Windows Patch Management, SMS 2003 Overview

In the previous article, we described the SMS 2.0 Software Update Services Feature Pack. Here, we review its latest incarnation, as implemented in the recently released SMS 2003. We will conclude this overview of Microsoft’s solutions in this area with a discussion of its recent trends in patch management strategy.

For our final look at Microsoft’s patch management solutions, we overview the latest iteration of SMS 2.0 SUS Feature Pack, as implemented in the recently released SMS 2003, and discuss what’s next on the vendor’s patch management road map.

SMS 2003 contains a number of improvements over SMS 2.0. The enhancements are geared primarily toward increasing performance, scalability, manageability, security, integration with Active Directory, and support for mobile clients. The most notable impact patch deployment functionality. They are the following:

• SMS 2003 Advanced Client was made available for Windows 2000, Windows XP, and Windows 2003 platforms. The new client leverages the latest technologies to be more robust and efficient. The installation software is packaged in the Windows Installer (MSI) format, which offers self-repairing capabilities. Communication with SMS infrastructure is handled via HTTP with XML-based policy files, and distributed software can be cached locally, allowing for downloads over slow and unreliable network links. Downloads are further improved by implementing Background Intelligent Transfer Service (BITS), which communicates with Management and Distribution Points hosting IIS 6.0 components (requires Windows 2003 server).
• New types of server roles operate better in the distributed environment for which SMS is intended. Roles include Server Locator Points (providing information about site structure to newly installed SMS clients), Management Points (serving as communication channels between Advanced Clients and Site Server, relaying status and inventory information in one direction and software installation instructions and agent configuration settings in the other — like Client Access Point servers for standard clients), and Reporting Points (IIS-based Web sites generating reports based on SMS resident inventory information). Like its predecessor, SMS 2003 includes Client Access Points and Distribution Points.
• The capability to create Local and Remote Roaming Site Boundaries (for Advanced Clients only) indicates locations (in terms of IP subnets) outside of the SMS infrastructure and primary network locations. They therefore should be treated differently when performing operations requiring good connectivity, such as software distribution. Local Roaming Site Boundaries contain IP subnets connected via high-speed bandwidth. This not only allows for better handling of software distribution but also prevents the SMS Client from inadvertently changing its site membership. Note that full roaming capabilities require Active Directory schema extensions, which should be carefully considered and planned for, especially in the Windows 2000 environment (where they trigger full Global Catalog refresh).
• A single SMS primary site can contain up to 100,000 Advanced Clients. The recommended maximum number of Advanced Clients for a single SMS secondary site is 1,000 — assuming proper design and the inclusion of such components as Network Load Balancing and replicas of SQL Server SMS database.

>> Feature Changes