Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > WSUS: Bloody Hell

Reply
Thread Tools

WSUS: Bloody Hell

 
 
AD.
Guest
Posts: n/a
 
      12-14-2009
On Dec 15, 4:27*am, Richard <(E-Mail Removed)> wrote:
> Im not being a dick, I actually would like to know as I am starting to
> get a few machines here, and while doing apt-get update and apt-get
> upgrade has not caused me too many issues so far I know its far from
> recommended.


I'm curious: why is using apt-get "far from recommended"?


--
Cheers
Anton
 
Reply With Quote
 
 
 
 
Enkidu
Guest
Posts: n/a
 
      12-14-2009
Carnations wrote:
> On Mon, 14 Dec 2009 21:05:51 +1300, Enkidu wrote:
>
>> Lawrence D'Oliveiro wrote:
>>> Reading this description of how you manage Microsoft updates
>>> <http://arstechnica.com/business/news...a-tiered-wsus-
>>>
>>>

> infrastructure.ars/1>
>>> and I thought: what about the software from all the other vendors
>>> you have to deal with? Do you have to go through some version of
>>> this rigmarole for EVERY SINGLE ONE of them?
>>>

>> That's a far more complicated setup than most organisations would
>> ever need. I suppose that you could do similar with a RedHat
>> Satellite Server and a couple of Proxy Servers, but you'd probably
>> need to do a bit of hand coding to make it work.

>
> Or perhaps you could set up a local repository on your network, point
> all the servers at that repository and stagger the times at which
> they pull their updates from the repository. That way you would be
> able to manage any software installed on those servers by packaging
> it with the RPM. )
>

In other words, you'd have to do some coding. Also your scheme does not
allow for a testing phase. That's the reason for separating out some
servers as 'DEV'. The Satellite and Proxy server provide the ability to
have a local copy of the RedHat repositories on one of your systems and
to schedule the pull down and/or distribution of packages, which your
scheme is missing. A true 'local repository' would only contain your
locally developed packages and would be additional to the standard
software channels.
>
> You would be able to check the success of the updates by checking the
> logs. A visual inspection of the relevant parts of the relevant log
> on the following morning should confirm that the updates were
> successful, or you could automate the checking process.
>

Installation is only part of the problem. Testing is crucial before you
allow an update to go out and break one of your applications.
>
> I suppose it depends on how much money you want to pay, and how
> complicated you want the process to be, and how much effort you want
> to put in, and how many servers you need to look after. )
>

The solution described in the MS article would have been at least
several hundred I'd guess. Up to a couple of hundred you'd likely need
only one WSUS setup.
>
> I would have thought that using a local repository would mean you'll
> know exactly what you're installing onto those servers, and using a
> shell script to report the results of the update would be a fairly
> good way of knowing what is happening on those machines.
>

You don't mean a 'local repository'. You're talking about something
closer to a 'local mirror' of the distro repository. You have no control
over how and when the updates would occur and you don't allow for
testing for update. Satellite and Proxy allow for these extra facilities
in a RedHat environment.

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
 
 
 
Enkidu
Guest
Posts: n/a
 
      12-14-2009
Lawrence D'Oliveiro wrote:
>
> Another thing is how people seem to think Windows’s Group Policy system is
> such a wonderful thing: it’s not. It only works with software that’s
> designed to work with it. Which makes it useless as a security mechanism.
>

Hehehehehehehehe! Group Policy may be a pig, but it isn't 'security
mechanism'. It's a control mechanism. Sure it can prevent you from doing
things, based on security settings, but *it* doesn't provide the
security. It also allows you to tailor the view of the system that the
user gets to see, so that if you feel the need you could insist on the
same desktop background for all users and prevent them changing it, to
take a seriously trivial example.

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      12-14-2009
Richard wrote:
> Lawrence D'Oliveiro wrote:
>> Reading this description of how you manage Microsoft updates
>> <http://arstechnica.com/business/news/2009/12/how-to-implement-and-maintain-a-tiered-wsus-infrastructure.ars/1>
>>
>> and I thought: what about the software from all the other vendors you
>> have
>> to deal with? Do you have to go through some version of this rigmarole
>> for
>> EVERY SINGLE ONE of them?
>>
>> No wonder Windows support costs are so high...

>
> How would you handle sending updates out to 4 groups of linux machines
> so that they are updated staggered with new packaged from your source of
> choice? How do you approve the updates to go out to them?
>
> Im not being a dick, I actually would like to know as I am starting to
> get a few machines here, and while doing apt-get update and apt-get
> upgrade has not caused me too many issues so far I know its far from
> recommended.
>

I don't know of any system on Debian-type distros that provides the sort
of control you can get with Satellite and Proxy servers on RedHat-type
distros.

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      12-14-2009
On Dec 15, 9:42*am, Enkidu <(E-Mail Removed)> wrote:
> I don't know of any system on Debian-type distros that provides the sort
> of control you can get with Satellite and Proxy servers on RedHat-type
> distros.


There are pieces of the puzzle, but nothing as complete/integrated as
the Redhat network stuff.

Incidentally, spacewalk is the open source upstream of that code and
there has been some preliminary work done on getting spacewalk to
handle debs and support Debian machines.

I haven't tried it yet, but this looks interesting:
http://www.ibh.de/apt-dater/

And if you don't mind paying money, there is also Canonicals landscape
service for Ubuntu machines.

--
Cheers
Anton
 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      12-14-2009
On Dec 15, 10:04*am, "AD." <(E-Mail Removed)> wrote:
> I haven't tried it yet, but this looks interesting:
> http://www.ibh.de/apt-dater/


Oh, and one more I forgot:
http://code.google.com/p/debmarshal/

--
Cheers
Anton
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      12-14-2009
In message <hg5gv7$60l$(E-Mail Removed)>, Craig Sutton wrote:

> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
> news:hg553q$u6g$(E-Mail Removed)...
>>
>> In message <hg50u2$rs0$(E-Mail Removed)>, Craig Sutton wrote:
>>
>>> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in
>>> message news:hg4q5m$nqp$(E-Mail Removed)...
>>>
>>>> Reading this description of how you manage Microsoft updates
>>>> <http://arstechnica.com/business/news/2009/12/how-to-implement-and-maintain-a-tiered-wsus-infrastructure.ars/1>
>>>> and I thought: what about the software from all the other vendors you
>>>> have to deal with? Do you have to go through some version of this
>>>> rigmarole for EVERY SINGLE ONE of them?
>>>
>>> Nope, many programs have a check for update option in their menus

>>
>> That’s what I mean—do you have to go through some version of this
>> rigmarole for EVERY SINGLE third-party package or vendor?

>
> What rigamorole? the app checks on it own if there is a newer version
> available and asks if you wish to download it. Or you can manually check
> for it in its own menu.
>
> Is that an issue for you?


You expect the staff to keep going round periodically to EVERY SINGLE
machine to do that?
 
Reply With Quote
 
Craig Sutton
Guest
Posts: n/a
 
      12-15-2009

"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
news:hg6g9t$nq8$(E-Mail Removed)...
> In message <hg5gv7$60l$(E-Mail Removed)>, Craig Sutton wrote:
>
>> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
>> news:hg553q$u6g$(E-Mail Removed)...
>>>
>>> In message <hg50u2$rs0$(E-Mail Removed)>, Craig Sutton wrote:
>>>
>>>> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in
>>>> message news:hg4q5m$nqp$(E-Mail Removed)...
>>>>
>>>>> Reading this description of how you manage Microsoft updates
>>>>> <http://arstechnica.com/business/news/2009/12/how-to-implement-and-maintain-a-tiered-wsus-infrastructure.ars/1>
>>>>> and I thought: what about the software from all the other vendors you
>>>>> have to deal with? Do you have to go through some version of this
>>>>> rigmarole for EVERY SINGLE ONE of them?
>>>>
>>>> Nope, many programs have a check for update option in their menus
>>>
>>> That’s what I mean—do you have to go through some version of this
>>> rigmarole for EVERY SINGLE third-party package or vendor?

>>
>> What rigamorole? the app checks on it own if there is a newer version
>> available and asks if you wish to download it. Or you can manually check
>> for it in its own menu.
>>
>> Is that an issue for you?

>
> You expect the staff to keep going round periodically to EVERY SINGLE
> machine to do that?



STAFF?

who mentioned staff? what are you talking about?


 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      12-15-2009
On Dec 15, 4:57*pm, "Craig Sutton" <(E-Mail Removed)> wrote:
> STAFF?
>
> who mentioned staff? what are you talking about?


All those people who run tiered WSUS setups to keep their home PC up
to date?

--
Cheers
Anton
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      12-15-2009
In message <hg71fh$213$(E-Mail Removed)>, Craig Sutton wrote:

> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
> news:hg6g9t$nq8$(E-Mail Removed)...
>
>> In message <hg5gv7$60l$(E-Mail Removed)>, Craig Sutton wrote:
>>
>>> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in
>>> message news:hg553q$u6g$(E-Mail Removed)...
>>>>
>>>> In message <hg50u2$rs0$(E-Mail Removed)>, Craig Sutton wrote:
>>>>
>>>>> "Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in
>>>>> message news:hg4q5m$nqp$(E-Mail Removed)...
>>>>>
>>>>>> Reading this description of how you manage Microsoft updates
>>>>>> <http://arstechnica.com/business/news/2009/12/how-to-implement-and-maintain-a-tiered-wsus-infrastructure.ars/1>
>>>>>> and I thought: what about the software from all the other vendors you
>>>>>> have to deal with? Do you have to go through some version of this
>>>>>> rigmarole for EVERY SINGLE ONE of them?
>>>>>
>>>>> Nope, many programs have a check for update option in their menus
>>>>
>>>> That’s what I mean—do you have to go through some version of this
>>>> rigmarole for EVERY SINGLE third-party package or vendor?
>>>
>>> What rigamorole? the app checks on it own if there is a newer version
>>> available and asks if you wish to download it. Or you can manually check
>>> for it in its own menu.
>>>
>>> Is that an issue for you?

>>
>> You expect the staff to keep going round periodically to EVERY SINGLE
>> machine to do that?

>
> STAFF?
>
> who mentioned staff? what are you talking about?


RTFA.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Bloody Hell Toolman Tim Computer Support 0 01-31-2006 07:22 PM
Bloody Hell nevillenevillesonsnr Computer Support 3 07-13-2005 04:26 PM
bloody hell nevillenevilleson Computer Support 3 06-25-2005 07:01 AM
BLOODY HELL neville Computer Support 2 06-15-2005 06:38 PM
Re: Don, please provide more information. but try not to put it all in the subject line cos it's bloody irritating. BTW read the groups FAQ Ted Kennedy Computer Support 0 06-23-2003 06:50 PM



Advertisments