Keeping up with patching
When listener Mel Vargas first suggested the topic of patching, I was not sure this would work as a topic; however, the Equifax story had just developed and there are many other security related issues that could be prevented with patching. Match that with our guest, Robert Davis, who just happened to publish some articles on patching and I decided we needed to do this episode.
I should never have doubted this as topic. While we are a bit more protected in SQL Server than others, the security threat is still real and this is something everyone has to go through. Robert presents us with some interesting details on how he goes about patching and we think you will find the episode compelling.
“You not being able to be patched for the new stuff, you are really opening yourself up to a variety of attacks.”
“We’re all on the same team ultimately and the success of the application really benefits all of us.”
“There isn’t a security reason to be diligent about patching SSMS.”
“The really good DBA, really proactive one, gets overlooked because everybody else in the company doesn’t see the fires that you’re preventing.”
“Learning to speak up for myself and to publicize the things I do definitely was one of the best things I had to learn how to do.”
Listen to Learn
01:08 Episode Topic: Patching
02:19 Why should we care about patching and what it helps to do?
06:26 Maintenance window, automated patching and system center
07:56 Octopus: Patching Automation Tool, automation tools
2:52 Deploying and rebooting, and restarting services
15:48 Do you really need to update SQL Server Management Studio for security reason?
19:44 Cumulative updates in Azure
22:34 Windows patches and SQL Server patches, failover cluster, availability groups
26:39 Patching testing
29:07 Scenarios and issues when trying to do install updates or patching
36:32 SQL Family questions
Robert is a SQL Server Certified Master, MVP, and has spent 17+ years honing his skills in security, performance tuning, SQL development, high availability, and disaster recovery. He served as PM for the SQL Server Certified Master Program at Microsoft Learning, and in various roles at Microsoft specializing in SQL Server administration, development, and architecture. He currently works as a Database Engineer at BlueMountain Capital Management where he spends a vast majority of his time tuning massively parallel queries. Robert feeds his passion for security by acting as co-leader of the PASS Security Virtual Chapter.
Meet the Hosts
With more than 10 years of working with SQL Server, Carlos helps businesses ensure their SQL Server environments meet their users’ expectations. He can provide insights on performance, migrations, and disaster recovery. He is also active in the SQL Server community and regularly speaks at user group meetings and conferences. He helps support the free database monitoring tool found at databasehealth.com and provides training through SQL Trail events.
Eugene works as an independent BI consultant and Pluralsight author, specializing in Power BI and the Azure Data Platform. He has been working with data for over 8 years and speaks regularly at user groups and conferences. He also helps run the GroupBy online conference.
Kevin is a Microsoft Data Platform MVP and proprietor of Catallaxy Services, LLC, where he specializes in T-SQL development, machine learning, and pulling rabbits out of hats on demand. He is the lead contributor to Curated SQL, president of the Triangle Area SQL Server Users Group, and author of the books PolyBase Revealed (Apress, 2020) and Finding Ghosts in Your Data: Anomaly Detection Techniques with Examples in Python (Apress, 2022). A resident of Durham, North Carolina, he can be found cycling the trails along the triangle whenever the weather's nice enough.