Avatar of sunhux
sunhux
 asked on

Equivalent of WSUS for Solaris, AIX and Cisco devices

There has been patches that were missed & lapses in patching timely for non-Windows
platforms.   I noticed, Wintel was quite up to the mark on patching & I reckon this is
due patch management automation using WSUS : patches (for both functional fixes
as well as security patches) are downloaded early.

Q1:
I heard Redhat Satellite (for patching automation like WSUS) can be used on Solaris
besides Linux.  Is there any equiv products for AIX & Cisco devices (routers, switches)?

Q2:
Does WSUS assess if particular MS patch is relevant or applicable to each server/endpoint
prior to deployment?  I mean if a software, eg, MS Access is running on that server/end-
point, then only patches for MS Access will be deployed to that server & checks the version
of the MS Access is applicable for the patches that are released
Vulnerabilities* AIXCyber SecurityWSUSOS Security

Avatar of undefined
Last Comment
masnrock

8/22/2022 - Mon
SOLUTION
masnrock

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
sunhux

ASKER
"IBM BigFix Patch" sounds good for our hundreds of AIX+Solaris environment (while we have less than 10 Linux only):
how is the cost like?  By number of endpoints or just one cost for the whole site regardless on the number of end-
points it's managing?
sunhux

ASKER
To use PCA, I'll need to permit firewall rules from each of our Solaris server out to Internet on
Tcp80 (or which other ports)?  Have a security concern esp for our servers that are not in
DMZ.

Does PCA checks against Oracle site (to check if our patches are outdated) & get the patches from
Oracle or some other non-Oracle site?
sunhux

ASKER
I guess PCA is like Linux yum  but not a central tool like WSUS, is this right?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
masnrock

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
sunhux

ASKER
We use WSUS for Windows servers & SCCM for PCs/laptops.
sunhux

ASKER
If IBM  Big Patch is charged by endpoints, I would start gradually with a few AIX & Solaris first as pilot to see how well it goes
as our biggest audit gap now is with these platforms, not Wintel (presume the Wintel guys cope well with WSUS, SCCM &
MS Desktop Central)
sunhux

ASKER
Besides the UNIX OS/kernel, even utilities like ssh client+server, sudo, heartbleeds & any CVEs related to
UNIX & its tools   need to be patched, so am hoping PCA can give us a 'healthcheck' report for a start or
can it?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
masnrock

As far as Windows, I would leave that alone. Even though I do find it interesting that there is both SCCM and WSUS. As long as things are being handled well no need to rush to fix it.

I don't think that PCA is going to be the ideal tool for you to be honest. You would be better off with a properly supported product.
sunhux

ASKER
I just wanted to get PCA to see if it will give us a 'health-check' report or listing of
what are the patches missed.

Is the properly supported tool you have in mind BigFix?
masnrock

Based on what's out there, I'd probably say it's your best bet. Especially with such a large number of systems (both AIX and Solaris), you appear to have the challenge of both knowing the health of the systems AND actually patching them (granted if you don't know the health, how do you know what to patch). At least BigFix should allow for both.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes