From: "Geo." 

"John Cuccia"  wrote in message
news:5f343vg36qvlse27jjg2mj7blfklmlhqum{at}4ax.com...

> You need to log onto every server to do that.  If you have more than a
> dozen or so servers that becomes unwieldy.  Loading large patches
> across WAN links can be quite time-consuming, too.

Yes, it takes a lot of time to do it manually (I have lots more than a
dozen machines that get patched) and yes I have to log to each box with
pcanywhere. But the update process is quick. If there are 5 new patches I
can update a server in less than 5 minutes. Service packs take longer to
transfer across the network but the patches are quick.

> What downtime issues? If a patch is going to break a server, it
> doesn't matter if you run it by hand or using an automated process,
> no?

Downtime as in the time required to reboot the machine. You would not
believe how many customers can call in during the 2 minutes it takes to
reboot a major mail or login db server. Those types of machines may wait an
extra day in order to hit a low usage time. You really have to play it by
ear, backup needs to run first then you need to update and it all depends
on when a patch is released as to the timing.

> My point was this:  a single download point in no way implies that
> there is a coherent design/test program for those pieces.

Yes, that's why they call them hotfixes . If you want tested code
then you wait for the service packs but that might mean you are exposed to
the exploits for up to a year. That may not be acceptable in some setups.

Geo.

--- BBBS/NT v4.01 Flag-4