Cutting Costs by "Semi-Outsourcing"
The place im working at is into some serious cost-cutting (what business isnt). Recently the people way above my head had a meeting with some account managers from Sun. I can imagine the meeting going something like this:
Sales rep: We can help you achieve better ROI on spent $$$$'s by letting us do more for you but you will still pay the same amount for your Service. Let us help you keeping your Solaris more available and more secure by handling all your OS updates.
Manager: That sounds like a good idea, Id like more $$$$'s to spend on our yearly Golf-tournament.
Sales rep: Thats what we thought, do you want some complimentary golf-balls?
So the meeting trickles down to us the senior admins and we start to groan. My opinion is this:
Keeping 500 unix boxes up-to-date with the latest patches is NO problem whatsoever, aslong as you dont have to think about applications. Ive seen several different patching tools that logs into machines, checks all patches and installs newer ones if needed and then makes a reboot and the machines is back online in no-time. (JASS, N1 *cough*, flar's etc etc). Sounds great on paper and when Sales Rep's talks to Management people. But in the end it comes down to the following 2 problems:
Applications and Service-windows.
Ofcourse all you other people out there work for THE company that has full control over their SLA's and all have their little service-windows every month when its ok to take down the servers and apply OS and security patches, and all your system owners scream of joy when you say you want to apply your quarterly OS patches.
Why cant management understand that Solaris is easy, applications are hard, you cant apply patches and go home and expect all applications to work as intended when you come back in the morning. After applying patches you need to make sure that the application works as intended. What takes time when it comes to OS/Security patches the troble is getting access to the system, getting some allowed downtime and then making sure everything works as intended after the patches have been applied, GETTING THE PATCHES ON THE SYSTEM IS EASY.
What makes management think that Sun's technicians would do a cheaper/faster/better job at patching our systems? When the problem lies within our own organisation? Hire us some secretaries to keep the paperwork away from us and that can handle booking of downtime and test-personell (or help with some automatic testing tools), and we will make sure that patching goes smoothly from thereon and everafter!!