Equivalent of WSUS for Solaris, AIX and Cisco devices

There has been patches that were missed & lapses in patching timely for non-Windows
platforms.   I noticed, Wintel was quite up to the mark on patching & I reckon this is
due patch management automation using WSUS : patches (for both functional fixes
as well as security patches) are downloaded early.

I heard Redhat Satellite (for patching automation like WSUS) can be used on Solaris
besides Linux.  Is there any equiv products for AIX & Cisco devices (routers, switches)?

Does WSUS assess if particular MS patch is relevant or applicable to each server/endpoint
prior to deployment?  I mean if a software, eg, MS Access is running on that server/end-
point, then only patches for MS Access will be deployed to that server & checks the version
of the MS Access is applicable for the patches that are released
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Q1) IBM BigFix Patch (costly option) comes to mind for AIX and Solaris systems, granted you could use it for Windows as well if you wanted. As far as Cisco goes, I think that Cisco Prime might be as close as you'll get. As far as free options for Solaris go, you *could* look at Patch Check Advanced, which obviously Oracle does not support in any way. Satellite is more Linux-focused in nature (Red Hat products and RPM packages).
Q2) WSUS itself simply looks for patches for the products you allow it to. However, each system when it grabs allowed updates from the WSUS server assesses whether it needs a given set of patches or not (i.e. if a Windows PC knows it doesn't have MS Office on it, then it would not install the patch). You can group computers together so that you can approve updates for one set of machines, but not another.
sunhuxAuthor Commented:
"IBM BigFix Patch" sounds good for our hundreds of AIX+Solaris environment (while we have less than 10 Linux only):
how is the cost like?  By number of endpoints or just one cost for the whole site regardless on the number of end-
points it's managing?
sunhuxAuthor Commented:
To use PCA, I'll need to permit firewall rules from each of our Solaris server out to Internet on
Tcp80 (or which other ports)?  Have a security concern esp for our servers that are not in

Does PCA checks against Oracle site (to check if our patches are outdated) & get the patches from
Oracle or some other non-Oracle site?
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

sunhuxAuthor Commented:
I guess PCA is like Linux yum  but not a central tool like WSUS, is this right?
I would assume that the number of workstations and servers come into play for BigFix. IBM isn't necessarily known for simple (or inexpensive) pricing, so I would check with them or a consulting firm that deals with IBM products to get an answer on that one. But if you decide to get BigFix for your AIX systems, you might as well leverage it for Solaris and Windows as well (unless you have a business reason not to). The fewer tools that are able to cover more of your business needs, the better, right?

As far as PCA, it apparently does a check against a file from Oracle. Now whether that file is still out there for it to work still might be a different story. Plus PCA was last updated in 2015 (doesn't mean it no longer works though). But I'd still go with BigFix over this. However, I wanted to see if there would at least be a tool out there that was free.

Question: How are you handling Windows patches now? WSUS, or are you using something more like SCCM?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
We use WSUS for Windows servers & SCCM for PCs/laptops.
sunhuxAuthor Commented:
If IBM  Big Patch is charged by endpoints, I would start gradually with a few AIX & Solaris first as pilot to see how well it goes
as our biggest audit gap now is with these platforms, not Wintel (presume the Wintel guys cope well with WSUS, SCCM &
MS Desktop Central)
sunhuxAuthor Commented:
Besides the UNIX OS/kernel, even utilities like ssh client+server, sudo, heartbleeds & any CVEs related to
UNIX & its tools   need to be patched, so am hoping PCA can give us a 'healthcheck' report for a start or
can it?
As far as Windows, I would leave that alone. Even though I do find it interesting that there is both SCCM and WSUS. As long as things are being handled well no need to rush to fix it.

I don't think that PCA is going to be the ideal tool for you to be honest. You would be better off with a properly supported product.
sunhuxAuthor Commented:
I just wanted to get PCA to see if it will give us a 'health-check' report or listing of
what are the patches missed.

Is the properly supported tool you have in mind BigFix?
Based on what's out there, I'd probably say it's your best bet. Especially with such a large number of systems (both AIX and Solaris), you appear to have the challenge of both knowing the health of the systems AND actually patching them (granted if you don't know the health, how do you know what to patch). At least BigFix should allow for both.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.