Windows Patch Management, St. Bernard's UpdateEXPERT Page 2

By Marcin Policht (Send Email)
Posted Dec 16, 2004


When client agents are not loaded, UpdateEXPERT uses Remote Procedure Calls to access remote machines (which typically implies a need for reliable networks), requires administrative rights on them, and is inherently less secure (unlike Leaf Agents, for which no additional encryption is involved).

Administrative rights can be handled by specifying alternate credentials for a specific scope of managed computers, running Master Agent in the security context of a domain user account with a sufficient level of privileges, or granting elevated rights to the computer account where Master Agent runs as a Local System account. This last option applies only to an Active Directory environment where computer accounts function as security principals.

In addition, target computers must be able to accept RPC connections, which require such services as RPC, Remote Registry, and Netlogon to be operational. File and Print Sharing must also be enabled (with default administrative shares present).

The capability to operate with both agent-based and agentless clients provides the best of both worlds to select preferred solutions whenever appropriate. You can arrange immediate deployment to a group of clients with no agents installed on them. Avoiding installing client agents may be preferable in situations where system stability is the highest priority, and introducing another piece of software is viewed as a potential risk. However, at the same time, you can also make your distribution more efficient or secure by taking advantage of enhancements that the agent-based technology provides. In some scenarios, this is the more appropriate option.

Several additional features distinguish UpdateEXPRESS from its competitors. It is possible to distribute patches by storing them on portable media (with the "Packaged Updates" feature). This resolves the problem of updating stand-alone clients or those residing on isolated networks. Integration with HP OpenView (via Smart Plug-in programs) offers some interesting possibilities — patch management-related features are accessible from the single interface of the HP OpenView network management console. The plug-in also allows control over the operational status of UpdateEXPERT agents and the monitoring of events generated by them on target systems, and it responds to them in a specific manner.

Like other solutions, UpdateEXPERT features a remote rollback capability (introduced in version 6.3), simplified through the use of Uninstall Wizard. Besides interactive, immediate uninstallation, the procedure can be scheduled and performed simultaneously for several patches. Reboot notification informs clients of a pending restart of their computers, and reboots are minimized through "Smart Reboot Elimination."

St. Bernard boasts of providing its patch management solution with its UpdateEXPERT to an impressive list of clients, including, the U.S. Department of Justice, Federal Aviation Administration, and sectors of the Army. The mix of standard feature and unique features makes it an interesting offer worth considering. For more information, refer to the section of St. Bernard's Web site dedicated to UpdateEXPRESS.

Page 2 of 2


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.