0

I'm about to patch some production server and i was wondering if they will be in a unstable state until de reboot (at night).

I know there's 2 kind of patch, the ones who need a reboot and the others.

Our servers run 2008 R2 x64.

edit : We patch security updates for OS and middleware like java.

can someone enlighten me on this ?

Thank you.

e1che
  • 119
  • 8
  • 1
    I don't know how you expect an answer without letting us know what exactly you're doing in your patches, are you upgrading your OS? Adding something, updating specific apps? Regardless, if you want to know the effects of a particular set of patching, get a test server and perform your patches on there first, it's the only way to be sure. – Reaces Aug 25 '15 at 12:33
  • @Reaces I've updated my question, i patch OS security updates and middleware. – e1che Aug 26 '15 at 09:10
  • I don't think I can give you much in terms of assurances, but I've tried to give you something resembling an answer. – Reaces Aug 26 '15 at 09:20

1 Answers1

3

As you're being somewhat vague (or at least in-precise) on what updates you're going to do, I'll make some broad blanket statements that will hopefully answer your question.

For windows updates on Servers
You can generally safely postpone the updates indefinitely, not taking into regard that it is not safe to have your system be behind in security, stability updates and bug-fixes etc...
As long as you don't reboot, the following is true:

  • Your update is not / partially in place
  • Your system is slightly more unpredictable
  • Your next reboot will take longer, so an unexpected reboot during business hours might be worse than usual

While it is rare to have any averse affects after installing updates but not yet rebooting, it is still an extra degree of unpredictability that you should try to avoid.
Most people wait to install upgrades until they know they can safely reboot afterwards.

Keep in mind SP or CU installs are much more impact-full, and the reboot should not be postponed on those if you can help it (if even possible).

For middle-ware updates
This is completely out of your hands.
Each piece of middle-ware is different, and it depends on the vendor, as well as the specifications of the update.

If you're updating certain middle-ware to a higher step of the same main version most of them don't really require much in terms of reboots.
However if you're installing a new major version, some middle-ware will require a reboot, and be inoperative until you've rebooted.

The best advice I can probably give you is:

  1. Test your updates
  2. Make sure you have maintenance windows available for your updates
Reaces
  • 5,547
  • 4
  • 36
  • 46
  • 1
    +1. Having a long backlog of uninstalled Windows patches can cause high CPU as `svchost.exe` scans the OS as part of the Windows Update process. In addition the patches are created for reasons not rarely including security, stability and bug removal. I would therefore question the "safely postpone the updates indefinitely" statement in this otherwise good answer. – ErikE Aug 26 '15 at 09:31
  • In a static world I would agree, but computing evolves in the direction of continually discovering previously unknown security holes and so on. As a general rule an unpatched system gets more exposed as time passes. – ErikE Aug 26 '15 at 09:36
  • @ErikE I agree, and added it to the answer. If you by chance have any documentation about the CPU usage I'm very interested. – Reaces Aug 26 '15 at 09:36
  • Out of time, but google `high cpu` and `svchost.exe` and `Windows Update` and I'm sure you'll get relevant hits. – ErikE Aug 26 '15 at 09:39
  • @ErikE I can't find anything relevant to post update and pre reboot. Plenty of bugs with svchost during the update process but nothing specific to after the updates are done, and windows is waiting for a reboot. I'll research a bit more later today, thanks! – Reaces Aug 26 '15 at 09:43
  • Ah, misunderstanding! This can happen pre-update, as svchost.exe (regularly) scans for updates not installed and before the signal to execute updates has been sent. I'll get docs later when I have time to spend. – ErikE Aug 26 '15 at 10:21
  • "Updates will pin one CPU core during an update check and not clear until windows update service was stopped or the check completed." ...und so weiter. https://www.reddit.com/r/sysadmin/comments/3hb4pa/svchost_use_100_cpu_suddenly_on_multiple_servers/? – ErikE Aug 26 '15 at 11:58