Microsoft seeks enterprise help in optional OS update testing
27 May 2015 | 0
Microsoft wants enterprise IT administrators to play guinea pig by deploying a lot more fixes to Windows 7 and Server 2012 R2, another step in getting customers to help test patches before rolling them out everyone.
In new guidance outlined during a session at the company’s Ignite conference, Thierry Paquay, a principal group programme manager on the Windows Update team, told corporate IT administrators they should transform their update practice — a process that if adopted would shift older OS, including Windows 7, to a model very much like the one that Windows 10 will use.
Rather than deploy only security updates, Paquay urged enterprises to also roll out optional updates — typically one-shot fixes to specific bugs — as they are released, then back fill with the “roll-up” updates Microsoft will regularly issue. Those rollups are collections of dozens or even scores of bug fixes that Microsoft will deliver for older OS.
“Our recommendation is that you deploy [the optional] hotfixes proactively,” said Paquay during a 70-minute talk. He also asked corporations to install the cumulative rollups. He cited two reasons in asking enterprise IT staffs to change their habits: To help Microsoft, and to help themselves.
Help us, please
Microsoft already has roped consumers into testing non-security updates by marking them “optional.” About 4% of consumer Windows customers, characterised as “experts of some kind”, manually apply optional updates, resulting in millions of monthly installations that give Microsoft an idea of patch quality and help it resolve problems. (The other 96% rely on a completely-automated Windows Update, which doesn’t include optional updates.)
Typically, an update pegged optional is re-labelled “recommended” — meaning it is automatically installed by Windows Update — a month or so later, once Microsoft has evaluated feedback, made corrections, and given it the green light.
But Microsoft is getting little information on those optional updates from enterprises, which usually ignore them unless they apply to specific problems encountered by the company’s PCs or servers. That is what Microsoft has told update managers to do for years: Until recently, Redmond has religiously suggested, “Don’t apply this hotfix unless you experience this particular problem,” in each patch’s accompanying advisory.
Paquay wants businesses to “validate” all optional updates — conduct their normal internal testing, in other words — then deploy every last one. The reason: to give Microsoft more information, particularly from business-grade machines, about the patch quality so that it can make necessary changes and promote the optional to recommended.
Microsoft will change the language in optional hotfix update advisories to read, “Deploy Hotfixes Proactively,” to align with Paquay’s plea.
“We need enterprise feedback,” Paquay said. “We don’t know what’s happening in the IT pro world with those updates, and we need to know. We want feedback to know whether those [updates] are enterprise ready, enterprise quality before we put them ‘recommended’ in the future.”
Microsoft is using two arguments to make its case that rely on self-interest on the part of IT administrators: optional updates applied pre-emptively can stymie problems before they appear, and piecemeal patching results in a heterogeneous environment that in the end is harder to manage.
“What’s bad around [not applying optional updates] is if the problem is data corruption in a database or the file system on the file server, or the problem is a blue screen, or a system hang and happens on a server on a cluster, it’s really bad to wait for this to happen,” said Paquay. “Then your business suffers.”
However, he spent much more time beating the Windows 10-style drum, telling his IT audience that contrary to decades of enterprise practices, they would benefit from having all devices always up to date. That, of course, is the Windows 10 model Microsoft has pushed.
“To simplify your IT process and policy, and make it look very much like Windows 10 will look when it releases into your environment … having your devices always up to date is the best policy,” argued Paquay. “It’s the easiest for troubleshooting, it’s the easiest when you call us for support.”
Roll-ups, those collections of numerous hotfixes, should also be routinely deployed, urged Paquay, so that the enterprise has a “clean baseline” for a specific OS, such as Windows 7.
This summer, Microsoft will also issue a Windows 7 roll-up, “To get [you] up to speed in one shot,” said Paquay, who called it a “convenience roll-up” for the post-Service Pack 1 (SP1) world. (Microsoft shipped Windows 7 SP1 back in 2011.) Paquay said he did not have a firm date for the Windows 7 roll-up’s release, but his summer timetable was a clue that it will probably appear either before or simultaneously with the launch of Windows 10.
What’s in it for us?
Although none of the questions asked in the Ignite session contested the advice — several people said they were already doing what Paquay asked — a few comments appended to a blogged summary of the presentation wondered what is in it for them.
“If Microsoft wants IT pros to help you, you need to help us,” wrote someone identified as “save patch Tuesday” in a comment. “We need fewer patches that require a reboot. When Windows can install patches without rebooting, then you can abandon Patch Tuesday. The strategy to release updates whenever they are available may fly with consumers, but it won’t benefit my business desktops and servers!”
Another commenter wanted clearer descriptions of what the optional updates do. “Customers would like Microsoft to fully document all available updates offered. Right now there are too many optional updates that are vague in their descriptions and impact,” said “Customers of Microsoft.”
Paquay, at least, recognised he is demanding a lot from IT, but defended the new guidance. “I know this is a big ask,” he said several times in his talk. “But if you do these things, you will be, in many ways, managing devices and servers in the same way you will when Windows 10 comes to your environment.”
Gregg Keizer, IDG News Services