Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Equivalent of WSUS for Solaris, AIX and Cisco devices

There has been patches that were missed & lapses in patching timely for non-Windows
platforms.   I noticed, Wintel was quite up to the mark on patching & I reckon this is
due patch management automation using WSUS : patches (for both functional fixes
as well as security patches) are downloaded early.

Q1:
I heard Redhat Satellite (for patching automation like WSUS) can be used on Solaris
besides Linux.  Is there any equiv products for AIX & Cisco devices (routers, switches)?

Q2:
Does WSUS assess if particular MS patch is relevant or applicable to each server/endpoint
prior to deployment?  I mean if a software, eg, MS Access is running on that server/end-
point, then only patches for MS Access will be deployed to that server & checks the version
of the MS Access is applicable for the patches that are released
SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux
sunhux

ASKER

"IBM BigFix Patch" sounds good for our hundreds of AIX+Solaris environment (while we have less than 10 Linux only):
how is the cost like?  By number of endpoints or just one cost for the whole site regardless on the number of end-
points it's managing?
Avatar of sunhux

ASKER

To use PCA, I'll need to permit firewall rules from each of our Solaris server out to Internet on
Tcp80 (or which other ports)?  Have a security concern esp for our servers that are not in
DMZ.

Does PCA checks against Oracle site (to check if our patches are outdated) & get the patches from
Oracle or some other non-Oracle site?
Avatar of sunhux

ASKER

I guess PCA is like Linux yum  but not a central tool like WSUS, is this right?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

We use WSUS for Windows servers & SCCM for PCs/laptops.
Avatar of sunhux

ASKER

If IBM  Big Patch is charged by endpoints, I would start gradually with a few AIX & Solaris first as pilot to see how well it goes
as our biggest audit gap now is with these platforms, not Wintel (presume the Wintel guys cope well with WSUS, SCCM &
MS Desktop Central)
Avatar of sunhux

ASKER

Besides the UNIX OS/kernel, even utilities like ssh client+server, sudo, heartbleeds & any CVEs related to
UNIX & its tools   need to be patched, so am hoping PCA can give us a 'healthcheck' report for a start or
can it?
As far as Windows, I would leave that alone. Even though I do find it interesting that there is both SCCM and WSUS. As long as things are being handled well no need to rush to fix it.

I don't think that PCA is going to be the ideal tool for you to be honest. You would be better off with a properly supported product.
Avatar of sunhux

ASKER

I just wanted to get PCA to see if it will give us a 'health-check' report or listing of
what are the patches missed.

Is the properly supported tool you have in mind BigFix?
Based on what's out there, I'd probably say it's your best bet. Especially with such a large number of systems (both AIX and Solaris), you appear to have the challenge of both knowing the health of the systems AND actually patching them (granted if you don't know the health, how do you know what to patch). At least BigFix should allow for both.