Keeping your clients’ computers and servers up-to-date is a big and cumbersome task in an MSP business. It’s one of those time-consuming things that clients expect you to do as part of the monthly retainer. But there is a way to master the art of automated patch management with the least number of interruptions.
Not only is it difficult to get paid for patching, but you also risk getting complaints from your clients when you spend time keeping their machines secure. Updating computers and servers often requires a lot of effort and planning and there’s never the right time to update and reboot machines. Not to mention all the computers that aren’t in the office all the time and when they are, the users don’t want to be interrupted nor do they want their computers to reboot out of the blue.
Patching as we know it
Traditionally, the patching process goes like this: The IT admin waits for Microsoft to push updates every Tuesday and hence, they update the computers on Wednesday or the following weekend. Moreover, some of them want to test the updates first prior to rolling out a patch across the entire network. A long and tedious process. With the rising number of MSPs working as outsourced IT admins, patching is something clients just expect – and they definitely don’t expect to pay for it.
So as an external IT admin responsible for servers and computers that are difficult to access, how can you get automated patch management in place, so that you spend as little time as possible patching and don’t disturb your end users?
- Because your time is a critical factor here, let’s have a look at what best practice patch management means for server updates:
Updating 100+ servers across all your clients with Windows Security fixes (KB) is time-consuming (and often expected to be carried out during weekends).
- Logging in manually to a single server and applying the patches may not take more than a few minutes, but it adds up for each server rack in your client portfolio.
Monitoring the service status, network status, etc. and ensuring services are running fine all eat time out from your daily work hours.
- Cumbersome, right? The worst thing is, even though your clients don’t pay for it, they will complain to you if a missed update leads to a network vulnerability or compromises their security!
How to implement an automated patch management
So what can you do instead?
Set up a patching process once and for all, but tailor it for each client, who most likely have different needs.
Prioritizing and scheduling patches:
Fixing detected issues is simply a matter of configuring the system with the type of patches that should be automatically trusted and then selecting a time slot when the updates can be applied. You may want to treat servers differently from workstations, maybe only critical operating system patches are relevant – you decide what works better for each client. It’s all about ensuring automated patch management that doesn’t take away precious billable time.
There are plenty of tools out there, like Microsoft WSUS, which takes care of MS updates. It is limited to Windows, though, and does not support third-party apps.
I highly recommend that you install a patch as soon as it is released. Rather patch one too many than miss that important patch. I’m sure a client won’t mind if you fix an issue on a computer that was updated too quickly and was not supposed to have Adobe Reader updated, and they might even pay for it.
At Panorama9, we provide a toolbox that can help you to get an automated patching process for all your clients. Here’s a short guide on how it works:
On a final note: Don’t forget to brag about it! Tell your clients how quickly you responded to vulnerabilities and submit that monthly report that lists all the invisible, trouble-saving work your company silently did in the background. Do I have to mention that this report also can be automated?
If you want to learn more about how Panorama9 saves the day when it comes to automated patch management, remote control and network discovery, you are welcome to sign up for a free account here.