In general, SAP does not provide support for environment, meaning if any failure of the SAP system caused by changes in the environment/infrastructure, it is not covered by the SAP warranty.
The reason we do not recommend on-going update of the Windows Server in production system is because the SAP version installed is not fully tested with the new Windows Updates therefore if any failure, the risk is with the user. Furthermore, majority of the updates may sometime not relevant to SAP or not used in SAP. If there is an update that caused the SAP to fail, SAP will not be able to provide immediate fix thus rendering the system to fail.
Microsoft release more windows updates than SAP in a given of time therefore it is not possible for SAP to test all updates. SAP will test latest windows update with the latest SAP version/patch release that is usually not the existing version installed.
Below is our recommended strategies for SAP/SQL Windows Server Updates:
- Do not enable unattended automatic update, this has the risk of failing the SAP services without warning. Such failure may sometime caused the SAP services corrupted. If require re-installation, include all affected integrated services and add-on, it will take minimum 1~2 day down time.
- Review the recommended windows updates, choose only high-risk and necessary update related to security breach. Ignore any function updates that are not relevant to SAP and MSSQL.
- Perform manual update in a Test Server. Provide some time for user to test before deciding to update in production server.
Above does not include antivirus and cybersecurity software and virus pattern update, that can be perform online real-time in production server.