What enterprise grade patch management solution do you use?
I understand that all environments are different. However, I was wondering what most of you use to patch windows, third-party, VMware, etc.
My company evaluated a few applications: Ivanti Security Controls( formerly Patching for Windows), Solarwinds, Connectwise.
So far Ivanti is our top contender because it can patch esx hosts, VM templates, CVE lists, generates decent reports. Yet, it has a few shortcomings we didn't like. One was that there is no web-based console. We would need to leverage terminal services on a server for multiple admins to connect. Also, it doesn't have role-based administration groups.
I understand that all solutions will come with caveats. Any input will be appreciated.
My company evaluated a few applications: Ivanti Security Controls( formerly Patching for Windows), Solarwinds, Connectwise.
So far Ivanti is our top contender because it can patch esx hosts, VM templates, CVE lists, generates decent reports. Yet, it has a few shortcomings we didn't like. One was that there is no web-based console. We would need to leverage terminal services on a server for multiple admins to connect. Also, it doesn't have role-based administration groups.
I understand that all solutions will come with caveats. Any input will be appreciated.
Nagendra Pratap Singh
SCCM & Patch My PC
For a MSP environment (tens of thousands of Windows workstations and servers across hundreds of domains), ConnectWise Automate works fairly well (scheduling is "passable"), and one can use thirdy party solutions to report on endpoints x patches behind etc.
We don't patch vmware automatically, but we do use vmware update manager (locally only).
We don't patch vmware automatically, but we do use vmware update manager (locally only).
ASKER
Thank for the feedback. Has anyone used ManageEngine PatchManagerPlus ?
ISeC at the moment has a constraint for us. It patches and handles our tasks in a grateful manner. However, it's administrative capabilities are hindered. There is no web console. Therefore, we need to enable terminal services on our system if we want to multi administer.
ISeC at the moment has a constraint for us. It patches and handles our tasks in a grateful manner. However, it's administrative capabilities are hindered. There is no web console. Therefore, we need to enable terminal services on our system if we want to multi administer.
I've used ManageEngine Desktop Central (difference is it has a few more features than PatchManagerPlus, I believe)
It does have a web console, which is pretty responsive
Agent based, and live help available 24/5 from a chat system integrated into the web console
Works well enough - used here to manage patches for a bunch of Windows servers - also handles desktops, as well as MacOS and Linux, but we don't use that part of it
Has the basic patch-mangement-server wishlist covered - scheduling, ability to reboot (or not reboot), reporting, you can give users the ability to delay the reboot if they are logged on, email notifications, you can create groups for separate policies/schedules, etc
Not all that happy with its email notifications, but you can create your own custom queries of its database to get exactly (and *only*) what you need
It does have a web console, which is pretty responsive
Agent based, and live help available 24/5 from a chat system integrated into the web console
Works well enough - used here to manage patches for a bunch of Windows servers - also handles desktops, as well as MacOS and Linux, but we don't use that part of it
Has the basic patch-mangement-server wishlist covered - scheduling, ability to reboot (or not reboot), reporting, you can give users the ability to delay the reboot if they are logged on, email notifications, you can create groups for separate policies/schedules, etc
Not all that happy with its email notifications, but you can create your own custom queries of its database to get exactly (and *only*) what you need
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all for the feedback.