Patch Management Solution?

Question

I'm currently in the process of looking for a patch management solution. The solution would need to be able to patch both MS software and 3rd party software like Adobe. It will also need to be able to patch computers outside of the network.

What is the best solution for this scenario?

A similar question has been asked before http://serverfault.com/questions/21752/what-is-a-good-patch-update-management-server/21772#21772 — Tubs, Oct 26 '11 at 15:08

score 2 · Answer 1 · answered Oct 26 '11 at 07:57

Tivoli Endpoint Manager (previously BigFix) does Windows & Linux/AIX/Solaris patch management and also patches some 3rd party apps including Adobe products, Java, Firefox, Chrome.

They have a relay mechanism which allows you to target endpoints outside the LAN just as well, you just need a relay server on a DMZ and a couple of firewall rules.

score 1 · Answer 2 · answered Oct 26 '11 at 07:35

WSUS can handle the Microsoft stuff as well as some 3rd party apps. If you setup your remote machines with Windows Direct Access (or some sort of auto VPN connection) then can use it as well. If they can't VPN in you can setup WSUS with a public name and have those machines update via that URL by setting the reg keys manually before you deploy the machine.

Personally I like making the machines members of the domain and using direct access so that they automatically connect as needed to access internal network resources.

It was mentioned to me that WSUS allows you to create updates now as well. — Tubs, Oct 26 '11 at 14:57

Patch Management Solution?

2 Answers2