Patching should be considered an ongoing and vital maintenance activity. Keeping the operating system (OS) and other applications up-to-date is essential to maintaining a healthy and secure system. This section describes the main points for maintaining a patched Project Server system.
Windows Server 2003 Patch Management
The Windows Update Services (WUS) or Software Update Services (SUS) have become a staple for most Windows users since the days of NT 4 and Windows 98. Over the years it has evolved into an automated process built in to the operating system, but, as any Windows server administrator will tell you, it still is only a partial solution to keeping your OS patched. Security updates and application enhancements have become a weekly ritual for most server administrators. Unfortunately, despite the best efforts of programmers to release well-tested patches, automating updates to a production Project Server 2003 system using Windows Update is not recommended. Applying an untested patch to a production system could result in the entire system failing, resulting in downtime and all of its inherent issues.
A solid patch management strategy involves the following elements:
Several software tools are available on the market today that provide security and patch management services, including Microsoft's Systems Management Server (SMS) and Software Update Services (SUS). Keep in mind that these tools do not replace the need to have a well-defined patch management plan.
Whenever possible, load new patches and application enhancements into a test environment identical to the production system and prior to applying them to production. In smaller organizations this may be cost prohibitive, in which case a solid disaster recovery plan is vital (see the "Disaster Recovery" section earlier in this chapter).
Applying Hotfixes and Service Packs to Project Server 2003
Hotfixes are generally a collection of files that correct a specific problem in the application. Microsoft defines a service pack as "a tested, cumulative set of all hotfixes, security updates, critical updates and updates. Service packs may also contain additional features for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features." As of the writing of this chapter, Microsoft officially released Service Pack 1 (SP1) for Project Server 2003. This patch is highly recommended and provides several key fixes and enhancements.
Hotfixes should be applied only if you are experiencing the specific problem it addresses, with the exception of security hotfixes. This is recommended because hotfixes are generally not as thoroughly tested prior to the cumulative release in a service pack.
SP1 updates only the default IIS Virtual Root folder. If you are running a custom installation of Project Server 2003 that includes a nondefault IIS Virtual Root, you will need to manually copy the post SP1 files into the other virtual root folder. Take care to back up any custom pages prior to overwriting them. For a list of updated files in SP1, refer to the documentation on the Microsoft website titled "Description of Project Server 2003 Service Pack 1."
Microsoft Baseline Security Analyzer Tool
IIS and SQL servers are prime targets for security attacks and therefore should be monitored on an ongoing and real-time basis. Security hotfixes and service packs should be applied regularly. In addition to the SMS tool mentioned earlier, the Microsoft Baseline Security Analyzer (MBSA), shown in Figure 25.17, can be useful to scan for updates to SQL Server, IIS, and Windows Server 2003. MBSA is a free download from Microsoft.
Figure 25.17. Sample output from the MBSA tool.