March 1, 2016 at 12:44 pm
I have found out that one of the users, I work with, haven't rebooted their server for more than 440 days.
Their DBA's team has confirmed and also wrote they run no SQL nor Windows updates since, so currently there is SQL 2012 SP1.
As I have never seen such an approach before (there is no desire to be the first to update things - I accept this),
I wonder if this is a good practice not to update the server for such a long period and would like to have pros and cons, please?
Much appreciated!
March 1, 2016 at 3:30 pm
Not updating Windows or SQL Server (Windows in particular) for such a long time may put you at risk.
Attackers take advantage of vulnerabilities in the software you run and these vulnerabilities become public once the fixes are released. Needless to say that regular patching of your OS and SQL Server is an established best practice and any maintenance policy that involves doing things differently must have rock solid justification.
In your case, I don't see any justification other than "we've always done things this way".
-- Gianluca Sartori
March 1, 2016 at 3:58 pm
There are security patches that it's probably a good idea to get on the servers for all the reasons Gianluca lists. However, I've managed servers that stayed up regularly for six months at a time with no issues. We scheduled a reboot once a year just to help us identify hardware that was going bad, not because the servers needed to be rebooted. We generally did patching then too.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
March 1, 2016 at 5:57 pm
I'm in the same boat as Grant. We'll do security patches once a quarter after testing them, but nothing gets installed until after it's been out for a while. I don't patch too quickly because of patches breaking servers. It wasn't too long ago when SQL 2014 SP1 gave Microsoft a bit of a black eye.
March 1, 2016 at 6:12 pm
You seem like you may be new to the role, possibly an "accidental DBA."
While most answers in DBA land are "Maybe," if you are not really at the level to determine when to deviate off MS recommendations then I would stick as closely to them as possible. Its the safer answer, you can say "Microsoft Recommends." Eventually if you have an issue, they will make you patch first anyway.
You can review updates and fixes by looking at http://sqlserverbuilds.blogspot.com/ and diving into the patches. There are tons of them for each service pack. (Or just patch it and skip the reading.)
Guidance:
Cumulative update
Cumulative updates are now available at the Microsoft Download Center.
Only the most recent cumulative update that was released for SQL Server 2014 SP1 is available at the Download Center.
Each new Cumulative Update (CU) contains all the fixes that were included with the previous CU for the installed version/Service Pack of SQL Server.
Microsoft recommends ongoing, proactive installation of CUs as they become available:
SQL Server CUs are certified to the same levels as Service Packs, and should be installed at the same level of confidence.
Historical data shows that a significant number of support cases involve an issue that has already been addressed in a released CU.
CUs may contain added value over and above hotfixes. This includes supportability, manageability, and reliability updates.
Just as for SQL Server service packs, we recommend that you test CUs before you deploy them to production environments.
We recommend that you upgrade your SQL Server installation to the latest SQL Server 2014 service pack.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply