I'm watching the World Chess Championship match between Magnus Carlsen and Sergey Karjakin with one eye while I'm writing this article. The similarity between doing IT work and playing competition-level chess is striking. Both require that you develop strategies for building impregnable defenses and carefully planning your attacks. Both need you to think several moves in advance to ensure you're prepared for anything your opponent might throw at you. And at the end of the day, both can leave you exhausted. How does this apply to managing BIOS configurations for systems on your network?
To update or not to update?
But before we look at a few ways of handling BIOS configuration management, let's first take a step back and ask a question: Do you really need to keep the BIOS on your systems up to date? I asked a few of my IT pro colleagues for their opinions on this and was surprised that many of them said their answer to this question was a firm negative. "In a business case, I'd recommend against updating the BIOS," says Rich Ernst who holds a BA in Computer Science and has been working with PCs for many years. Rich adds, "If a specific computer model or application requires an update, then do it. If the systems are working fine, don't change it." This recalls to mind the well-known saying, "If it ain't broke don't fix it," which is attributed to Bert Lance, the director of the Office of Management and Budget in Jimmy Carter's administration as U.S. president.
David Hay-Currie, the Director of Information Technologies for a midsized business, went into more detail about the value and dangers of updating BIOS configurations. "I would challenge the value of BIOS update because everything is ROI," he says. "A BIOS will have four to six updates the first year, and then go down to two updates for the next few years. If you mess the upgrade process you could brick the computer. So again, is there enough ROI?" This idea of measuring the value of your time as a system administrator is an important one. I can remember keeping a logbook of everything I did each half-hour of a workday so I could get a realistic picture of what I was actually spending my time on. That may be a bit on the obsessive-compulsive side of things, but the point is time is money, so you need to be efficient with your time if you value the revenue your business brings in.
Things become a bit more complicated in this area now that cloud computing is taking over the IT business world. Updating the BIOS of a cloud-hosted virtualization host on which your company's virtual servers are running is something that is beyond your control. You don't have access to the underlying host system on which your server workloads and applications are running; those belong to the cloud-services provider you're paying to host your company's workloads.
But what if your cloud provider decides they need to update the BIOS on their host machines? They may not tell you in advance about this, and if something goes wrong and their host systems go down, your cloud-based applications and services might get interrupted. Of course, cloud providers will likely perform tests in advance to ensure that this kind of SLA-breaking disaster doesn't happen for their customers. Still, you never know, so my advice is to make sure you get it into your contract with them that you will be notified well in advance of any planned host system maintenance windows, including those for updating BIOS configurations on their host systems.
Prioritize your systems
Let's now look at some solutions to the problem of keeping BIOS configurations up to date. The first thing to consider is which systems need their BIOS kept up to date and which not so much. A simple approach is to categorize all of your server and client systems as shown in this diagram as either critical or noncritical and whether they are older systems or newer systems. Note that I've left the quadrants blank in the diagram as you'll need to fill them in based on the systems deployed in your own business:
For example, if your servers are more than three years old and are still running Windows Server 2008 or Windows Server 2012, there's probably little reason to update the BIOS on them unless you plan on upgrading them to Windows Server 2016. If some of your laptops, however, are brand new, you'll likely want to keep updating the BIOS on them as the manufacturer releases such updates simply because most laptops get pushed out the door these days before they are fully tested and ready for customer use. Or at least it often seems that way.
Manual updating is OK
Unless you're working in a large enterprise, the manual approach for updating system BIOS will often suffice. David comments, "I have a very mixed environment, and 40 computers are the exact model. Managing manual BIOS update is not bad at all -- an update takes about two minutes, not counting restarts." David also suggests how you can prepare your network for performing manual BIOS updates. "At the basic level, create a folder in the network that you can access with guest credentials and put a folder for HP/Dell/Lenovo, etc., with a subfolder for the model and then the current BIOS with BIOS install file."
Chris Calvert, who runs a computer services business in New Zealand, adds, "If I decide to update BIOS as a regular procedure (large site and many different PC makes), I would group them into similar models, download the BIOS and update them all on the same day. Then if there was a problem, the same fix can be used before moving onto the next model." Chris also mentions that "good recordkeeping will help tremendously."
What about computers that are currently off the network? David says, "We have a lot of Lenovo computers, and they have a software called System Update that updates drivers and BIOS -- and you can remote connect to run it." Other vendors like Dell and HP have similar tools, but you may need to contact your vendor's support contact for these tools as they may only provide them to licensed customers.
Make it a support issue
Keeping the BIOS configurations updated on your client systems is really just another part of normal system support. So "outsourcing" this task to your support team (which might be someone outside your company) is probably a good idea as long as they're trained in how to handle things when something goes wrong. For example, Chris says that "in my case I automatically update the BIOS manually when any PC comes in for work. Since I also replace the HDDs with SSDs at the same time, it is no big job." He adds, "While I am on the manufacturer's site checking BIOS versions, I also take that opportunity to update any drivers that look as if they might need it. For example, if the manufacturer indicates that there is an August 2016 network driver available, I will also load this." David commented similarly: "Rule-of-thumb for me is, if I am working with the computer in person I will check current BIOS version and update if available. Otherwise I will not lose sleep."
The jump up to enterprise environments means you're now dealing with change processes being managed by enterprisewide systems-management tools. In this case, for BIOS updating you're basically dependent on which particular systems-management platform you have rolled out across your organization. It may also depend upon which particular vendor has supplied most of your system hardware and also which version of Windows is running on those systems. For example, if you mostly have Dell systems and are using Dell OpenManage or iDRAC to manage them, the Dell Client Command Suite provides you with tools you can use to manage BIOS configurations and various other aspects of your systems. And as this blog post demonstrates, you can also configure a task sequence in System Center Configuration Manager (if you have that popular systems management platform deployed in your organization) to push out BIOS settings to all your Dell systems.
Unfortunately, there's no one single universal tool that IT pros can use for rolling out BIOS updates across a network. But hey, when I signed up to be an IT pro, nobody said getting from here to there was supposed to be easy!
Photo credit: Pixabay