SolarWinds Patch Manager (SPM)
Every company needs an IT professional who ensures that all their server and client software has the latest patch. Failure to meet compliance regulations could have disastrous effects for the company.
Microsoft has a proven product called WSUS (Windows Server Update Services), which handles all the operating system patches and also takes care of MS Office updates.
The problem arises when non-Microsoft companies such as Adobe, Sun or Mozilla release updates, the question is: 'How do you patch third party software?' The answer is not with WSUS itself, but with SolarWinds patch management add-on.
Try SolarWinds Patch Manager free for 30 days.
SolarWinds Patch Manager (SPM)
SPM has a proven track record for software update management including reporting and scheduling. As you can see, it extends the WSUS management console, and also incorporates Microsoft System Center Configuration Manager (SCCM).
It's reassuring that you don't need to know PowerShell scripting, or learn the Microsoft command line parameters, because the packages are delivered by selecting options in SolarWinds' GUIs.
Examples of Patch Manager Catalogues
- Java (Sun)
- Flash (Adobe)
- Chrome (Google)
- Firefox (Mozilla)
- iTunes & QuickTime (Apple)
SolarWinds Patch Manager also looks after the native Windows Update service, for example it can repair common problems you experience with the built-in update agent.
Patch Management Software Strategies
Overall Strategy
The purpose of SPM is to push out patches, which companies such as Mozilla or Adobe provide. Alternatively, create or customize your own update 'packages' with built in rules and logic; for example, check the version number then only patch if it's newer than the existing software, or, terminate a process before installing.
The point is that because WSUS does not handle patching for non-Microsoft software updates, you need a good add-on to take care of this important maintenance. Fortunately, SolarWinds provide SolarWinds Patch Manager for this very task.
Packages
One tactic would be to pull software from a vendor's site using FTP. Alternatively, you could download the packages, deal with the Sun or Adobe licence agreements, and then import the package into Patch Manager manually. First choice would be the .msi format, but .msp or even .exe are alternatives.
Publication
I love options. SPM gives you lots of deployment choices, from servicing a whole Active Directory Organizational Unit (OU), to patching just a few specific machines.
Rules
There are three types of rules, prerequisite (Adobe reader needs Explorer), applicability (software xyz must already be present), installed (if version Equals 1.5). Take the time to experiment with rules, for example, just publish approved patches, and reboot only if required.
Schedule
Set the time-of-day, start date and frequency. You may like to schedule a 'Patch Sunday' in the week after Microsoft's 'Patch Tuesday'.
Reports
SolarWinds have improved the reporting in Patch Manager 2.1; as a result it's easier to check your compliance, for example, view the status for security and critical updates released on "mm/dd/yy" for Adobe Reader. I like the option to email the results only if there a patch fails or is missing.
Distributed Architecture
Your first installation will be the Primary Application Server (PAS), but you can deploy additional Patch Manager servers to distribute the workload, and thus save bandwidth. It's worth noting that the SPM operates on TCP port 4092. Good news no extra licences required for second or subsequent Patch Manager servers.
Patch Manager Video
Here review the SolarWinds Patch Manager software with Kelly Tice.
Installing SolarWinds Patch Manager Utility
The following factors make setting up the patch manager easy:
- The pre-requisites for the server operating system are undemanding, Windows 2003 or later Windows Server.
- The clients or ‘Managed Computer’ can be any Microsoft operating system from XP to Windows 8.
- SPM is an agent-less product.
- The SPM has clever installation routines, which will not only go out and get WSUS or SQL as needed, but also add WMI providers.
Guy’s Litmus Test: Neat intelligent install routines, such as for Patch Manager, are a clear indicator that the product will be good. For example, once SPM is installed the Configuration Wizard scans your network for domains and workgroups, and then displays the results in a list.
How to Build a Package to Patch for Your Machines
Strategy reminder: Firstly, download your 3rd party package, secondly publish the package, and thirdly approve ready for deployment.
Begin by navigating in the Patch Manager Console to "SolarWinds, Inc. Packages", click on "New Package".
Enter the basic information, such as Name of package, Product to patch and select reboot behaviour.
At the Prerequisite screen we add a rule to check the Windows version of the target machines.
Now we come to the key menu, decide HOW to install, note that the command line instructions are stored a Transforms .mst file.
Copy the Product ID to the clipboard, the number is created automatically just below the Package type {E59C88B3-8C59-43A0-846D-B8AFC36D78C6}.
Applicability Rule
Check that the product has not already been installed. The logic is:
If not {E59C88B3-8C59-43A0-846D-B8AFC36D78C6} then this software can be installed.
Installed Rules
Tip, to add this information it helps if you have already gathered information such as the registry key values from an installation on an existing machine.
What the above rule does is ask the Windows Update Agent to check in the Registry for a specific key, and then build the path to the file name
[C:\Program Files (x86)\SolarWinds\Agent\SolarWinds.Agent.Service.exe.] Next it extracts the version information from that location and compares is to the version we entered when during the last step of creating the rule [see 1.0.0.866]. If the value is equal then we know that the software installation was successful.
Publish and Approve
From now on the procedure for managing your package is just the same as for any package you obtained for Adobe or Sun, just right-click your newly created patch and select "Approve".
A Reminder of the Patch Management Cycle
The more involvement you have with updating software, the more you realize the need for good project management. SPM will help you make decisions such as which computers need a particular category of patch, whether to wait for approval, or in the case of security patches, to roll them out automatically.
In many companies ¾ of computer costs are maintenance, thus the key to saving time and money is with software to automate procedures based on your business logic. SolarWinds Patch Manager will exceed your expectations, for example, in addition to keeping all your computers’ software up-to-date, it can discover machines which are imperfectly configured.
Reporting is also one SPM’s strengths, in addition to listing which patches have been applied to which machines; you can easily get inventories of device drivers, services and other computer components.
Try SolarWinds Diagnostic Tool for WSUS Agent
In addition to Patch Manager, SolarWinds also supply a completely free utility called the Diagnostic Tool for WSUS Agent. It enables you to check that a Windows client machine is getting updates from its local Windows Server Update Service server. See more on the Free Diagnostic Tool for WSUS Agent.
Summary: SolarWinds Patch Manager Review
Good IT professionals ensure their servers are patched. Microsoft has a great product called WSUS (Windows Server Update Services), which handles all the operating system patches. But what about Sun, Adobe or Apple software? For that you need an add-on for WSUS such as SolarWinds SPM.
More Free and Trial Network Software
Here are Guy’s reviews, recommendations and download links for additional handy utilities. Many of these programs are completely free, while others are fully-functional, but time limited. One common theme is that SolarWinds give you a free specialist tool ideal for testing, and then supply a more comprehensive suite for bigger networks. To let you into a secret, for small networks, the free tool is all you’ll ever need.
• Free Real-Time Network Monitor • Review SNMP Enabler • Review Network Traffic Analyzer
• Review of DameWare Mini Remote Control • DameWare Utilities • Diagnostic Tool for WSUS Agent
• Dameware Remote Support • SolarWinds LEM • Review of SolarWinds Patch Manager • Home