Introduction
Windows operating system code may contain security flaws, bugs, incompatibilities, and outdated software elements. As a result, the system may be more vulnerable to security threats. The good news is: Microsoft regularly releases patches, or operating system updates, in an effort to help fix identified flaws and prevent unauthorized access to your system(s).
We want to help make security a priority for our customers. This means that we will continue to update our policies aimed at protecting your company from security threats. At this time, Electric's automated patching policy is a requirement for all existing and new customers who have Windows servers that are managed by Electric.
This article will describe Electric’s Windows Server Patching policy and help customers understand what to expect from this process. If you are an employee looking for information about Windows PC patching, visit this article to learn more.
Electric’s Windows Server Patching Policy
Today, Electric's automated server patching policy is a requirement for all existing and new customers who have Windows Servers that are managed by Electric. This service is included for no additional cost as long as Network & Server Management is included in your contract for the location where the server(s) reside.
This is an "opt-out" policy, meaning that server patching will be enforced by default unless you choose to be removed. Customers that choose to opt-out must do so in writing. Keep in mind, even if you are running antivirus or anti-malware software, it is still a security risk not to patch your Windows operating system.
Any time a system update is installed, there is a chance it may render certain functions to become unavailable. Electric believes that the security risk posed by not patching your server(s) far outweighs the chance that an issue may occur following the update.
We strongly encourage all customers to have a system-level backup solution in the event the server needs to be restored; whether it is your own back-up solution or one purchased through Electric. Support for remediations or restorations resulting from a patch install will be charged to the customer at Electric's hourly rate(s). Electric will not be liable if a server patch issued by Microsoft causes an issue on the server(s).
Electric's Process
For security patches to be applied to a company server(s), your server(s) will need to be taken offline and rebooted during periodic maintenance windows. Automatic patching will occur once every two weeks on either a Saturday or Sunday. Due to the need to staff specific technicians to support this maintenance, automatic patching is not available on weekdays. Below is an outline of what to expect for company-wide patching:
The patch installation process will begin at 2:00 AM EST on the maintenance date.
The window for downtime will be from 2:00 AM - 10:00 AM EST. Servers typically do not require the full 8-hour window to update. However, it could take up to several hours for a server to install its operating system patches and come back online. It is recommended that you alert your employees to plan accordingly for this downtime.
All company servers will be patched on the same day.
Does your company use Microsoft Hyper-V on your Windows servers? If so, please note that automatic patching for all Hyper-V Host servers will be scheduled on Sundays. Hyper-V Virtual Machines (VMs) will be scheduled for patching on Saturday. This is done in order to avoid potential issues that can occur from updating both the Host and VMs at the same time.
In the event a server has not automatically come back online after install, an Electric technician will attempt to resolve the incident remotely. If remote support is not possible due to accessibility issues, an Electric technician will reach out to the designated points of contact at your company. This may require a member of your team to go into the office to attempt to manually reboot the server with guidance from an Electric technician. If the server still fails to turn back on for any reason, Electric will dispatch a technician to the site as soon as possible*.
*Electric's Emergency Onsite SLA does not apply on weekends and time to dispatch a technician will be based on availability. Onsite dispatch is not possible for cloud-based server environments.
Manual Patching Options
Electric can perform manual server patching if requested. However, this option is only available for one-off patches to a company server(s). If ongoing patches are requested, maintenance must be executed via the automated server patching process outlined in the previous section.
One-off, manual server patches can only be scheduled on Monday-Friday between 9:00 AM - 6:00 PM EST.
Ineligible Systems
Electric will not patch Windows servers that meet one or more of the following criteria:
End-of-life Windows Server Operating System versions.
Low amount of free disk space (as determined by Electric) on the server's OS hard drive partition.
You are a customer that chose to opt out of Electric's automated server patching policy.
If you meet this criteria and require support, please consult with your Customer Success Manager.