Windows 10 Patch Strategy: IT Dream Or Nightmare?
Here's what systems administrators and others in IT will love (and hate) about Microsoft's Windows 10 patch and upgrade strategy.
"Windows 10 isn't for all of us, but for each of us."
That's the tagline Microsoft is using to convey that Windows 10 won't cater to one particular group of users. Instead, it will be able to conform to how we individually use the system to fit our unique needs.
For decades, Microsoft and its Windows OS have been criticized for accommodating the needs of business users, while letting consumer needs take a back seat. The new security patch and update strategy in store for Windows 10 is a clear sign that the company has received the message loud and clear.
For the first time, Microsoft has said that "individual security updates would be released as soon as they were available, instead of in a big collection once a month." Additionally, a Microsoft evangelist explained that Windows 10 would be "the last version of Windows." In other words, new features and updates to Windows will simply be released and available for install when ready – as opposed to grouping together a collection of new features and releasing them as a major OS update, as has been done in the past with Microsoft's infamous "patch Tuesdays."
While these are steps in the right direction from a consumer point of view, it's far from ideal when you are the one supporting hundreds or thousands of desktops and enterprise applications. Administrators must maintain control and perform rigorous testing before rolling out patches and updates onto company devices. If not done properly, the potential for money-sucking downtime can be huge. That's why most – if not all -- administrators will turn off the automatic update capability for patches/updates and opt to maintain control of their installation.
Fortunately, Microsoft has created a chokepoint for enterprises that wish to oversee the release of OS updates. In fact, the new patch control tools are far more robust than what is offered today. In that sense, Microsoft will keep the same patching rollout schedule it has been using in the past. However, administrators will likely feel increased pressure to release patches and new feature updates far more quickly than has been done in the past. Consumer users will likely set the OS on their personal devices to auto-update, so the trend in the enterprise world will be to stay as close to the most recent patch or update version as possible. In some ways, this is a good thing. In other ways, it could be catastrophic.
Here, we look at the pros and cons of the Windows 10 patch and upgrade strategy from a systems administrator point of view. Once you've reviewed these, please share your opinion on the topic in the comments section below.
While Microsoft has offered the download of security patches outside of the standard "Patch Tuesday" process in the past, there were times where administrators were unnecessarily exposed to vulnerabilities. Now that patches will be released the moment Microsoft deems them ready, admins have the ability to roll them out whenever they want.
Beginning with Windows 10, systems administrators will feel even more pressure than ever to patch systems for security flaws. While it's nice that patches will be released for testing and deployment as quickly as possible, Microsoft's new philosophy on patch deployment could translate into shorter testing timelines in the lab. Because of this, errors will be made, and patches will be released that end up breaking critical business applications. So work quickly, but also be prepared to roll back when needed.
Windows Update for Business is a fairly robust toolset and a positive for systems administration of Windows 10 in the enterprise. This toolset allows admins to have granular control over the rollout of Windows 10 patches and feature updates. This includes controls such as distribution groups, maintenance windows, and a P2P delivery system that will help to streamline how System Center Configuration Manager (SCCM) deploys Windows updates.
OS updates can cause a lot of pain when enterprise legacy applications are involved. Because many of these applications are homegrown, they often break when the underlying OS is updated. Depending on the number of your legacy apps, and the competency of your application specialists, it may take a while to re-work each app so it functions properly. This is really nothing new from previous Windows versions, but it's compounded because of the speed with which new patches and updates will be released to the public. The potential to fall behind will dramatically increase.
In terms of enterprise support, Microsoft's Windows 10 patching and upgrade strategy is a bit of a mixed bag. But for the most part, the positives outweigh the negatives. Consumers will likely take advantage of the auto-update feature to ensure they have the latest and greatest. Because of that, they are going to expect their corporate-owned and -managed PC to have the same new bells and whistles as soon as possible. In that regard, there will likely be a reduced timeframe where testing against enterprise applications will occur. Your end users simply won't understand why there's a delay for an update, when their newly updated home PC works just fine.
Be thankful for these auto-update consumers, as they will become the digital guinea pigs in the world of Windows patching. They'll be the ones who run into trouble early on with a bad patch that breaks critical functionality. Then, we in the enterprise can sit back and wait for a proper patch from Microsoft to fix the newly discovered problem. Enterprise IT will no longer be at the tip of the spear when it comes to OS patching. And this, my friends, is a very good thing.
In terms of enterprise support, Microsoft's Windows 10 patching and upgrade strategy is a bit of a mixed bag. But for the most part, the positives outweigh the negatives. Consumers will likely take advantage of the auto-update feature to ensure they have the latest and greatest. Because of that, they are going to expect their corporate-owned and -managed PC to have the same new bells and whistles as soon as possible. In that regard, there will likely be a reduced timeframe where testing against enterprise applications will occur. Your end users simply won't understand why there's a delay for an update, when their newly updated home PC works just fine.
Be thankful for these auto-update consumers, as they will become the digital guinea pigs in the world of Windows patching. They'll be the ones who run into trouble early on with a bad patch that breaks critical functionality. Then, we in the enterprise can sit back and wait for a proper patch from Microsoft to fix the newly discovered problem. Enterprise IT will no longer be at the tip of the spear when it comes to OS patching. And this, my friends, is a very good thing.
-
About the Author(s)
You May Also Like