patching servers using PSB software updater

gmr
Scholar

patching servers using PSB software updater

Anyone using this to patch their servers?

I'd like to; but it seems to be missing some essential options.

 

scheduling the patching, and optionally rebooting the server after patching are the two things that would allow us to use this effectively for server patching. or has anyone found an effective workaround for this

4 REPLIES 4
F-Secure Product Manager

Re: patching servers using PSB software updater

Hello,

Let me answer assuming that you are using the new Server Protection (if not, we recommend that you take it into use as soon as possible as it has many improvements especially to software update).

 

Scheduling the patch is controlled from the "Profile for Server Protection". It allows to schedule the update for:

  • certain type of updates (e.g. only critical updates)
  • certain day and time (e.g. everyday at 18.00)

It also provides control over reboot by selecting ask user or force restart (and selecting in how many hours the restart happens.

 

Are these the functions you need or are you looking for different and more granular control?

 

gmr
Scholar

Re: patching servers using PSB software updater

Hello,

We are using the latest server protection.

 

Unfortunately, we'd need more granular control than this.

When patching servers we would not patch them all on the same schedule. one week we may patch servers A, B, and C. the next week we may patch servers D and E. then not patch any for some time. 

 

We're also very selective on exactly what patches we put on to servers, and wouldn't just go ahead and deploy every update available all at once to a server.

 

There are also specific time windows where servers can be rebooted - for example between 00:00 and 05:00. we can't just tick a box to say reboot after updates have installed, or reboot 2 hours after updates are installed - as this could essentally be any time, depending on how long it takes to complete the update process.

 

the generic settings in the profile work ok for workstations, but for servers some greater control is required.

F-Secure

Re: patching servers using PSB software updater

Please note that settings in profile work only for automatic installations. It's definitely good fit only for workstations and even there it's not for everyone - mostly people are patching only serious security vulnerabilities this way.

 

But there is also a manual way where you can select what and where to install. During maintenance window you can check all your servers in PSB portal one by one and apply only selected updates to it (manually). You can also disable reboot from F-Secure and do reboot some other way later (We are planning to add in future a remote action to request reboot remotely but it's not added yet.)

gmr
Scholar

Re: patching servers using PSB software updater

yes I suppose I could log in to check and patch all our servers manually in the PSB protal during the maintenance windows of between 12 midnight and 5am - but I will quickly get tired from no sleep.. and my wife won't be happy either.