Solved

What is the best third party patch management solution for a company with 130 server (90% VMs)

Posted on 2013-10-30
5
344 Views
Last Modified: 2013-11-22
What 3rd party tool does the job best against VMs? We are running vSphere 5. WSUS in my experience is not so great. What tool has the best technical service support in case you run into issues with patching. We are a company that rely heavily upon our web servers for our business to function. Our clients and vendors use our propriety systems within our website to do there job. We are a background check company. It is mission critical that are servers are up and running 24x7, or if there is a post patching issue, then we can rollback easily without affecting production. We are a windows shop running Jboss, Tomcat in our server environment. Please if have any insights for a best practice approach for patching servers, to include your experience.
0
Comment
Question by:ksol
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:pgm554
Comment Utility
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
I wonder why you seem to think VMs have to be treated differently. Makes no difference for patching. For me, the answer would be quite simple: use WSUS. Before scheduled updates, have your hypervisor do a snapshot (can be scripted). If updates won't install, it's not the patching solutions fault, so that does not matter here. To rollback patches can be done with WSUS. Patches that can't be rolled back because they don't support it won't offer a rollback no matter what patching solution you use. No difference. You would need to resort to your latest snapshot.
0
 

Author Comment

by:ksol
Comment Utility
From my experience, WSUS is really bad in regards to reporting. We have the money to buy third party patching tool, but what are the top three? We plan to manage patching and apply them to both workstations and servers. How do patching license work? Do we pay per server? If so, is it per year?
0
 

Author Comment

by:ksol
Comment Utility
McKnife,

To follow up on your comment. VMs have to be treated differently because we need to keep in mind that during patching, Memory, CPU, Storage all being utilized on the same LUN during patching can cause a bottleneck on the ESX host.

Other than that, I am comparing Symantec vs Shavlik. Any thoughts? How do licensing work for both products?
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
I see, right. But what would the patch management ideally do to mitigate this effect? It would group servers and have one group start at 10pm, the next at 11 pm,... and so on. That's something we can do by GPOs, set a scheduled installation time based on a security group the server is in.

Sorry, I cannot help out with hints on products. My overall impression is that those don't really do a better job but only manage to make a better impression. The real problems with patch management are common to all:
-how to test?
-how to rollback?
-what to do if installation fails?

I don't see any technical solution that could solve these.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
OfficeMate Freezes on login or does not load after login credentials are input.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now