Update your production servers and stop making excuses about it

An out of date Windows Server

No!

Folks, we all like to make sure we’re doing our level best to make things work smoothly.

So why am I staring at someone’s server that has never been updated since it was first set up almost three years ago?

Do better, so that I don’t have to yell at you. Seriously.

When we ignore updates, we are ignoring preventable catastrophic problems; we are ignoring fixes to security bugs, performance bugs, and data corruption bugs. Each one of these things could give you a really bad day. In two out of three cases it might even be a career-limiting move.

Security updates

This one really speaks for itself. Malware has become better at evading detection, and attackers are hiding their malicious payloads in so many ways it’s almost impossible to keep up. Antivirus software is just no longer up to the task as a solitary line of defence — if it ever was — and needs to work in conjunction with security updates for the operating system and installed software.

Additionally, we need to be more vigilant about what websites we visit, turn off link prefetching, install an ad blocker (Microsoft, Google and Apple are doing their part to do some of this in new versions of their browsers), and most importantly we shouldn’t be routinely browsing the web from production servers! Even as admins it’s easy to fall into that bad habit, looking up an error code or an obscure symptom. Please resist that temptation!

Performance updates

When we think of performance, we don’t often think of it being as critical as patching security vulnerabilities or as horrific as data corruption, but performance can often be an indicator that something may be amiss on the server, aside from affecting your company’s bottom line from lack of tuning or general neglect.

We’re so conditioned by working with beleaguered computers that we take slow computers as a fact of life. An excuse to get up and get ourselves a coffee. This can lull us into a false sense of security, shrugging off performance issues, when we should be taking them as a sign to dig a little deeper to ensure we don’t have cryptocurrency farming (called “cryptojacking”) going on, or early hardware failure or storage device degradation.

Keeping the server performing at its peak with the latest updates and patches is not only good for your company, but will also give you a baseline to eyeball against and an easy indicator to know that it’s time to investigate further when performance is out of line.

Data corruption

This is a blog about data platforms with a focus on SQL Server, but this point is valid for all software that reads and writes to memory (in other words, all software anywhere). Data can become corrupt for a number of reasons including cosmic rays changing the state of your memory. Yes, that’s a real thing.

Aside from buying ECC RAM and ensuring your data is backed up (and tested) frequently, the next best thing you can do to limit the amount of data corruption is to keep your operating system and software up to date. In the latest cumulative update for SQL Server 2016 Service Pack 2, for example, a data corruption bug (KB4135048) was fixed.

Summary

It’s imperative that you keep your operating system and software up to date. And if you aren’t updating your production servers, tell me about it on Twitter at @bornsql so I can yell at you first, before everyone else in your company does or you get fired.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: