What is the best third party patch management solution for a company with 130 server (90% VMs)

What 3rd party tool does the job best against VMs? We are running vSphere 5. WSUS in my experience is not so great. What tool has the best technical service support in case you run into issues with patching. We are a company that rely heavily upon our web servers for our business to function. Our clients and vendors use our propriety systems within our website to do there job. We are a background check company. It is mission critical that are servers are up and running 24x7, or if there is a post patching issue, then we can rollback easily without affecting production. We are a windows shop running Jboss, Tomcat in our server environment. Please if have any insights for a best practice approach for patching servers, to include your experience.
ksolAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
I see, right. But what would the patch management ideally do to mitigate this effect? It would group servers and have one group start at 10pm, the next at 11 pm,... and so on. That's something we can do by GPOs, set a scheduled installation time based on a security group the server is in.

Sorry, I cannot help out with hints on products. My overall impression is that those don't really do a better job but only manage to make a better impression. The real problems with patch management are common to all:
-how to test?
-how to rollback?
-what to do if installation fails?

I don't see any technical solution that could solve these.
0
 
McKnifeCommented:
I wonder why you seem to think VMs have to be treated differently. Makes no difference for patching. For me, the answer would be quite simple: use WSUS. Before scheduled updates, have your hypervisor do a snapshot (can be scripted). If updates won't install, it's not the patching solutions fault, so that does not matter here. To rollback patches can be done with WSUS. Patches that can't be rolled back because they don't support it won't offer a rollback no matter what patching solution you use. No difference. You would need to resort to your latest snapshot.
0
 
ksolAuthor Commented:
From my experience, WSUS is really bad in regards to reporting. We have the money to buy third party patching tool, but what are the top three? We plan to manage patching and apply them to both workstations and servers. How do patching license work? Do we pay per server? If so, is it per year?
0
 
ksolAuthor Commented:
McKnife,

To follow up on your comment. VMs have to be treated differently because we need to keep in mind that during patching, Memory, CPU, Storage all being utilized on the same LUN during patching can cause a bottleneck on the ESX host.

Other than that, I am comparing Symantec vs Shavlik. Any thoughts? How do licensing work for both products?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.