Cisco Unity Servers Should Not Allow Microsoft Automatic Updates?
I was having a conversation with Brad Beaber, one of the Senior Network Engineers for my company, 3t Systems, earlier today and we were having a conversation about Microsoft patches on Cisco Unity servers.
A Cisco Unity server ties into a Microsoft Exchange infrastructure to provide Unified Communication (voice mail, etc) capabilities for the organization when used in conjunction with Cisco phone hardware.
One comment Brad made that peaked my concern was related to Microsoft patches. According to Brad, Cisco servers should not have Automatic Updates enabled. Instead, these servers have their own patching engine that talks not to Microsoft, but to Cisco for Microsoft patches.
Cisco is ponying up to quality Microsoft patches for their servers? Sounds like a tall order to me. According to Brad...
For Unity, Cisco doesn't modify the patches from Microsoft. They usually test and publish the approved patches for download. They recommend turning off auto updates so you only apply tested updates.For Exchange they say to keep the service pack level the same, the Exchange management tools are also on the Unity server. They also supply a headless CSA agent for their Unity and Call Manager servers which locks them down.
For Call Manager they roll up their approved patches into a single executable that updates the OS. They track the OS versions differently because there is some compatability to versions of Call Manager. They will have versions like 2000.2.7, 2000.4.4a, etc. The hardware platforms are also controlled so they roll out drivers and bios updates for the approved or rebranded HP and IBM servers.
Unity servers are part of a domain or their own domain if you are not using unified messaging since exchange is the message store for the voice mail.
What do you think about this practice? I've seen this before with other companies, trying to "control the message" with patching to prevent any conflicts with their products. Is this a good idea? I have my concerns, but I'd love to hear yours...