Decision Support: Automatic Upgrades: A Hands-On Process

As Web services and software updates from the Web become more prevalent, managing IT resources and support requirements for those updates is becoming more difficult.

While automatic software updates appear more convenient on the surface, in many cases, they'll create an underlying current of incompatibilities introduced without the knowledge or control normally exercised in managing business IT resources. The lack of integration among automated delivery mechanisms from different vendors will exacerbate the problem.

Automated delivery mechanisms will be coming in all shapes and sizes, from wireless updates to Java applications running on wireless mobile devices to the newest anti-virus definition file designed to combat the latest threats to business security. Even the home won't be safe as set-top boxes, digital video recorders, and everyday appliances begin to receive automated updates controlled from central locations.

Some of these updates may be confined to a particular system or platform and be manageable for the most part if given adequate resources. Other automatic updates will have far-reaching consequences, potentially affecting thousands or even tens of thousands of workers and their systems.

Automatic update software and utilities are capable of operating in a completely hands-off fashion to download and install updates from the Internet as they become available. For instance, Microsoft's automatic update works that way for Windows updates and patches.

Giga Information Group doesn't recommend using the completely hands-off settings for automatic updates. Companies should use either a manual update process where updates must be initiated or, at a minimum, a setting that notifies the user when an update is available but doesn't automatically apply it without the user's consent.

The hands-off approach isn't advisable for the following reasons:

Some companies have reported compatibility issues after an update has been applied. Computers that were operating normally began to have problems. If the users or administrators don't know when an update was installed, tracking the problem to its source becomes difficult. If multiple updates have been applied, testing each one after the fact is a time and resource-intensive process.

There may be no direct connection between the update mechanism and its tracking capabilities and the software inventory-tracking capabilities of the leading desktop-management suites. This is the case with Windows XP.

If tighter integration existed, it might simply be a matter of reviewing the history of a particular PC to see when the PC began to experience problems and what caused the change in the state of the machine. If the automatic update installation history can only be reviewed on the Web or from the information accessed via the control panel on the machine in question, administrators' flexibility and ability to solve the problem are significantly constrained.

Once tighter integration becomes available, completely automatic updates may be a viable option for companies that use desktop-management software.

With a growing number of mobile and embedded platforms coming to market, the ability to flash upgrade a device in the field is a requirement found on an increasing number of business-buyer checklists. Unlike a desktop system that may simply lose some degree of functionality from an errant automatic upgrade, such as when a specific application no longer operates but the system itself continues to run, a mobile or embedded device will often be rendered useless when an update fails. Without some degree of testing, control, and automatic restoration, allowing the automatic update of mobile and embedded devices carries with it the risk of turning these devices into nothing more than expensive paperweights.

Some day, automatic update mechanisms might adhere to a common framework that will define how updates are performed, managed, and if necessary rolled back when conflicts or issues arise. This framework might even provide IT managers with a single source of control over the automation of IT upgrades, but unfortunately, this vision isn't likely to play out in the next three to five years.

Companies that allow hands-off automatic updates today do so at the risk of creating an additional support burden to track problems when update-related issues arise. Businesses must exercise more control in any automatic software-update process and clearly define guidelines for users to follow. Companies should establish a standard set of procedures for implementing any form of automated software updates, hands-off or otherwise, and apply these procedures across products from different vendors in order to minimize risks and maximize the potential of automated update mechanisms.

Robert K. Weiler is chairman, president, and CEO of Giga Information Group, a global technology advisory firm. Reach him at [email protected]. Giga senior industry analyst Ken Smiley contributed to this column.