Should I update agents?

While patching is good because you will get the benefit of less bugs, it really comes down to one question; Are you having any issues with your clients? Most of the bugs fixed are in the master and media versions, so its not usually necessary to patch your many clients for some time. This is convenient, as you can take your time getting clients up to date around the schedule of the server admins.

I have found many customers that follow the same idea, Major - patch everything, Minor- patch because you have been working around a bug/security vulnerability or see new added benefit. This has worked well for them.

The simple truth of the matter is that it comes down to how earnest an organization is, what their ethos is, and finally... how risk averse that organization is.  I say it this way, because a backup/storage admin can't make it happen on his/her own - when you get to 1000+ size estate, then you rely on working together with several other teams.  If you all believe that patches must and need to be applied, then it will happen.

I've seen some sites (but in truth not many), where it really is simply treated by all that patches should be, must be, and are... kept up to date.  And, sadly, more sites that are not.

If you have a amanagement team that do understand that without regular patching then you are simply storing up issues for a rainy day, then you are in a good starting position.

Draw a comparison... Would anyone in their right mind not regularly apply the monthly MS patches to their Windows estate?  Probably not.  So I guess there's something in that to be thankful for... that managers have learnt to keep things up to date.  I see no reason why NetBackup clients should not be treated the same way, and many reasons why they should be.

Having said all that - and by your tone/approach - I'm sure that you aware of the concept of diminishing returns.  For many organisations, staff simply don't have the time - because 'all staff' think they don't have the time.  At the end of the day, I think it's a cultural question, and not a technical question.

 

My angle has usually been:

- if there's a critical flaw - patch it.

- if there's a serious bug - then patch those clients that might be exposed.

- any others - then begin the process of estate wide patching of clients at such a point in time that you have them all patched ready before you reach the point in time where your master/media server patching would put the older clients in to an un-supported position.   (i.e. start a long time before hand).

c:\Program Files\Veritas the patch folder on some of my older servers is using over 3gb.

 

You can safely remove subdirectories under  Program Files\Veritas\Patch  if you have no intention of rolling back to older version NBU.

Come down to what you (and your system) need, and if you (and your team) has the time to do the continuous patching. For me, this is like work and it is never-ending, so don't push yourself too hard.

If you ask Symantec (or this forum *wink*), sure you will be advised to keep up with the patch.

I've learned something in my job is to try to get master & media server patched up whenever there is a backup/restore-threatening issue. I don't patch it up every single version - just not enough time. Try to leverage on other customers/peers' experience to find out how good is the patch (some patches are really adding more issues!) before applying them. Skip one or two minor versions is just fine for me. Remember the days where 6.0MP4 , 6.5.4, 7.0.1 were some of those I kept for a long time before finally upgraded to latest patch.

Of course we do have a checklist of what those versions are going to be EOS/EOL, so we can find time to patch the remaining NBU clients before the dates. Even for clients, we segregate them into most critical down to negligible categories, so know the priority and work it out the upgrade roadmap.