I'm still confused about the terminology. Please, can you confirm and/or fix my interpretation?
critical: not a security fix, but something seriously broken is fixed here.
security: a security fix, something seriously broken is fixed here and a security hole is closed.
cumulative: just use this if you have missed a lot of stuff and you have a long queue updates otherwise. Download this bulk huge fatty thing and align with upstream.
all other types... really too many types here, do they really worth?
Now the second question.
Having an hyperv server 2016 should I need to install critical fixes? I mean: if I do not notice any misfunction should I patch? to me it is right to patch as you never know when a critical bug will hit your usage.
Also, as a general rule I patch manually and I always require recommended updates only. Then I choose what to install.
I do at least Critical, security, and definition updates to all servers, hypervisors included.
For Windows10 desktops, I do everything.
Also gives you (if you use GIT like we do) a record of when the port was opened, why and when it was closed again.
How does that work?
You commit your change to your local file system on your workstation. Then you commit it to the GIT repo. When you do this, GIT stores your change as well as the previous state of the system and you add a comment when you commit. This gives you a chance to say "Opening port to work on PBX" or whatever. Then when you are all done, change the firewall back, commit it, comment again saying you are done and closing it and it closes itself.
We assume that not only does buying the most expensive, most famous products will be judged well compared to less expensive or less well known ones. We can also assume that but that those in Management see buying products is seen as beneficial to not buying products; even though often the best IT decisions are to not buy things when no need exists.
We are long past the point where running systems non-virtualized is considered acceptable
/me looks around at servers
I think it's ok to not virtualize :)
Doesn't BB cluster their entire farm? I thought virtualization was an effective necessity at that scale. You manage the servers without them being clustered in any way? I thought that the pods were nodes in a single farm
Oh they're clustered. I was thinking of a specific pod not being virtualized by itself. As in they aren't running a hypervisor. And we do have virtualized stuff around too. :P
That cluster is really the virtualization, the nodes are below that level. We had another thread discussing this previously. Clusters are not always virtualized at the node level because the node is like the CPU, not a server and the entire cluster is really the computer and the cluster manager is the real hypervisor. Workloads run on the cluster, not on the nodes. Each node remains replacable as just part of the overall "Computer" which is, virtualized.
@Jimmy9008 keep in mind that resulting availability and risk aren't the same thing. Any five nines system is expected to hit six nines nine out of ten years. It's the average over the operating lifespan, not over a set interval. Otherwise any normal interval that you select would have 100% uptime.
So there are two ways to look at it reasonably...
Resulting Availability Over Operational LifetimeExpected Availability Over Operational Lifetime
The first is what an individual system actually provides. The second is the average of all systems configured identically, over all of their operational lifetimes.
The first you measure. The second you project with simulations.
In extremely large systems, like BackBlaze, they get close approximations to the later through measurement because they look only at small components (like hard drives) of which they have substantiation numbers to create a reasonable approximation to a full number.
When I was on Wall St., we had 80,000 servers in our pool and so we had actual risk and availability numbers for the industry in datacenters like ours. But it still only told us about a handful of server models, and only under our exact conditions. And it still took a decade or more to produce meaningful numbers, and those numbers only applied to the servers of the past, not the ones being installed new.
IT leader: “Wow, I think this developer is great.”
HR: “Really? What do they do?”
IT leader: “They built this excellent application.”
HR: “Well, are they better than the other developer who built ten applications?”
IT leader: “That depends on what you mean by 'better.'”
After all...that 1 application happened to be called Google.
I see where he is coming from. Asking a question on this forum can be intimidating. For me personally I love it, I like being proven wrong, I like going to head to head. I have never won a debate with @scottalanmiller, and I like that, I learn from it. From what I have gathered in life a vast majority of people don't like this feeling, and take it personally.
In fact, there was a little bit where I slowed in asking questions, because of the BS some people posted against me.
But that didn't last long. I said "F IT" and just posted what I wanted to. I'm here to learn and grow, and if people don't like it, they can ignore me.