Perhaps the biggest part of and reason for Microsoft’s dedication to security is the pain of the software-patching process. On one hand, Windows customers are told that to be as secure as possible, they must keep up with and promptly download and install all patches from Microsoft.
While the recent deluge of worms and other computer attacks makes that a weighty task, companies also are struggling with the impact of all those patches on their unique IT environments. Microsoft has promised to make the process more predictable, more manageable and less disruptive to corporate IT consumers of its products.
The company, which has warned recently that its new Windows XP Service Pack 2 may significantly affect other applications, is providing online assistance and training for larger third-party software vendors.
At the same time, the software giant is rolling out a new Windows Update Service. TechNewsWorld talked with Steve Anderson, a director in the Windows Server division at Microsoft, to find out more about what’s going on in the world of software patching and updates.
TechNewsWorld: Could you talk a little about how Microsoft’s Software Update Services have changed into Windows Update Services — and discuss what the biggest differences are?
Steve Anderson: Basically, the difference is just a name change from Software Update Services 2.0 to Windows Update Services. Windows Update Services is an effort to provide consistency for Windows Server customers so it is easy to remember where to gain access to updates for their Windows systems.
As a corporate update management solution for updating Microsoft software, Windows Update Services represents the first step toward delivering core software distribution and update management infrastructure in Windows.
Windows Update Services downloads updates from Windows Update and allows administrators to test and automatically deploy updates to Microsoft software in their IT environments –initially Windows 2000, Windows Server 2003, Windows XP, Office XP, Office 2003, SQL Server 2000, MSDE 2000 and Exchange 2003, with support for additional Microsoft software over time.
TNW: How about improvements made to the new service?
Several improvements have been made to this version of Windows Update Services, including broader patching capabilities, consistent installation, simple targeting and bandwidth management, basic verification reporting and a consistent scanning engine.
Windows Update Services will automatically download patches for SQL Server, Exchange and Office in addition to Windows 2000, 2003 and XP patches and service packs. While not as rich as SMS 2003 and some third-party software, Windows Update Services will offer basic targeting of machines on a single dimension — for example, a defined user group.
One big limitation of Software Update Services 1.0 was that verification reports were not available. They will be in Windows Update Services.
TNW: You’ve mentioned that you’re testing already and that the software has been released to beta. How many testers are there?
Anderson: Yes, that is right. Microsoft has announced that the beta for Windows Update Services is under way for a few hundred customers and partners for early testing to gain customer input.
TNW: When and how will the new update service be rolled out?
Anderson: Customers should visit Microsoft.com/wus/ to find out about the new technology now and to register to get the public beta. After customers give us the okay, it will be available via download on the Web in the second half of 2004.
TNW: Which users and what software is this aimed at?
Anderson: Windows Update Services is targeted for the IT admin who wants basic update management functionality and control in keeping their systems up to date.
In addition to OS support, Windows Update Services will support SQL Server 2000, Exchange and Office. Windows Update Services benefits IT admins by automating many aspects of their update management process, thereby reducing the amount of time, effort, cost and risk associated with performing these tasks.
For example, IT admins can download updates, approve and distribute those updates in four easy steps. Windows Update Services is an example of how Microsoft is making good on its promise to continue to improve security and increase automation around the patching and updating experience.
TNW: What are the biggest challenges with this kind of updating?
Anderson: The key to update management is having a predictable process and procedure in place. Customers that have an [IT Infrastructure Library] patch-management process in place, along with update management automation software, experience a significant reduction in time, effort, cost and risk associated with applying updates.
TNW: Are there bandwidth requirements or issues to deal with?
Anderson: No. Windows Update Services can be configured to use only available bandwidth, regardless of speed. This is called bandwidth throttling. By combining bandwidth throttling with a new, exciting technology called Delta Compression, most updates will download up to 90 percent faster without any bandwidth interruption to the user.
TNW: While there is a certain risk in not applying the latest patches, there is also a risk in deploying a patch without thoroughly testing it and integrating it. What is your advice to customers?
Anderson: While Microsoft performs many tests prior to release, we cannot test all possible configurations that a customer has installed. We highly recommend that customers test updates for their specific environment prior to installation.
TNW: How much of Longhorn’s updating process are we seeing in the new Windows Update Services?
Anderson: It is too early to tell what will be included in Longhorn Server at this point. We’ll be sure to pass along updates when we receive them.
TNW: What will patching Longhorn be like?
Anderson: Again, it really is too early to tell at this point.