Patch management is a vital part of an organization's upkeep, not only does it help you stay abreast of bug fixes and features it can also help decrease security risks by patching vulnerabilities as soon as they are fixed. If you've ever been tasked with taking charge of patch management, especially for 3rd-party products, you'll understand the potential difficulty and complexity of getting the updates out in a timely manner. This is where SolarWinds Patch Manager comes in. SolarWinds Patch Manager extends your existing WSUS or SCCM environment to help you efficiently deploy and automate 3rd-party patches.
Here are the ready to deploy 3rd-party patches available to you with the product, as you can see these cover a lot of the commonly deployed baseline applications.
- Adobe Acrobat Professional, Acrobat Standard, Air, Reader, Shockwave and Flash
- Apple iTunes
- Google Chrome
- Mozilla Firefox
- Mozilla Thunderbird
- Opera
- Oracle/Sun Java Runtime Environment
- QuickTime Player for Windows
- Skype
- WinZip
- RealPlayer
You can also create your own package to deploy via SCCM or WSUS with the Patch Manager package wizard.
I'm not going to cover the installation or initial configuration, as it was pretty straight forward. Let's get straight into a real world scenario.
Using Patch Manager to Deploying Java 7 Update 25
If you've been keeping your eye on Oracle Java, you'll know it's been getting a lot of attention lately and Oracle are releasing some pretty hefty updates. The latest update, update 25 released on the 18 of June contains 40 (yes 40) new security fixes, 37 of which can be remotely exploitable without authentication (Oracle Java SE Critical Patch Update Advisory - June 2013). It's obvious that this update is of high importance, and must be dealt with as soon as possible. So, let's run through how this would look using Patch Manager. I'm going to show the majority of the steps, to give you a good feel for how it all ties together and the time required to get this update out the door.
For this demo I'm going to be leveraging my existing WSUS environment.
After a quick synchronization I see Java 7 Update 25 appear in the Sun Packages group (not long after the update was released by Java itself).
Right click the update you would like to deploy and choose download, this gives you a link to download the executable from Oracle.
Download the executable from the link provided and import the source.
Patch Manager doesn't simply import the executable, beneath the update you'll see several tabs outlining details of the package, prerequisite rules and the like. These are all part of the ready-to-deploy feature of the product and ensure a reliable deployment.
Now right click on the update and select publish package, this publishes the update into WSUS (my DC1) for you to deploy.
The Patch Manager console essentially has the WSUS MMC built into it, meaning you don't have to move far after running through the steps above. Next up is how you want to deploy the Java update we just published to WSUS. There are two main methods. The first is approving the update, just as you normally would with Windows Updates. The Java update would then get deployed to the machine following the schedule you currently have in place for your Windows Updates.
The second option is using the update management feature. Which removes the need to wait for the Windows Update Agent to pick the update up and (in most setups) the user to shutdown their machine. This will deploy the update almost instantly to the selected clients.
As you can see, deploying the Java update using the Patch Manager console is very straight forward. The steps above took me around 5 minutes, from start to the update showing on the client(s). The ability to leverage WSUS for this also adds the ability to stage the updates for further testing in your own environment. I was very impressed at how quick and reliable the process was. This is partly due to what SolarWinds call the Package Boot Helper. This ensures that the pre-install environment is in the right state before applying the update. If you've ever tried to install Java without terminating the iexplorer or Java processes you'll know how important this is...
General Use
I've found the general use of the product fairly straight forward, if you're used to using WSUS and other Microsoft consoles you'll feel fairly at home here. If you do get a little lost the administrators guide will set you in the right direction. Reporting again, is very WSUS-esque providing a nice graphical display and plenty of information and reports to dig into the require data.
There is some additional functionally to be had from the console, allowing you to remotely manage clients within your network. A nice add-on. If you're using the traditional WSUS deployment method with your 3rd-party updates, this will allow you to force a "detect now" on a group of computers to speed up the detection.
Finishing Up
Coming from running SCCM 2012 in my day-to-day environment to trialing SolarWinds Patch Manager, I have been very impressed. Once the software was setup and I had worked my way around the console I could see how this would decrease complexity and time spent testing and deploying updates in the future. I especially like the way you can tag the 3rd-party updates onto Windows update if you're leveraging WSUS. There are plenty of other features and clever bits within the software, but instead of listing everything I really wanted to run you through a real example. To find out more, including the other features of this product please use the links below.
30 day trial of SolarWinds Patch Manager
More information about SolarWinds Patch Manager
Thwack Patchzone - Community Dedicated to the Topic of Patching
The post SolarWinds – Patch Manager [Sponsored Review] appeared first on The Sysadmins.