Operating Systems

I found this rather interesting and thought it was time to toss up some reasoning behind how/why FastServers.Net does patch management in a 'delayed' type fashion. As most of you know, the second Tuesday of each month is called "Black Tuesday" by the Microsoft IT professionals. The reason for this is the multitude of security update/hotfixes/patches that are deployed for all of the supported Microsoft operating systems, web browsers, office applications, and yada yada yada. Sometimes the patches get so convoluted that Microsoft has to re-release the patch/hotfix the next month to address flaws that they forgot to fix in the first place.

So earlier this week we had a customer who wanted to update to SQL Server 2005 Service Pack 2 and wanted to know how we would go about installing it. I quickly explained to the customer that this service pack was not currently supported or being deployed by FS as we are still conducting testing and awaiting the "all clear" from the SQL community before releasing. Then came the battery of questions...."Well why does FastServers.Net wait so long in deploying updates and fixes that Microsoft releases. This just doesn't make any sense that you would wait to deploy a service pack that Microsoft releases for one of their products. Install it now!". WHOA! Slow down there mister man! I quickly explained to our customer that with the multitude of environments that we have, we do extensive testing to ensure any new roll out of security updates goes over each and every environment prior to release. In addition, the vendor for our patch management solution does their own internal testing of security updates before making them available for our master distribution manager. After hearing all of this, dejected and a bit upset, the customer agrees and we promise to notify him when we are moving forward in pushing out the updates.

Fast forward to 30+ hours later and VOILA....vindicated: http://support.microsoft.com/kb/933508

That's right folks. Leave it to the good 'ol boys at Microsoft to release an update to a recently deployed service pack. Hot off the presses this morning is Service Pack 2a for SQL Server 2005. YES! They are bringing back the 'a' in their service pack releases; remember SQL Server 2000 Service Pack 3a -- how touching (sniff sniff). So I notified our customer of the new release, along with a few others who have been requesting the installation of the recent service pack, and he was delighted that he waited. Vindicated? Nah, its not what I was looking for. Looking more for understanding in how we handle distribution of our updates.

So what to take from this? Well here is a list that you should follow:

- Just because Microsoft, or any other OS vendor, releases security updates/hot fixes/service packs for new vulnerabilities, take a second to review what the updates are addressing

- Verify whether or not the updates truly apply to your environment

- TEST before deploying to production -- never roll out updates to a production server without first testing

- Verify before installing -- disk space, server health, security audit, and virus scan

- Apply ALL the updates that are pertinent to your solution -- more than likely you are not using Media Player on your web server, so disable the application and ignore the updates for this

- Reboot after applying -- this is your true test to see if the updates were applied correctly...don't wait to reboot, even if one is not required after the patch install, reboot anyway

- Verify after the reboot -- check to ensure all services/operations are running before logging off and calling it a day

Yes there are a lot of steps, but taking these steps now can mean some very peaceful nights in the future; i.e. not having to stay up during maintenance periods for 10-12 hours when an additional 30 minutes of work could have prevented it all. Hopefully this will clear up and answer a plethora of questions of why FastServers decides to wait rather than deploy. And if there are ever any further questions on this or any other patch management question, drop me a email for additional clarification or tips.

As my compadre TL mentioned last week on this blog, a change in DST(Daylight Savings Time) for the nation has resulted in the need for an update of timezone data for all servers within our network. While for most machines, this can be resolved with a simple vendor-supplied patch, users supporting their own OSes that are no longer covered by vendor support (IE, Windows 2000) appear to be left out in the cold regarding this change. Fortunately, by using commonly available tools, Windows 2000 users are able to modify the timezone data on their local machine to reflect this new change. Read on for more information!

With the upcoming DST switch, OS vendors have been very proactive in providing patches for their Operating Systems that allow them to follow the new rules passed by Congress regarding DST for American timezones.

However, persons still operating legacy servers such as Windows 2000 were dismayed to learn that Microsoft was sticking to its guns regarding their Windows 2000 EOL(End of Life). Hotfixes were made available for Windows XP and Server 2003, but the Windows 2000 hotfix (which does exist) has not seen public release. In order to obtain it, one must order it from their Microsoft Account Manager. I believe the current list price is $4000 for a site license to use the hotfix - a large sum for a systems administrator looking to update a small amount of servers.

Fortunately, a tool released back at the beginning days of Windows 95 as part of the Kernel Tools package allows an administrator to hand-edit the Windows Timezone files in order to reflect the new DST settings.

In order to get started, download the tool to your Windows 2000 server from Microsoft from the following link: http://download.microsoft.com/download/5/8/a/58a208b7-7dc7-4bc7-8357-28e29cdac52f/TZEDIT.exe

After downloading, run the file, and extract the tzedit program somewhere on your server (The default of Program Files\TZedit is usually fine)

Run the extracted program - by default, the current timezone is already highlighted for you, so go ahead and click "Edit"

Now, enter the new date settings in DST portion of the timezone:
Starts 2nd Sunday of March at 2:00 AM
Ends 1st Sunday of November at 2:00 AM

That should be the only change you need to make - Click "OK", then "Close".

In order to make the server re-read the zone file - you will need to do one of two things:
Reboot the server or Double-click the clock to pull up time and date settings, and under the Time Zone tab, pick a different timezone and hit Apply, and then re-select your real timezone and hit apply again.

You're done! Your server has been updated with the new DST rules, and will change its clock at the appropriate date.

Ah yes...another fine day here at FastServers. Yes the Midwest Operations Center is continually being hit with snow, ice, and wind gusts over 30MPH, however it's business as usual!

As you may have already heard, the U.S. Energy Policy Act of 2005 passed by Congress in July, 2005, extended Daylight Saving Time (DST) by approximately four weeks. As a result, beginning in 2007, DST will start three weeks earlier on March 11, 2007, and end one week later on November 4, 2007, resulting in a new DST period that is four weeks longer than previously observed. This change impacts both the U.S. and Canada. For those of you running Microsoft Windows servers, it is imperative that you apply the latest update from Microsoft to correct DST so that your server will stay up to date. This link (Microsoft - http://support.microsoft.com/gp/cp_dst ) provided by Microsoft will allow you to determine which updates need to be applied to your servers/workstations/Windows Mobile Devices. For our Red Hat Enterprise and CentOS customers, here is a valuable link from Red Hat on the packages that need to be updated to deal with DST: (Linux - http://kbase.redhat.com/faq/FAQ_79_9950.shtm)

Yes Daylight Saving Time will save us energy on a larger scale, but we continue to lose power here in the Midwest with the ice/snow. Personally...someone should put a hit out on that Groundhog and his predictions. If he was so great at what he did, he would use his "knowledge" match all the numbers for PowerBall. Down with the Groundhog! So don't get too upset about losing the "hour of sleep". Spring is right around the corner and the weather will start to be glorious again.

FastServers will have a full maintenance round in the next upcoming days to address these the DST updates for our managed customers; updating this and other critical updates that need to be applied within our environments. For those of you who are savvy enough to handle the task of processing these updates, please do so within the next week; the 11th is fast approaching. Need further assistance with getting your server updated? Get in contact with a FastServers engineer for further assistance. Open a support request within your Pentagon account and we will be more than happy to lend support on this issue.

As the Emperor has foreseen.
And we're talking about our favourite corrupt Senator or Pope Benedict, whatever suits your fancy at this point... why? They look the same. So you want proof. O_RLY. Well, fortunately my archive of vastly incredible trinkets includes this particular exhibit, BEHOLD:
http://www.feanor.net/z0r/palpaPOPE.jpg

Winner winner chicken parm dinner. But who, praytell, is wise? Drew. He works here. Why is he worthwhile, you'll ask? Because previously he mentioned "keeping your operating systems updated to the latest 'n' greatest releases"... I'll explore this, whilst clarifying from my omnipresent throne, as this dispatch continues...

Ah yes, the battle that never really ends, regardless of how many years you contribute to the hosting realm! Fortunately, the FastServers Technical Group *wants* to help migrate your legacy linux or windows system(s) to our officially supported, *current* releases. Thankfully, that list has never been so straightforward. What’s considered current in the parallel-dimension that we call FastServers? CentOS or RHEL 3.x and 4.x, and all flavours of Windows 2003 Server.

Say what? Ahem, Fedora Core. And isn’t RedHat 9 still receiving support errata?

It’s true, Fedora Core does exist, and we’ll have a stable FC 6 before too long- but the window has closed on the limited “stop-gap” status that we allowed for this family of linux operating systems in the aftermath of RedHat’s decision to pseudo-commercialize a few years back. The push of Fedora Core has been increasingly “cutting-edge” as opposed to “stable”, as both aspects are mentioned officially in their mission statement. This developmental approach is not a sane solution for mission critical webserver environments… the Enterprise-level releases that RedHat and CentOS (the cloned, free, and perfectly legal spin-off) provide aim to extract the absolute best performance out of your server’s hardware while enjoying the stability of a rock-solid linux operating system. Let our expertise in automation and panel environments here at FastServers provide the extra bells and whistles you require: you don’t need the core OS that drives your linux webserver to be overburdened with “advances” that bog down the environment and open up a plethora of potential headaches elsewhere.

FastServers’ goal: Phase out remaining, dangerously underpowered (and increasingly vulnerable) legacy RedHat (7.3/9) systems by the end of 2006. Fedora Core family systems (regardless of legacy or current status) will be phased out by the end of the first quarter in 2007. DEFCON-ranking will likely have no bearing here: though we’ll deal with our “Managed” clients first of course, we will not allow for elderly, exploitable entities (that’s E-cubed, haha…) to exist within our critical hosting networks. It’s time to *get current* people! Did you realize that RedHat Enterprise 5.x family’s first official release is only a couple months away?

Elsewhere, any incarnation of Windows 2000 is a legacy product. If you’re using it at home or for any type of hosting you’re living quite dangerously. Sure, Microsoft is still pushing updates your way, but these attempts are the very definition of the bare minimum… multiple hotfix rollups and service packs have been cancelled over recent years and any machine driven by this OS is essentially a sitting duck *especially* if a webserver, mailserver, or related services are inhabiting said system. Migrate to 2003. We can help. Seriously.

FastServers’ goal: Phase out any remaining 2000-ish filth by the end of quarter #2, 2007. No job is too big, no fee is too big. And I’m done channeling Venkman. Google it if you need to.
………………………..

Basically, we’d like our networks as airtight as possible, and we’re only as bulletproof as each webserver hosted within our jurisdiction allows! Do your part by being proactive: when you have a window of opportunity for an upgrade, get in touch with our Technical Group and make it happen. Your customers will enjoy the added peace of mind and performance boost, and you’re likely to get more out of your hosting applications and related functionality (did I mention efficiency?) by sporting a *current* release of your favourite OS genre.

We’re standing by to assist. Always. Especially when it makes the whole of us safer.

Greetings, all! I hope this meets you all in good health during an upward-bound business trend... we here at FastServers.Net have been very ecstatic about on-going and upcoming changes in our business model, so keep an eye out for some big announcements soon!

Most of my vacation time has vanished for the warm season, so it's time to get set for some major PROJECT COMPLETION! I know that talk about changes to hosting environments sends some people into a panic, so today, I'm going to calm your fears with a bit about the product life-cycle of the operating system and the migration process to the latest and greatest versions you should be using.

Bottom line: the operating systems that FastServers.Net uses cannot be supported forever. Once the manufacturer of the operating system declares that the operating system is no longer stable or secure, in terms of today's server technology, we must do our best to inform our customers of the same. It is at this time that we explain the situation to our customers and present options to all that will be affected.

This process doesn't have to be painful! 100% of the servers that we have on our network that utilize control panels and have backup drives in their servers will have little-to-no problem in making this transition. A backup image can be created from user data for Plesk backups, which can be restored in new versions, and the cPanel backups can be created for all accounts, along with configuration backups, then restored after the server is re-installed.

When it comes time to do the full OS re-install, we will be required to format the drive. Currently, we are installing CentOS 4.x and Red Hat Enterprise 4.x on all Linux servers and Windows 2003 for all new Windows installs.

Here are some examples of legacy operating systems and/or current projects:

*Windows NT
*RedHat 7.3
*RedHat 8.0
*RedHat 9.0
*Fedora Core 1 (on-going project)
*Fedora Core 2 (on-going project)

If you currently have a server with any of these operating systems on your server, feel free to contact the Sales Engineers and we'd be happy to talk to you about migrating your current setup to the newest operating system. If you don't contact us, we'll be contacting you shortly with further details.

But enough of that crazy techie upgrade/migration talk! Lets talk about the current events that I'm sure EVERYONE cares about:

* The Oakland Athletics have clinched the American League West! *cheers all around* Last night, with a magic number of 2, the A's beat the Seattle Mariners and the LAA Angels lost to the Texas Rangers. What a night, what a night!
* The Iowa Hawkeyes are now 4-0 and tied for first in the Big 10 Conference. Biggest game this week? Ohio State at Iowa ... Number 1 vs. Number 13 in the nation. HUGE game, folks. Everyone root for the Hawks!
* The latest round of cPanel patches were applied to all of our managed cPanel servers before any compromise or attack was attempted. Good job, Support Staff!
* We're on the brink of bringing you new server builds from Dell! Stay tuned for more on this soooon!

That's about all I have for today, folks. Remember to get in contact with us for any configuration changes or hardware upgrades you need with your server! We're always ready for feedback and further discussions!

Have a great week, all!