Last updated June 2020
These are the guidelines/standards used by Tufts Technology Services (TTS) Enterprise Infrastructure and Operations (EIO) team for non-critical systems/server patching including all routine/preventative (server & database) maintenance. The information on this page is primarily for internal TTS purposes, for IT partners across Tufts, and to share information with the Tufts community that shows how these standards and maintenance windows provide for necessary patching to keep our systems safe, secure, and up and running.
Routine/Preventive (Server and Database) Maintenance means the application of non-critical server and database updates and security and bug fixes.
Server and Database software vendors routinely release updates and non-critical security and bug fixes to their products at intervals throughout the year. Tufts is entitled to these updates and fixes under the terms of software support agreements. At Tufts, this policy applies to EIO-managed servers running Red Hat Linux and Microsoft Windows Server along with EIO-managed Oracle, SQL Server and MySQL database instances.
Implementing routine/preventative server and database maintenance typically requires service downtime. To minimize any potentially negative impact on end users but still get the full benefits and value from applying routine/preventative maintenance, EIO will only perform routine/preventative maintenance at predictable times when user activity is known to be low and user impact is limited.
Routine server maintenance will be done as follows:
- The application of Routine/Preventive (server and database) Maintenance with a server reboot will be done two times each year:
- At agreed-upon times during July – August
- At agreed-upon times during December – January
- Routine/preventative (server and database) maintenance (i) that has no potential for any impact on service delivery or (ii) that only affects servers not “visible” to customers will be done during the following windows:
- Monday – Friday between 6 AM and 6 PM.
- Routine/preventative (server and database) maintenance with a low risk profile will be done during the following windows:
- Monday – Friday between 6 AM and 8 AM
- Monday – Friday between 8 PM and 10 PM
- Routine/preventative (server and database) maintenance needing post-change, early morning validation will be done during the following windows:
- Monday – Friday between 6 AM and 8 AM
- Routine/preventative (server and database) maintenance work with a high risk profile or the potential for having a large impact is done during the following window:
- Sunday between 6 AM and 10 AM
- When agreed upon by both TTS personnel and customer, routine/preventative (server and database) maintenance can be done during a window other than one of those listed above.
Note: As each round of maintenance is done, EIO personnel will document progress in Box under C:\...\Box\ES Patching\YYYY-Winter\ or C:\...\Box\ES Patching\YYYY-Summer\ where YYYY is the year when the then current patching was started.
- April / October
- OIS/EIO/EA/Web/Service Design hold an initial meeting to review high level scans and/or any other information to consider during the imminent patch cycle.
- May / November
- EIO management selects the current patch cycle’s Team Lead and patching team.
- The Patching Team Lead updates the mailing list, announces the current patching cycle, and with the team, plans out the next iteration of Routine Server and Database Maintenance patching.
- The preliminary schedule is vetted and negotiated with server owner(s) and/or affected client(s).
- The team lead publishes VM schedules and “specials.”
- June / December
- The team identifies and tests repositories/patches.
- July - August / January - February
- Non-production (Dev, Test, Stage) VMs are patched and verified.
- OIS does scans to assess patching impact.
- August / February
- EIO team completes production patching prior to Start-of-Semester.
- OIS scans and assesses any remaining risks and remediation / mitigation.
- OIS/EIO/EA/Web/Service Design – meet to close the patch cycle
Affected EIO management will review this Standard annually.
Routine/Preventive (Server & Database) Maintenance Standard
Last Revision/Review Date:
Information Technology Standard Administrators