Versions Compared

Old Version 10

changes.mady.by.user user-29411

Saved on

compared with

New Version 11

changes.mady.by.user user-29411

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Articulating expectations and understanding to reduce surprises.

Table of Contents

Top-level info

Glossary

What types of computer support does Chemistry IT provide, as it relates to patching?

Support typeSummaryNotesDetails
Self-supported computerA computer not set-up by Chemistry IT.It cannot be on CUAD so it cannot be managed using Cornell's tools.

System's network will be through eduroam (CIT's wireless network), AccessNet (CIT's wired network), or RedNet (Chemistry's nonIT-managed network).

  • System will not be on Chemistry's IT-managed networks.
IT-supported computerA computer set-up and configured by Chemistry IT.It's on CUAD. Thus, may or may not be IT-managed. 
IT-partially-managed computerAn IT-supported computer also partially managed using Cornell's management tools to degree permitted by the Group.

For systems which cannot be forced rebooted if multiple days of warnings are ignored.

Group assumes more responsibility by having to restart system, with updates, manually.

Group pledges to patch/ restart system once per month.

  • If that's not happening or not possible, how best detect or document that situation?

Depending on Microsoft Windows Updates configuration, group member may also need to initiate, and see through completion, OS patching. Windows can be set to:

  • No patching automation.
  • Download Microsoft patches.
  • Default: Download patches and install what it can without any reboot.
  • Download patches, install them, including reboots.

Note that reboots may be required to enable subsequent patches to download and install, which in turn may require more reboots. The longer one waits, the more reboots are likely required to fully patch the system.

IT-fully-managedcomputerDefault set-up. An IT-supported computer managed using Cornell's management tools, including Cornell-managed OS patching.

Only used for systems which can be forced rebooted.

Forced rebooting only occurs if system is not rebooted by user after multiple days of warnings about once per month.

 

 

Patching behavior

Service nameWindows OS patchedForced reboot?When?Common MS apps patchedCommon non-MS apps patched
A&S Central PatchingYesYes

Thursday, 4pm, once per month.

This Thursday is following Tuesday patch deployment by A&S IT, which is the Tuesday a week after "MS Patch Tuesday", which itself is once per month (2nd Tuesday of the month?). Except when MS skips or retracts patches in time.

Yes. List?Some. List?
Researchers' needs:YesNoWhen research group can, hopefully sooner than later.Yes. List?(Same as above)

...

  • OS patching and application patching via CU-based WUS, but no forced reboot.
    • Need for systems which can't tolerate a forced reboot.
    • Which also will likely be in 10-space so we'd want to use a CU-based WUS service, especially for patched apps not retrievable because not enable via CU's WUS serviceProxy server.
  • Application patching, but no OS patching. Possible? (Assumes applications will NEVER force-reboot a computer. True, thoughright?)

Notes

  • Auto-installation of application software does not imply that it will be subsequently patched.
  • Patched application software may not have an installation option.

...