More SQL Server Updates

  • Comments posted to this topic are about the item More SQL Server Updates

  • I am also glad Service Packs are going away, just release a one type of patch and CUs appear to be the best way to do that.  I just hope vendors jump on board and certify CUs faster than they do SPs.

  • I don't disagree that going to a more regular patch / update cycle will be a good thing, but at least where I work it's going to be something of a pain applying the updates (especially if, as could happen, it gets mandated that we *MUST* install the updates when they come out.)  Why you ask?  Because our servers are *SO* locked down and the anti-virus is set to such a strict level, that the anti-virus blocks the SQL CUs from installing.

    Oh, not when you start the update, nor even during the update process, no the update finishes and then reports that it failed on one or more components (and often, the database engine is the component that failed.)  I don't have sufficient access to disable the AV during the process, my co-worker back in our server center can do it, but only by:

    1. Rebooting to Safe mode
    2. Changing a registry key
    3. Rebooting back to normal
    4. I install the SQL update
    5. Reboot to Safe mode again
    6. Change the registry key back
    7. Reboot
    Needless to say, this results in the updates being a very, very time consuming process and fraught with potential problems, especially when applying the updates to production.  Oh, your VPN to the office dropped during step 2 and won't reconnect?  Hope you don't mind driving in to the office.  Oh, your RDP session dropped during step 4?  Well, policy requires your session to be immediately and forcefully terminated regardless of what was running in your session at the time...

    At least I don't need to worry about vendors certifying their applications, all our stuff is in-house.

  • So in addition to more frequent updates, we have monthly OS security patches, the mess that is Windows 10 patches and updates plus application updates. Add in all the updates on Linux, the craziness of dependencies in the programming languages, it's a great time to be a admin/developer/power-user...

  • jasona.work - Thursday, March 22, 2018 6:37 AM

    I don't disagree that going to a more regular patch / update cycle will be a good thing, but at least where I work it's going to be something of a pain applying the updates (especially if, as could happen, it gets mandated that we *MUST* install the updates when they come out.)  Why you ask?  Because our servers are *SO* locked down and the anti-virus is set to such a strict level, that the anti-virus blocks the SQL CUs from installing.

    Oh, not when you start the update, nor even during the update process, no the update finishes and then reports that it failed on one or more components (and often, the database engine is the component that failed.)  I don't have sufficient access to disable the AV during the process, my co-worker back in our server center can do it, but only by:

    1. Rebooting to Safe mode
    2. Changing a registry key
    3. Rebooting back to normal
    4. I install the SQL update
    5. Reboot to Safe mode again
    6. Change the registry key back
    7. Reboot
    Needless to say, this results in the updates being a very, very time consuming process and fraught with potential problems, especially when applying the updates to production.  Oh, your VPN to the office dropped during step 2 and won't reconnect?  Hope you don't mind driving in to the office.  Oh, your RDP session dropped during step 4?  Well, policy requires your session to be immediately and forcefully terminated regardless of what was running in your session at the time...

    At least I don't need to worry about vendors certifying their applications, all our stuff is in-house.

    Has anyone documented (preferably a few levels up the org chart) the financial cost of this process?

    412-977-3526 call/text

  • I would venture to say it is the price to have these type systems in all honesty.  The unfortunate truth of the 'real' costs of IT.

    Anymore 'support' costs are getting higher and higher as security threats and defenses are built to stop them.  Firewalls, vunerability scannig, Multifactor Auth, AV, etc....

  • robert.sterbal 56890 - Thursday, March 22, 2018 10:28 AM

    jasona.work - Thursday, March 22, 2018 6:37 AM

    I don't disagree that going to a more regular patch / update cycle will be a good thing, but at least where I work it's going to be something of a pain applying the updates (especially if, as could happen, it gets mandated that we *MUST* install the updates when they come out.)  Why you ask?  Because our servers are *SO* locked down and the anti-virus is set to such a strict level, that the anti-virus blocks the SQL CUs from installing.

    Oh, not when you start the update, nor even during the update process, no the update finishes and then reports that it failed on one or more components (and often, the database engine is the component that failed.)  I don't have sufficient access to disable the AV during the process, my co-worker back in our server center can do it, but only by:

    1. Rebooting to Safe mode
    2. Changing a registry key
    3. Rebooting back to normal
    4. I install the SQL update
    5. Reboot to Safe mode again
    6. Change the registry key back
    7. Reboot
    Needless to say, this results in the updates being a very, very time consuming process and fraught with potential problems, especially when applying the updates to production.  Oh, your VPN to the office dropped during step 2 and won't reconnect?  Hope you don't mind driving in to the office.  Oh, your RDP session dropped during step 4?  Well, policy requires your session to be immediately and forcefully terminated regardless of what was running in your session at the time...

    At least I don't need to worry about vendors certifying their applications, all our stuff is in-house.

    Has anyone documented (preferably a few levels up the org chart) the financial cost of this process?

    I think the best way to describe the organization I work for' approach to cost is they are simultaneously incredibly loose with money and incredibly stingy...
    Or, security before ease-of-use.  We probably spend almost as much time figuring out how to get things done and working within the restrictions placed on us, as actually working.

    Or, if you prefer, seeing as I've never really kept it a secret...
    I work for the government, and we're here to help you (unless you work for us, then you're not getting anything done easily...)

  • I think this is an issue and one I don't have an answer to. My previous job was at a university. Because of the academic culture we were used to updating basically as soon as some update came out. I'm used to that type of cadence. But at my current job they're a lot more conservative. There's still the culture of, "I'm not updating <fill in the blank> until service pack 1 comes out". With Microsoft's culture of not having service packs but instead having monthly updates, what that often means is nothing gets updated. I'm not blaming anyone. I think this is the case that Microsoft's approach to releasing fixes has changed and not everyone is aware of that.

    Actually this reminds me that SQL Server 2016 Developer Edition on my dev box is probably woefully out of date. Where do I look to get the updates to it?

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Thanks Steve.

    Kindest Regards, Rod Connect with me on LinkedIn.

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply