Patching


Patching should be considered an ongoing and vital maintenance activity. Keeping the operating system (OS) and other applications up-to-date is essential to maintaining a healthy and secure system. This section describes the main points for maintaining a patched Project Server system.

Windows Server 2003 Patch Management

The Windows Update Services (WUS) or Software Update Services (SUS) have become a staple for most Windows users since the days of NT 4 and Windows 98. Over the years it has evolved into an automated process built in to the operating system, but, as any Windows server administrator will tell you, it still is only a partial solution to keeping your OS patched. Security updates and application enhancements have become a weekly ritual for most server administrators. Unfortunately, despite the best efforts of programmers to release well-tested patches, automating updates to a production Project Server 2003 system using Windows Update is not recommended. Applying an untested patch to a production system could result in the entire system failing, resulting in downtime and all of its inherent issues.

A solid patch management strategy involves the following elements:

  • Performing verification of a solid disaster recovery plan.

  • Performing a risk assessment of whether to apply an untested patch to a production system. Ask whether this justifies the purchase of a test environment. Do the security concerns outweigh the potential downtime?

  • Performing active scanning for newly discovered security vulnerabilities and patches.

  • Defining maintenance windows so that users are aware downtime may occur.

  • Managing personnel and software to deploy an "emergency" patch within 24 hours and a "critical" patch within 14 days.

  • Performing a patch verification process.

Several software tools are available on the market today that provide security and patch management services, including Microsoft's Systems Management Server (SMS) and Software Update Services (SUS). Keep in mind that these tools do not replace the need to have a well-defined patch management plan.

TIP

Whenever possible, load new patches and application enhancements into a test environment identical to the production system and prior to applying them to production. In smaller organizations this may be cost prohibitive, in which case a solid disaster recovery plan is vital (see the "Disaster Recovery" section earlier in this chapter).


Applying Hotfixes and Service Packs to Project Server 2003

Hotfixes are generally a collection of files that correct a specific problem in the application. Microsoft defines a service pack as "a tested, cumulative set of all hotfixes, security updates, critical updates and updates. Service packs may also contain additional features for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features." As of the writing of this chapter, Microsoft officially released Service Pack 1 (SP1) for Project Server 2003. This patch is highly recommended and provides several key fixes and enhancements.

SP1 ENHANCEMENTS

One of the most important enhancements in SP1 is to the Views Notification service. Post SP1 includes the capability to run the Views Notification service on multiple servers, which allows for increased performance. Additionally, the service is throttled so that it will never take up more than 25% of the processor. Prior to this service pack, the Views Notification service wasn't adequately throttled and could dominate the processor, causing delays in the application.


Hotfixes should be applied only if you are experiencing the specific problem it addresses, with the exception of security hotfixes. This is recommended because hotfixes are generally not as thoroughly tested prior to the cumulative release in a service pack.

CAUTION

SP1 updates only the default IIS Virtual Root folder. If you are running a custom installation of Project Server 2003 that includes a nondefault IIS Virtual Root, you will need to manually copy the post SP1 files into the other virtual root folder. Take care to back up any custom pages prior to overwriting them. For a list of updated files in SP1, refer to the documentation on the Microsoft website titled "Description of Project Server 2003 Service Pack 1."


Microsoft Baseline Security Analyzer Tool

IIS and SQL servers are prime targets for security attacks and therefore should be monitored on an ongoing and real-time basis. Security hotfixes and service packs should be applied regularly. In addition to the SMS tool mentioned earlier, the Microsoft Baseline Security Analyzer (MBSA), shown in Figure 25.17, can be useful to scan for updates to SQL Server, IIS, and Windows Server 2003. MBSA is a free download from Microsoft.

Figure 25.17. Sample output from the MBSA tool.


PAGE 656.


PAGE 658.




    QuantumPM - Microsoft Office Project Server 2003 Unleashed
    Microsoft Office Project Server 2003 Unleashed
    ISBN: 0672327430
    EAN: 2147483647
    Year: 2005
    Pages: 227
    Authors: QuantumPM LLC

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net