We help IT Professionals succeed at work.

What enterprise grade patch management solution do you use?

I understand that all environments are different. However, I was wondering what most of you use to patch windows, third-party, VMware, etc.

My company evaluated a few applications: Ivanti Security Controls( formerly Patching for Windows), Solarwinds, Connectwise.

So far Ivanti is our top contender because it can patch esx hosts, VM templates, CVE lists, generates decent reports. Yet, it has a few shortcomings we didn't like. One was that there is no web-based console. We would need to leverage terminal services on a server for multiple admins to connect. Also, it doesn't have role-based administration groups.

I understand that all solutions will come with caveats. Any input will be appreciated.
Comment
Watch Question

Nagendra Pratap SinghDesktop Applications Specialist

Commented:
SCCM & Patch My PC
For a MSP environment (tens of thousands of Windows workstations and servers across hundreds of domains), ConnectWise Automate works fairly well (scheduling is "passable"), and one can use thirdy party solutions to report on endpoints x patches behind etc.

We don't patch vmware automatically, but we do use vmware update manager (locally only).
Robert Perez-CoronaSystems Administrator

Author

Commented:
Thank for the feedback. Has anyone used ManageEngine PatchManagerPlus ?

ISeC at the moment has a constraint for us. It patches and handles our tasks in a grateful manner. However, it's administrative capabilities are hindered. There is no web console. Therefore, we need to enable terminal services on our system if we want to multi administer.

Commented:
I've used ManageEngine Desktop Central (difference is it has a few more features than PatchManagerPlus, I believe)

It does have a web console, which is pretty responsive

Agent based, and live help available 24/5 from a chat system integrated into the web console

Works well enough - used here to manage patches for a bunch of Windows servers - also handles desktops, as well as MacOS and Linux, but we don't use that part of it

Has the basic patch-mangement-server wishlist covered - scheduling, ability to reboot (or not reboot), reporting, you can give users the ability to delay the reboot if they are logged on, email notifications, you can create groups for separate policies/schedules, etc

Not all that happy with its email notifications, but you can create your own custom queries of its database to get exactly (and *only*) what you need
Systems Administrator
Commented:
We decided to pursue ISeC because of its feels like the only enterprise-grade solution out of the bunch.
Robert Perez-CoronaSystems Administrator

Author

Commented:
Thank you all for the feedback.