dcsimg

Windows Patch Management, PatchLink Update Page 2

By Marcin Policht (Send Email)
Posted Oct 20, 2004


PatchLink Update's scalability is based on the hierarchical software distribution model known as PatchLink Distribution Point technology (a similar approach is offered by a number of other products, most notably Microsoft SMS and SUS, and Bigfix Enterprise Suite). The model includes one or more layers of Distribution Point servers, which serve as intermediaries between PLUS and their and clients. Intelligence built-into client agents allows them to locate automatically the closest server and use it for patch deployment, resulting in lower bandwidth utilization, improved deployment speed, and increased levels of redundancy. Downloads are performed in the background and can be resumed (rather than restarted from the beginning) should they be interrupted.

Agents deliver a number of other functions, such as inventorying locally installed hardware and software (in addition to keeping track of patches that have been installed) and installation monitoring. This, in turn, enables the rapid determination of installation outcome, which is then reported back to PLUS, and facilitates rollback and uninstallation (through checkpoint mechanism).

One of the unique features implemented through agents is the capability to quarantine vulnerable systems until appropriate patches are applied. This capability, called "End-Point Security Management," isolates and remediates systems that do not meet the policy-based criteria defined on PLUS. Furthermore, agents allow flexibility in deployment options by providing configurable levels of user control over deployment behavior. For example, administrators can specify whether users will be able to postpone installation or reboot. Agent status is verified via a Control Panel applet.

Installation of agents can be automated (depending on arbitrarily defined policy). By performing repetitive network scans, PLUS can detect all systems without client software and can trigger their automatic setup (a less intrusive option whereby the administrative team is sent notification about such systems is also available). Similarly, mobile computers, which potentially might remain outside of the corporate intranet for extended periods of time, are scanned and updated as soon as connectivity to PLUS is re-established.

Administering PLUS is a more granular process than it is for Shavlik or BigFix. It is based on predefined and custom-created roles (such as manager, operator, or guest) and secured by a password required to access the administrative console. Some of rights and permissions associated with these roles are pre-defined (e.g., administrative pages of the console are limited to administrators only), while others are customizable (e.g., limited to a specific set of computers).

For more information and evaluation software refer to the Patchlink's Web site at www.patchlink.com.

Page 2 of 2


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.