Solved

What is the best third party patch management solution for a company with 130 server (90% VMs)

Posted on 2013-10-30
5
345 Views
Last Modified: 2013-11-22
What 3rd party tool does the job best against VMs? We are running vSphere 5. WSUS in my experience is not so great. What tool has the best technical service support in case you run into issues with patching. We are a company that rely heavily upon our web servers for our business to function. Our clients and vendors use our propriety systems within our website to do there job. We are a background check company. It is mission critical that are servers are up and running 24x7, or if there is a post patching issue, then we can rollback easily without affecting production. We are a windows shop running Jboss, Tomcat in our server environment. Please if have any insights for a best practice approach for patching servers, to include your experience.
0
Comment
Question by:ksol
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 39613141
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39613506
I wonder why you seem to think VMs have to be treated differently. Makes no difference for patching. For me, the answer would be quite simple: use WSUS. Before scheduled updates, have your hypervisor do a snapshot (can be scripted). If updates won't install, it's not the patching solutions fault, so that does not matter here. To rollback patches can be done with WSUS. Patches that can't be rolled back because they don't support it won't offer a rollback no matter what patching solution you use. No difference. You would need to resort to your latest snapshot.
0
 

Author Comment

by:ksol
ID: 39628270
From my experience, WSUS is really bad in regards to reporting. We have the money to buy third party patching tool, but what are the top three? We plan to manage patching and apply them to both workstations and servers. How do patching license work? Do we pay per server? If so, is it per year?
0
 

Author Comment

by:ksol
ID: 39634483
McKnife,

To follow up on your comment. VMs have to be treated differently because we need to keep in mind that during patching, Memory, CPU, Storage all being utilized on the same LUN during patching can cause a bottleneck on the ESX host.

Other than that, I am comparing Symantec vs Shavlik. Any thoughts? How do licensing work for both products?
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 39638083
I see, right. But what would the patch management ideally do to mitigate this effect? It would group servers and have one group start at 10pm, the next at 11 pm,... and so on. That's something we can do by GPOs, set a scheduled installation time based on a security group the server is in.

Sorry, I cannot help out with hints on products. My overall impression is that those don't really do a better job but only manage to make a better impression. The real problems with patch management are common to all:
-how to test?
-how to rollback?
-what to do if installation fails?

I don't see any technical solution that could solve these.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now