1: Patch pre_prod ahead of PROD, not the other way around. That way, if you have an issue with a patch (and if you patch long enough, you'll have an issue) it saves the screaming and threats to your life/reputation/employment status that invariably ensue when you hose down prod with a bad patch (trust me, it's unpleasant).
2: How you manage your patching has a lot to do with how large and diverse your environment is. If you can tell me more about that, I might be able to make a suggestion.
Are you managing servers or instances?
How many of each?
What tools do you have available to do this?
3: Security patches should be implemented on an accelerated schedule to PROD. How accellerated depends on how serious you percieve the issue they address to be. The recent Bash patch went into prod three days after RH released it, it went into "PRE_PROD" the day it was released. The latest "bug fix" patch ground around in "Pre_Prod" for a quarter before I moved it over to prod. What the patch addresses has a lot to do with how much you need to bend your patching schedule to implement it.
Last edited by dijetlo; 11-21-2014 at 05:23 PM.
Reason: Long winded and redundamt
|