When a new customer signs you on to manage their network and IT Services, they’re really instilling A LOT of trust in you. Many business owners and managers have the perception that they just hired someone to come in and handle everything an internal IT team or person would handle. That not only includes ongoing support operations day to day but also the back-end work that end users (and likely your customer contact) can’t see happening. While you likely have a very concise document that you provide your new customers that lays out exactly what items you’ll be taking care as part of your proactive maintenance, how do you know you’re covering all the bases? What components of your customer’s network do you include in this kind of maintenance? The easy blanket response is “well, we update everything”. Do you though? I’m surprised, even to this day, how many items are left out of the standard patching/maintenance routines, so I’ve compiled a list below of the different items a customer may have in their environment that requires regular patching, as well as a few tools in each section that may be of assistance for that particular item.

Note: While the tools I list in each section below may help in most cases, they are by no means ALL of the tools available in the marketplace. The ones mentioned here are simply the ones that I’ve had first-hand experience with. You’ll want to test any of these tools prior to using them in production.

With that out of the way, before we get started with that, let’s answer one simple question….

Should I be Running Updates on Everything?

I still hear this question way more often than I should. The short answer here is YES. Your customers are paying you for a service. That service includes keeping their systems running with maximum uptime, no data loss, and protecting them from security breaches. Regular patching is part of the equation for all of those items, but I’m surprised that in the MSPs I’ve talked with, they can often be selective about which items they apply updates to on a regular basis. The concern here is often breakage, which admittedly can be a concern for certain components, but you have to remember what the vast majority of patches are for. Patches typically contain fixes for discovered breakages, malfunctions, bugs, and security holes. Sure, getting them applied properly can be something of a chore sometimes, but leaving anything un-patched will eventually lead to your customer running into what was ultimately an avoidable issue. To help avoid the “broken-via-patch” issue, your team should be doing regular patch testing, either internally, or by having it outsourced to a provider (Continuum, for example, does patch testing as part of their platform). Doing this gives you the confidence to apply tested patches for all customers, and helps you justify the resounding answer to this question of “yes” as you move forward supporting your customers.

With that out of the way, let’s take a look at the checklist.

1. Endpoints

This is often what most customers will think of when they hear of patching/maintenance simply because it’s the network component that is most visible. While I could break this down into several sub-categories, for the purposes of this article simple know that when you’re patching your customers’ endpoints, it’s not just the OS that’s involved. You have third-party applications, device drivers, firmware, anti-virus, possible encryption software…etc…etc. When I first started putting this article together it was focused primarily on backend infrastructure, but I’ve added this item so that you can at least start thinking about your customers’ endpoints, everything contained within them, and how you’re going to patch them. Most RMM platforms today have methods for dealing with OS patching and common applications such as flash and java, but there will undoubtedly be other industry-specific applications that you will need to patch via other methods such as a manual installation of scripting.

Possible Tools to AssistWSUS, Continuum, ConnectWise Automate, Kaseya

2. Server OS

This is a no-brainer, right? The OS running on your servers (often Windows Server) needs to be updated regularly. Many MSPs dread the monthly patch Tuesday, but again remember what these patches are doing for you. In most cases, your customer’s core functions and data sits on a Windows Server somewhere, so when there are fixes to known issues and security vulnerabilities available I HIGHLY recommend you get them installed. You can install said patches manually if you’d like, but many RMM vendors provide the option of doing this for you. At the very least if you have a customer with more than a few servers, and you have no RMM package, consider using WSUS (Windows Server Update Services). It will make your life easier.

Possible Tools to Assist: WSUS, Continuum, ConnectWise Automate, Kaseya

3. Core Server Applications and Roles/Features

This line item simply refers to the core applications and roles/features that get installed on top of Windows Server. SQL Server or Exchange for example. When you’re running these on top of Windows Server, they often have patches and version releases that happen outside of the core OS. So, you’ll need to plan accordingly for these items as well.

Possible Tools to AssistWSUS, Windows Update, Manual Application

4. 3rd Party Server-Installed Applications

Not all servers run dedicated Windows Server roles/features. Many are running the hosting component of a core business application. Medical facilities might have a patient records application or a factory might have an inventory tracking app running for example. Whatever the application, they will eventually need updates as well just like the OS. When you onboard a new customer, you’ll want to take stock of the core business applications they use and where they live. Once you have your list compiled you’ll want to contact the vendor of said applications and determine their patching cadence and get documentation on how to apply patches when they are released. Have this information handy because it can be difficult to gather it at the last minute if an urgent patch is needed.

Possible Tools to AssistContinuum, ConnectWise Automate, Kaseya

5. Server Hardware

I find that this item is a big one that is often forgotten. An MSP will install a new server, throw Hyper-V or VMware on it, make sure it has the latest firmware and driver versions on it the day of installation, and then never update those items again. Those same components are capable of having bugs and security issues as well, and MSPs should be checking the hardware vendors website on a regular basis to see if there are new drivers/firmware on a regular basis. This is where it helps to have something like a baseboard management controller or BMC (Dell DRAC or HP iLO for example) in every server you manage because if you’re upgrading a NIC driver, or server BIOS or something, you have another avenue for getting into the server if there is an issue during a remote patching routine. Some of the MSPs I’ve worked with over the years have simply made BMCs a requirement when a customer wants to install a new managed piece of hardware. I’ve even seen some MSPs who will eat that cost if the customer won’t pay for it because the benefits often outweigh the costs.

Possible Tools to Assist: Dell Lifecycle Controller, HP Smart Update Manager

6. Storage Infrastructure

This line item is an important one. This item includes all the locations where your data sits (if not on a Windows server) and the interconnectivity in between. This includes things like NASs, SANs, Fibre Channel Controllers, SAS controllers…etc…etc. You want these items to be updated on a regular basis if for nothing other than stability. If your storage comes crashing down around you, nothing else is going to work. Make sure you spend the cycles necessary (and the maintenance windows too!) to ensure that these patches and fixes are being applied regularly. Thankfully the plus side here is that storage vendors tend to have excellent documentation and support when it comes to performing maintenance on these systems, so leverage them when you can.

Possible Tools to Assist: Dependent on Platform (See your vendor)

7. Network Infrastructure

Another frequently missed thing that gets patched at installation and then never again. Switches and routers are the unsung heroes of many networks. They quietly do their jobs and no one ever thinks of them. However, they do need security and maintenance fixes from time to time, so I recommend you check in with the switch manufacturer quarterly to see if there are any new firmware releases. The only rub with patching switches is if you’re doing it remotely, there is often no recourse other than to go onsite if something goes south during the patching process, so plan accordingly.

Possible Tools to Assist: Cisco IOS Software Checker

8. Firewalls

If you think about it, a firewall is often the first line of defense for the security of your customer’s network. It’s the entry point…  the castle gates if you will. Many MSPs see the value easily in making sure this item is patched regularly, but I still run into some MSPs that are still running super old cisco firewalls with ancient firmware. This is NOT one you want to forget. Add it to your quarterly checklist and plan an outage window as needed. Also, like switches, be sure to have someone standing by to head onsite if attempting to upgrade remotely. If things go south you won’t have remote access anymore.

Possible Tools to Assist: Dependent on Platform (See your vendor)

9. Printers

If you’re like me, you hate managing printers. They break often, everyone needs them, and they eat up a bunch of support time. But I’ve found over the years that if you keep them well maintained with regular visits from an imaging vendor and you keep the firmware and drivers up to date, that you can cut the support calls regarding these items fairly significantly. This item doesn’t need to occur often, but twice a year should make a meaningful impact.

Possible Tools to Assist: PrinterLogic

10. Phone Handsets

Another often ignored item. Many end-users simply pick up and use their VOIP phone without much thought to how it works. You as the MSP know better. While the backend server component of the VOIP service will often get patched as part of one of the above processes, the phone endpoints are often forgotten about. Make it a point to get their firmware updated twice a year to keep them up with security fixes and functionality.

Possible Tools to Assist: Dependent on Phone System (See your vendor)

11. Mobile Devices

Something of a new line item for many MSPs. As an MSP, wrapping your hands around all of your customers’ mobile devices (phones, tablets…etc…etc) can be difficult. However, many Mobile Device Management (MDM) packages on the market today are making this easier. Some will assist with version levels and lifecycle management so you can help close the management gap in this ever-growing section of your customers’ business as well. I think that as more corporate date mingles with users data on personal cell phones, this is a space that is set to explode from an MSP perspective. Many businesses don’t’ realize the intricacies of this new trend nor appreciate the importance of tight management and security of any device with their data on it. Adding this to your patching routine today could get you ahead of the game.

Possible Tools to Assist: VMware Air-Watch, Microsoft Intune

Wrap-Up

So that wraps things up for us! Again, use this list as a planning guide for regularly scheduled maintenance for your customers. If you make it a point to cover all of the mentioned bases above, you should see a drop in support tickets as a whole, leaving you more time for other billable work!

Whilst we are in the mood for updating things, if you haven’t already done so, why not subscribe to our MSP Dojo newsletter to upgrade your MSP via helpful articles like this one. Sign up here to receive a new MSP article every week directly in your inbox!

Also, if there is something you focus on patching on a regular basis that you don’t see on the list above, be sure to let us know in the comments section below!

Thanks for reading!

Have any questions or feedback ?

Leave a comment below!

Get new MSP knowledge first - subscribe!

Receive all our free MSP content by email and get notified first when we release new eBooks and announce upcoming MSP webinars!

mm

Andy Syrewicze (Chief Editor)

I currently have the distinct pleasure of acting as a Technical Evangelist for Altaro Software, makers of Altaro VM Backup. I’m heavily involved in IT community, on Altaro’s behalf, in a number of different ways, including, podcasts, webinars, blogging, public speaking, and acting as the chief editor of all Altaro blog platforms.

Prior to that, I spent the last 15+ years providing technology solutions across several industry verticals working for MSPs and Internal IT Departments.

My areas of focus include, Virtualization, Cloud Services, VMware and the Microsoft Server Stack, with an emphasis on Hyper-V and Clustering.

Outside of my day job, I spend a great deal of time working with the IT community, I’m a published author, and I’ve had the great honor of being named a Cloud and Datacenter Management MVP by Microsoft.

I have a passion for technology and always enjoy talking about tech with peers, customers and IT pros over a cup of coffee or a cold beer.