SQL 2008R2 Uptime

  • Hi!

    One of my customers don't care about OS or SQL updates, it forbids me to apply it, as much as I'll argue

    Not they have a reason for that, but once it's installed don't touch anymore. 🙁 🙁 

    Look at this uptime !!!!!!

    What should I do ? 

    |-Starting Uptime
    Category  Information Current_Time    Last_Startup    Uptime
    ----------- ----------- ----------------------- ----------------------- --------------------
    Information Uptime  2018-12-21 10:01:13.140 2015-11-19 15:19:36.170 1127d 18hr 42min

    |-Starting Windows Version and Architecture
    Category  Information OS_Version        Service_Pack_Level   Architecture Machine_Name                                                                                  NetBIOS_Name                                                                                  System_Manufacturer                                     System_Family                                                                                  System_ProductName                                                                                BIOS_Vendor                                                                                  BIOS_Version                                                                                  BIOS_Release_Date                                                                                Processor_Name
    ----------- ----------- ------------------------------- ------------------------- ------------ ---------------------------------------------------------------------------------------------------------Information Machine  W7/WS2008R2       Service Pack 1    64    SRVxxxxxxxxxx\P01

  • What do you mean what should you do? If you can't control it there's very little you can do. Have they given a reason for not following good update processes? Considering that it hasn't been updated this year then the server is most definitely patched against the Spectre and Meltdown vulnerabilities; which are major concerns. This also means that, very likely, the company isn't compliant with certain regulations within your country; certainly if you're within the EU zone, or deal with it, you are GDPR compliant and so you could be facing huge fines in the event of a breach.

    If you're not the one in power, however, and you've raised your concerns and they are ignored, there's very little left you can do however. The only other thing you could consider is going down the whistle blowing route if you have/are suffering breaches as a result and the company isn't reporting them (but that only really applies if you are within or deal with the EU zone, or similar GDPR regulations).

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • Thom A - Friday, December 21, 2018 5:01 AM

    What do you mean what should you do? If you can't control it there's very little you can do. Have they given a reason for not following good update processes? Considering that it hasn't been updated this year then the server is most definitely patched against the Spectre and Meltdown vulnerabilities; which are major concerns. This also means that, very likely, the company isn't compliant with certain regulations within your country; certainly if you're within the EU zone, or deal with it, you are GDPR compliant and so you could be facing huge fines in the event of a breach.

    If you're not the one in power, however, and you've raised your concerns and they are ignored, there's very little left you can do however. The only other thing you could consider is going down the whistle blowing route if you have/are suffering breaches as a result and the company isn't reporting them (but that only really applies if you are within or deal with the EU zone, or similar GDPR regulations).

    Hi Thom A,

    The reason customer gave to me is that "Somehwere in time, one patch, gaves-me hours of work, reparing one instance. No more patching after this."
    Me: "But, but, and error correction and security ? You don't have concerns ?"
    Them: "I'know, I'm the customer, I'm the boss"  - Something like that....

    But, thank your reply give-me more points to argue.

  • pedro.v.cardoso - Friday, December 21, 2018 5:15 AM

    Hi Thom A,

    The reason customer gave to me is that "Somehwere in time, one patch, gaves-me hours of work, reparing one instance. No more patching after this."
    Me: "But, but, and error correction and security ? You don't have concerns ?"
    Them: "I'know, I'm the customer, I'm the boss"  - Something like that....

    But, thank your reply give-me more points to argue.

    But surely they have a dev and UAT environment to test against. Without trying to be rude, however, if that is the attitude of the person I would really want to sever ties with them. At best, if you are responsible (in some way for them), make sure you document all your attempts to help them patch, have copies of the phone calls or emails available. Then if something does occur (like a breach) you can evidence you have tried everything to try and get the customer to update their product.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply