Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Tips for keeping networked Linux systems up to date (part 1)

Patch management can be automated in a number of ways

Article comments

This article is excerpted from the book Linux Patch Management: Keeping Linux Systems Up to Date , published by Prentice Hall Professional, as part of the Bruce Perens' Open Source Series, in January, 2006. Copyright 2006 Pearson Education.

This is the first part of a two-part article. The second part follows on Monday.

Linux patch management in a network

If you have a substantial number of Linux computers, it may be cost effective to buy, configure and dedicate one or more computers to the patch management task. For example, assume that you have a network of 100 computers, and patch management requires that each of these computers downloads 20MB per day. Downloading an additional 2GB per day, every day, can be expensive on business-level Internet connections.

Some packages, such as those associated with the suite, require several hundred MB to update. If 100 computers on your network download these packages simultaneously, this can overload many business-level Internet connections. For example, it could take all night for 100 computers to download this amount of data over a T3 connection. This type of connection can easily cost upwards of $10,000/month.


Common higher-speed connections for business start with dedicated "T1" lines at 1.44 Mbps. T3 connections support 45Mbps. Multiple and fractional connections are available through 620Mbit/sec and even higher speeds. While a certain quality of service is often guaranteed on these connections, prices often start in the hundreds of dollars per month.

If you're in a country that encourages the market to provide inexpensive high-speed connections, such as the Republic of Korea, you may be able to let your network grow larger before considering a proxy server. On the other hand, if you're in an area where Internet connections are more expensive or less reliable, you may want to consider patch management even if your network includes only two or three Linux computers.

If you can configure a proxy server, you could download Linux patch data once from the Internet, and then the 100 computers on your network could download the patches locally. You would then save the additional costs for your Internet connection.

Depending on the number of computers that require updates, you may want to configure more than one patch management proxy server for your network. While details are beyond the scope of this book, you should consider several factors before making this decision:

  • Marginal costs; what is the additional cost required if all your systems accessed a remote repository through the Internet?

  • Network capacity; for example, whether your network conforms to Ethernet or faster standards. The Red Hat hardware requirements for proxy servers specify computers with Gigabit Ethernet adapters.

  • Control; if you have subscriptions to a Linux support service, you may prefer to store those subscriptions on a local server. Some subscription services make this possible.

  • Frequency of updates; how often do you need to update or synchronise each of your proxy servers with each other and a central repository through the Internet.

You can examine some of these factors in the following sections.

Rigorous hardware requirements

Any computer that you configure as a local repository for Linux patch management meets the definitions of a proxy server. It caches content from the Internet for use by multiple computers on your network.

As suggested earlier in this chapter, Red Hat includes some fairly rigorous requirements for Red Hat Network Proxy Servers. It's unlikely that you'll be able to recycle an older workstation for this purpose.

Storage/CPU/network specifications

If you're configuring a new computer as a Linux patch management repository, you should first consider any recommendations from your distribution supplier. Among others, Red Hat and Novell/SUSE have experience with caching content from the Internet.

In general, CPU speed is less important on a proxy server. If you've dedicated a computer as a proxy server, you're not expecting it to run many independent programs. However, if your network includes a substantial number of computers which need access to your local repository, multiple CPUs can be useful. The important hardware requirements of a proxy server repository include the following:

  • Network connections. If you have a limited budget for network hardware, it's worth focusing the latest hardware on your repositories. In other words, make sure that computer has the fastest network cards, along with faster hubs, switches and routers nearby, when possible.

  • Hard drives. Naturally, Linux patch management repositories require larger hard drives for the many GB of data associated with each distribution. Access speed, controllers, and caching size are more important on a proxy server.

Hardware reliability may be less important on a Linux patch management repository. After all, this computer is essentially just a mirror of data that is already available. If that computer fails, you can reload the data through the Internet. However, if Linux patches are important and time-sensitive in your organisation, your view of this may differ.

This is the first part of a two-part article. The second part follows on Monday.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *