Symantec, like any other software manufacturer, regularily releases enhancements, patches, software hotfixes and service packs for Backup Exec.
While they'll probably recommend they be installed, how should you, and WHEN should you install them?
There are 2 possible trains of thought on this...
1. Install only when necessary!
IT admins in this category don't want to make changes. It wouldn't be necessary if there weren't any problems, so updates and patches are left till absolutely necessary. Either they don't happen, in which case the argument for this is that it proves the system works until patching is needed. There might also be systems running Backup Exec that aren't able to be taken down readily...hence the need to run Backup Exec on it's own hardware.
However, in my mind, this falls down flat when something happens and patching is required. You're either going to patch BE with the 1 patch needed, in which case it won't take forever. OR...you're going to have to spend a considerable amount of time downloading patches (either via LiveUpdate, or manually, and here it's going to take longer!). Once done, you've got a number of patches to push out to clients, and only THEN are you able to check and see if the issue is resolved.
This means everything is reactive when responding to issues.
2. Patch whenever a patch is released.
The second train of thought...whenever a patch is released, install it! What this particular type of IT admin considers is that it is better to keep up-to-date
with the latest patches, and prevent possible issues from happening. Patches would be proactively downloaded and installed on media servers before being pushed out. It lessens the load of patches to be applied to both media and remote servers at any given time.
I like subscribing to the second option, and install new patches on both my CASO server and main media server (I have about 29 of them!). I let backups run for a couple of days to ensure that there are no issues being experienced before pushing out these patches to the various site backup servers. Once there, it's the usual case of installing them and pushing the patches out to remote servers.
There is also no hard-and-fast rule around patching. You either do it, or you don't, and neither are their any timelines involved. I would suggest patching according to a schedule.
This could take the lines of the following steps:
1. Designate either a test server (if you have the luxury of having a test server) or a media server you work on frequently as the server to test patches.
2. INstall the patch/service pack and let it run for a couple of days to iron out any issues.
3. Once done, begin a phased approach by pushing the patch out (via a copy most likely) to other media servers. I prefer doing this on my media servers with fast WAN links first, followed by media servers with much slower WAN links.
4. If there is any indication of a critical patch that needs to be applied, install that ASAP. There's obviously a reason for that.
Check the Symantec site regularily for patch releases and information. Clicking on a particular patch will tell you what the patch fixes, which is particularily useful if you're downloading and installing patches blindly. You can see what files are changed by the patch, and what issues the patch addresses.
All-in-all, keeping your environment up-to-date is the better option in my mind. Any patches outside of what might already be installed would be new, but keeping yourmedia server patched is proactive work...and what CTO/CIO/client doesn't like to see a bit of proactivity being done to safe-guard an IT environment?