Back to news & views

End of serviceable life – ‘To upgrade or not upgrade, that is the question’

As the owner of a number of business critical applications that have been stable for a number of years, you may wonder whether you need to take the regular software upgrades offered by vendors or stay with current versions. It’s a case of “damned if you do, damned if you don’t”. If you leave current versions installed you will be open to increased risk of hardware failure, and software versions no longer supported by vendors or your hosting organisation. If you bite the bullet and upgrade, you may face substantial and costly upgrades that can put on hold BAU upgrades that deliver increased functionality and value.

Like so many operational issues, this is ultimately a business risk decision:

  • While you may not want to take every vendor offered upgrade, those that address “in the wild” security issues with infrastructure services that are being actively exploited, particularly those that are internet facing, are a must have. Remaining at a software version that is offered regular security upgrades is key – organisations still running business critical applications on Windows 2000 ,for example, are now running without regular (monthly or even more frequent) patches. Do you want to risk your hosting organisation disconnecting these servers from the network in the event of a security issue being identified?
  • Hardware errors often manifest themselves either shortly after installation, or several  years later (the “bath tub” profile). With servers typically having component support from the vendor guaranteed for 5-7 years following product line release, can you be sure that you can still source a motherboard or disk drive in the event of server failure? Are you prepared to trust in the “second user” market scavenging on eBay for critical spares to address an outage? Perhaps this is an opportunity to migrate to virtual infrastructure.
  • Don’t discount the “consequential impact” – upgrading one component may force you to upgrade another component. These impacts could be deeply buried in the infrastructure stack – an upgrade of SAN firmware  may force you to upgrade server hba software, which in itself may entail an upgrade of operating system. You wouldn’t want to be planning that in a hurry to address an operational outage. This is where equivalent pre-production environments can help give assurance.

So what should you do?

Our recommendation is that you take an enterprise view of the risk rather than considering on an application by application basis. Your Configuration Management Database, provided it is accurate, should allow you to accelerate your decision making. By building a picture of your infrastructure stack and the vendor support policy (whether it is N-1 versions supported, or for a minimum time period following release), you can formulate a roadmap of upgrades that deliver in bite-size chunks alongside your  regular functional upgrades. This can then be used as the basis for agreeing the appropriate work in conjunction with your business stakeholders. That should minimise the impact, and avert the bloodbath seen at the end of Shakespeare’s famous play.