|
Tech View
John Agsalud
|
It’s wise to have a ‘patch management system’
In this ever-changing world of technology, software updates, or "patches" are required on a regular basis. Whether it is spyware, viruses, security breaches or simply new versions of applications, there are a number of reasons to apply patches. PC's that are not up to date are susceptible to a myriad of problems which usually results in inefficient computing.
For most home users and small businesses, applying updates is a simple, but sometimes tedious chore. But for larger networks (even those as small as 20 workstations), this could be a daunting task, especially if one or more computers has already been compromised.
While Microsoft has consolidated the bulk of its patches to be released the second Tuesday of every month "as necessary," other vendors have not followed suit. It can be very difficult to keep track of patches as they are released. It is also difficult to keep track of the patches that have been installed on any given machine.
As such, many organizations have adopted "patch management systems." Basically, a patch management system is an application that automates the loading of software updates.
Some products support a wide variety of operating systems and applications, while others are focused around a specific vendor's products, such as Microsoft. While this may seem short-sighted, the bulk of the patches required today are from Microsoft, especially if you are running Microsoft Office.
Patch management systems are available from a number of vendors and are often bundled into suites that provide other features such as remote access, inventory, and license compliance.
There are simply too many product combinations to list them all here, but popular vendors include Altiris (www.altiris.com), Symantec (www.symantec.com), Microsoft (www.microsoft.com), and Novell (www.novell.com).
Most patch management systems require that a small piece of software (agent) be installed onto the machines to be updated. After the agent is installed, it too, is updated via the patch management system.
Some patch management systems are agentless, while others allow for remote installation of the agent which is, of course, much more efficient.
One caveat, if you have mission-critical applications on PC's or especially servers, be careful to thoroughly test the new environment before putting it into production.
We've heard several horror stories about organizations that have applied seemingly benign patches only to have their entire operation come to a screeching halt.
John Agsalud is president of ISDI Technologies Inc., a Honolulu-based IT consultancy. Call him at 944-8742 or e-mail
jagsalud@isdi-hi.com.