess operational effectiveness
Identify
The goals for the identify phase are to:
- Discover new software updates in a reliable way.
- Determine whether software updates are relevant to your production environment.
- Obtain software update source files and confirm that they are safe and will install successfully.
- Determine whether the software update should be considered an emergency, and submit a request for change (RFC) to deploy a new software update. Submitting an RFC is the trigger for the next update management phase, which is the evaluate and plan phase.
Evaluate and Plan
The third major step in the update management process is evaluation of the software update and-assuming that it is approved for deployment-planning for its deployment into the production environment.
Your goal during the evaluate and plan phase is to make a decision on whether to deploy the software update, determine what it will take to deploy it, and test the software update in a production-like environment to confirm that it does not compromise business critical systems and applications.
The entry point to the evaluation and planning process is an RFC for a software update that has been identified as relevant to your production environment.
By the end of the evaluate and plan phase, you should have:
- Determined whether the change request should be classified as an emergency
- Reviewed and approved the request
- Determined the tasks necessary to deploy the approved changes into production
You should also have tested the software update in a production-like environment to confirm that it does not compromise business critical systems and applications.
The key requirements for evaluation and planning are:
- Determine the appropriate response
- Plan the release of the software update
- Build the release
- Conduct acceptance testing of the release
Deploy
The fourth and final phase in the update management process is the deploy phase, which focuses on the tasks and activities required to deploy a software update into the production environment. Additional tasks might be required to deploy any countermeasures or mitigation steps.
Your goal during the deploy phase is to successfully deploy the approved software update into your production environment so that you meet all of the requirements of any deployment service level agreements (SLAs) you have in place.
The entry point for this phase is a determination that the software update is ready for deployment into production and that approval has been obtained to deploy the software update.
The deployment of a software update should consist of the following activities:
- Deployment preparation
- Deployment of the software update to targeted computers
- Post-deployment review