Remote patch management gets critical

Patch management for mobile devices will see two upgrades later this year, one from Microsoft and one from best-of-breed remote management vendor Mobile Automation Inc.

Microsoft unveiled last week Windows Update Services (WUS) as a replacement to System Update Services (SUS).

WUS will allow users to stage patches from a Microsoft central server and push them out to Windows 2000, Windows Server 2003, Windows XP Professional, Office 2003, Office XP, Exchange 2003, SQL Server 200 and Microsoft DE (Desktop Engine). WUS is now in beta with no confirmed ship date.

In the meantime, Mobile Automation will release version 6.0 of its Mobile Lifecycle Management Suite, which will include a feature called Patch Automation. The inclusion of Patch Automation in the suite is the result of a licensing deal with Shavlik Technologies' HFNetChkPro software made back in November 2003.

David Friedlander, senior analyst with Forrester Research Inc., said that both Shavlik Technologies LLC and another vendor, PatchLink Corp., have inked most of the deals with network management vendors such as Hewlett-Packard Co. and Novell Inc.

"With tens of thousands of devices distributed across hundreds of places, the need to respond to threats quickly with security patches has become extremely important," said Friedlander.

Patch Automation is a subscription-based component, priced at US$15 per node per year, that works locally as well as over almost all wireless connections including Wi-Fi, cellular, CDPD (cellular digital packet data), and dial-up.

Like Microsoft, the application works only with Windows operating systems and Windows applications. However, Doug Neal, president and CEO of Mobile Automation, said the company is listening to customer requests for patch automation of non-Microsoft products.

A so-called smart client component sits on a desktop, laptop, or Pocket PC and connects to the corporate server whenever a user logs on and matches the remote device's application inventory with the availability of patches on the server for that software.

Friedlander said the ability of applications like Patch Automation to do "firewall traversal," pushing patches and updates to users outside the corporate firewall, is important in order to enforce security policies.

"If a system isn't updated with a current patch, IT (denies) access to the VPN until it is," Friedlander said.

Both Patch Automation and Microsoft's WUS product feature bandwidth throttling, which detects available bandwidth to avoid interfering with other downloads.

"In a LAN environment, it can sense increased latency on the network and take appropriate action," Neal said.

Both solutions also include checkpoint restart, which continues a download following an interruption from where it left off and does not have to start over.

Although Microsoft and others also compete in this area, Mark Ehr, research director for Enterprise Management Associates, said that one feature that sets Mobile Automation Patch Management apart from its competitors is its ability to stage an update remotely without applying it.

"If Microsoft releases a security update and IT hasn't tested it yet, IT can push it down, but they don't have to pull the trigger until they complete their own QA," Ehr said.

In addition to the patch technology incorporated into the suite, Mobile Automation also added a component called SupportDesk Automation, to allow remote control and online chat with end-users even when they are sitting behind a firewall in a hotel room or at a local coffee shop, Neal said.

Mobile Lifecycle Management Suite will ship on April 15.

Join the newsletter!

Error: Please check your email address.

More about Enterprise Management AssociatesForrester ResearchHewlett-Packard AustraliaMicrosoftMobile AutomationNovellPatchlinkShavlik Technologies

Show Comments

Market Place