none
Can Windows Server Update Services help with my Medical Device Maintenance Plan?

    Question

  • Hello Knowledge Experts,

    I'm looking for solutions for the following scenario:

    I have a maintenance design plan in which I need to control the windows patch level for a regulated device.  At some point in time I need to snapshot a known set of patches and make that the distribution release configuration. I need the ability to do offline patches with a known set of updates. The reason, the device and its configuration must be validated and verified through our QA process.  After which strict change controls are in place to avoid any risks associated with change after final validations.

    Three Challenges:

    1. Determine and record a set of patches which will become the release patch level.

    2. New machines out of the box must be patched and configured to the above patch level can be offline or online.

    3. Machines in the field which require an upgrade of our software in the future must be patched to the verified configuration of patches, offline. The machines in the field have no network access; and must be patch via CD/DVD/BlueRay or USB.

    I'm not familiar with Windows Server Update Services so any articles or documentation links for also be appreciated. If I’m barking up the tree; what options will I have for discovery and installation of individual patches?  The plan further goes into details around scheduled review of patches for vetting possible impacts to the released systems.

    I’ve looked into imaging the operating system and replicating. But now currently I’m researching manual update options.

    I'll need a solution to download patches, identify them in a record, create media with that configured list for offline installation.

    Thank You!

    Thursday, June 20, 2013 2:43 PM

Answers

  • 3. Machines in the field which require an upgrade of our software in the future must be patched to the verified configuration of patches, offline. The machines in the field have no network access; and must be patch via CD/DVD/BlueRay or USB.

    This is where WSUS will let you down. The WUAgent on a client requires a live network connection to a WSUS server, and the WUAgent installs updates in an 'online' mode.

    There are third-party utilities with which you can download the update installers, burn to DVD, and then patch the client systems with a disconnected connection.

    Another variation on this is to build a private LAB that's used for patching those systems "offline". They would be offline from the primary healthcare network, but they can be "online" in the private LAB used for only patching. In this scenario, WSUS can be used. The updates for the "offline" WSUS server are imported from a connected WSUS server.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, June 20, 2013 9:18 PM