One of the most frustrating parts of network management is trying to keep up with all of the available patches that should be applied to the various servers and workstations on the network.
Patch management can be a huge job. After all, security patches aren’t the only types of patches that you need to worry about. It’s just as important to apply other types of bug fixes and service packs. Furthermore, there are also patches for applications, not just for operating systems.
To make matters worse, not all patches are reliable. Anybody remember Windows NT Service Pack 6? Microsoft almost immediately replaced it with Service Pack 6A because it caused so many problems. A more recent example is Windows XP Service Pack 1. In certain environments, this service pack slowed Windows XP network access to a crawl and caused problems with writing data to network servers.
To help you with patch management, St. Bernard Software has recently released a product called UpdateEXPERT. UpdateEXPERT is a software patch management tool that can automatically apply patches to your workstations and servers. In fact, UpdateEXPERT manages patches for a wide variety of operating systems, applications, and server applications. These include Windows NT 4.0, 2000, XP, Internet Information Server, Terminal Server, Media Player, Windows Media Services, NetMeeting, Microsoft Office, Outlook, and more.
One-stop patch updating
UpdateEXPERT has a unique way of managing patches that seems to get around many common patch management problems. The most obvious problem with traditional patch management is that there are just too many patches to track. Rather than requiring you to visit Web sites for each software package, you can simply check the UpdateEXPERT database for any updates available. The research database is organised into a tree view. This means you can either search for a specific patch in the traditional manner, or you can browse through the tree to see what’s available for your specific products.
The best part is that when you're deploying a patch, unstable updates are no longer a factor. St. Bernard Software claims to thoroughly test any available patches for reliability prior to publishing the patch in its database. If you attempt to deploy a patch that UpdateEXPERT considers unsafe, the software will block the installation.
Built-in scripts
Another common patch management problem is that in larger organisations, deploying a patch can be time-consuming. Manually deploying a patch to thousands of workstations is simply not an option. In most cases, you can deploy a patch by writing a deployment script. However, it takes time to write and test these scripts—time that your programmers could better spend doing other things. UpdateEXPERT has deployment scripts built in. Each deployment script is written for a specific patch and is tested for reliability. You can use the UpdateEXPERT interface to deploy a patch with just a few mouse clicks.
Profiling patches
Aside from the deployment issues, there are other problems with traditional patch management as well. For example, suppose a new, critical patch became available for Internet Explorer. Obviously, you'd want this patch applied to everyone’s computer. How would you know if the patch was actually applied to all those machines? Furthermore, how would you know if someone accidentally removed the patch later on?
UpdateEXPERT solves this problem in a couple of ways. First, it allows you to create a profile of which patches you consider mandatory. You can then query each machine against the applicable profile to see if all of the required patches are installed. Next, you can build a report verifying exactly which patches are on each machine. Of course, you can also have UpdateEXPERT automatically deploy any patches that are missing. Best of all, the tool contains a built-in scheduler. This means you can schedule such operations rather than having to run them manually.
You aren’t limited to using a single profile across the entire network. You can create a variety of profiles and assign these profiles to groups of machines. For example, you might create machine groups by operating system, service pack level, or even by a machine’s assigned OU within Active Directory.
Accessibility agent
Yet another challenge of traditional patch management is accessibility. For example, suppose you have a Web server that is accessible to the public via the Internet. Since the Internet is such a "hostile" environment, you’ve probably taken many steps to make sure the Web server is as secure as possible. The problem is that high security environments usually block any attempts to remotely add any software to the machine.
Normally, when UpdateEXPERT needs to update a machine, it does so with RPC calls. However, in a high security environment or on machines that are tightly locked down, RPC traffic is often blocked. To get around this problem, UpdateEXPERT offers an optional agent component. You can apply this agent to secure machines, and it will allow the machine to communicate with UpdateEXPERT in spite of other security settings.
In case you're wondering, all components of UpdateEXPERT, especially the agents, are designed to be secure. All UpdateEXPERT transmissions are encrypted and CRC checks are run against patches before the patches are applied. Another nice security feature is that an administrator doesn’t have to be logged in with an administrator account in order to apply patches to remote machines. Instead, an administrator can create an account whose sole purpose is patch updates. The administrator can then use UpdateEXPERT to delegate the necessary privileges to that account.
What’s new?
One of the software’s newest features is that it can be used as a snap-in for HP OpenView. St. Bernard Software is a solution-level member of the HP OpenView Solution Alliance Program. The OpenView plug-in will allow IT managers to effectively inventory, deploy, test, and validate the increasing number of Windows patches.
Acquiring UpdateEXPERT
In Australia, you can download your 15-day trial software from Dovetail Distribution.
Pricing is based on a sliding scale determined by the number of licenses and number of years that you subscribe to patch updates.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2003 TechRepublic, Inc.
10%
8%
