What are accepted practices regarding deploying apps to unattended servers?

Question

I am deploying my app onto a Windows box, that will live in a remote location with no one, who is computer literate, around. The box will be accessible via the internet via the LogMeIn application. So it is fair to say, that no one will physically touch the server for long periods of time.

And the app must be up and running 24/7 and cannot be down.

What are the accepted practices regarding dealing with Windows Update, etc..? Do I let Windows Update do its thing automatically? Ideally, I'd turn the Windows Update off, but the box is accessible, so it's probably prudent for it to have the latest patches. Anyone have any experience with this type of a situation?

Answer 1

Well I guess I misunderstood this intially. Keeping automatic updates on runs he risk of the server rotting over time and becomming unresponsive. Given your 24X7 requirement it would be prudent to install monitors that hit your application every several minutes to get some reporting status back. Unfortunately rolling updates to running Windows applicaions requires reboots many times. Best practices are to have a silent installation for your program. In addition consider a methods to keep parallel versions of your application installed so installing a new version won't encounter locked files. I would personally keep the automatic updates off.

Answer 2

Ensure that the machine is set to turn on in the BIOS in the case of power failures. It may also be worthwhile. You might also want to look into IP enabled power systems (eg. www.synaccess-net.com ... not that I've ever used that product). This way you can reboot the machine if necessary without getting anyone involved at the far end.

If the box is well locked down and behind a firewall then I think you can run with windows update turned off. This will avoid 'unplanned' outages due to its being Tuesday night. If there is an update you feel is needed then by all means apply it. I wouldn't suggest this for a box that is actively being used day to day, but in this limit scenario the risk of not updating can be weighed against the limited use the box sees and the need for high availability/low attack footprint.

For added safety while you are on the box don't use internet explorer, but a well patched alternative (which you can install without incurring the need for system reboots).

Answer 3

I put my Windows servers behind very strict firewalls and turn automatic windows update OFF. Every few months (or possibly longer) I would schedule a maintenance window to apply the latest windows updates. There's not really any such things as a 24x7 Windows server since sonner or later you will have to patch it and eventually that will require a reboot.

You can of course have a 24x7 service based on Windows servers but you'll need a second server to take over the service while the main one is being patched.