locked
3rd Party Patching RRS feed

  • Question

  • Looking for some compare and contrast from people familiar with 3rd Party Patching venders.  I have been running our ConfigManager Environment for 3 years now after migrating from a really bad Competing Product (Client Automation).  My Information Assurance group has recently decided that we are not reactive enough or fast enough with third party patch so management is considering 3rd Party Patching addons suchs as Skavlik and Solar Winds Patch manager or other competing Products like IBM Endpoint Manager (BigFix) and Dell KACE.

    So my question is if you have used any of these;
    what was the Catalog like, and how well did the patches preform?
    What was the cost (guestiment)
    Anything special that you liked (or didn't like ) about the product?

    I'm trying to build a good/competitive case and make a well informed decision, I'm attempting to download and play with as many of these as I can, but as I'm sure most of you know... It takes time which is something we lack a great deal of.

    Thanks in advanced for any input and/or opinions!

    Friday, October 10, 2014 3:15 AM

Answers

  • I'll mention the ones I know about which integrate with either SCUP, or with your top level SUP (without technically using SCUP)--in alphabetical order so no one can say I ordered them in any specific way:

    PatchMyPC.Net

    Secunia

    Shavlik

    SolarWinds

    All will scan.  All will patch.  At this exact moment in time (like everything else, 1 product will leapfrog over another from time to time); Secunia seems to offer the most features.  Cost-wise, there are usually price breaks when you have higher client counts, so giving you a guesstimate of cost isn't going to be relevant.  Your best bet is to submit a request for quote to each of the above if one of your main parameters is "cheapest", not "best".

    fyi, there may be more.  The above are just the ones I happened to look at a few years ago.  Maybe there are more since then (or less, for all I know).


    Standardize. Simplify. Automate.

    Monday, October 13, 2014 12:51 PM
  • On the Server side, we've used Lumension (formerly Patchlink) for many years with a lot of success. Everything is delivered pre-packaged and pre-tested (rudimentary against basic boxes). Your server pulls patch packages from Lumension on a regular (daily) basis. Lumension now has some integration with SCCM as well (specific to servers).

    While it's been used primarily for Windows patches, we've used it for delivering 3rd party and a number of home-built changes as well...

    Thursday, October 23, 2014 7:23 PM

All replies

  • This looks really good.

    http://secunia.com/blog/kent-agerlund-takes-a-first-look-at-the-secunia-csi-integration-with-configuration-manager-2012-345

    There is a video he did recently showing some of the cool features.

    Edit: here is link to the video.

    https://www.brighttalk.com/webcast/8113/116381

    Friday, October 10, 2014 8:14 AM
  • Hi,

    You can use SCUP for  third party products, for your information:

    System Center Updates Publisher 2011

    How to install SCUP and configure

    Monday, October 13, 2014 1:59 AM
  • I used this one before: "VMware vCenter Protect Update Catalog" (formely known as Shavlik)

    Most customers however choose to deploy monthly MSP files to update products instead of using SCUP functionality. Reason will be probably complexity and license costs.

    Within SCUP you can add catalogs (vendors), approve patches, and synchronize them to SCCM. After that you can use Automatic deployment rules (or manually approval once again) to deploy them to endpoints. Nice thing is that 3rd party patches will be available in SCCM. Bad thing is you have another console for approving updates. Customers wants to have less consoles as possible.



    My blogs: Henk's blog | Follow Me on: Twitter | View My Profile on: LinkedIn

    Monday, October 13, 2014 7:59 AM
  • I'll mention the ones I know about which integrate with either SCUP, or with your top level SUP (without technically using SCUP)--in alphabetical order so no one can say I ordered them in any specific way:

    PatchMyPC.Net

    Secunia

    Shavlik

    SolarWinds

    All will scan.  All will patch.  At this exact moment in time (like everything else, 1 product will leapfrog over another from time to time); Secunia seems to offer the most features.  Cost-wise, there are usually price breaks when you have higher client counts, so giving you a guesstimate of cost isn't going to be relevant.  Your best bet is to submit a request for quote to each of the above if one of your main parameters is "cheapest", not "best".

    fyi, there may be more.  The above are just the ones I happened to look at a few years ago.  Maybe there are more since then (or less, for all I know).


    Standardize. Simplify. Automate.

    Monday, October 13, 2014 12:51 PM
  • Thanks for the help, SCUP alone is not really what we are looking for bascily because unless some one is creating a catalog (such as PatchMyPC.Net) we would still need to build the packages.  Management is looking for  a way to reduce the amount of time it takes to deploy 3rd party updates.  the goal is to free up my time from patching and direct it else where!
    Wednesday, October 15, 2014 9:32 PM
  • On the Server side, we've used Lumension (formerly Patchlink) for many years with a lot of success. Everything is delivered pre-packaged and pre-tested (rudimentary against basic boxes). Your server pulls patch packages from Lumension on a regular (daily) basis. Lumension now has some integration with SCCM as well (specific to servers).

    While it's been used primarily for Windows patches, we've used it for delivering 3rd party and a number of home-built changes as well...

    Thursday, October 23, 2014 7:23 PM
  • From my point of view there is only one solution to cover all requirements listed here:

    It is Secunia (now Flexera Software) Corporate Software Inspector.

    Despite the fact that a static patch catalog is useless for most companies complete overview for ALL software installed within an infrastructure is key providing severity information in real time.

    And of cause providing out of the box patches without the pain to do a complete research where to get the patch from and how to create...



    Thomas Todt

    Sunday, February 21, 2016 12:33 PM