Microsoft revealed an effort to align with systems management vendors to integrate its SUS (Software Update Services) into their frameworks, with the goal of easing Windows patch management installation and configuration.
But analysts said the software giant's motive is jumpstarting stalled adoption of SUS and off-loading security maintenance, as well as upkeep of graying Microsoft products such as Windows 2000 and NT.
Microsoft is targeting IBM/Tivoli, Computer Associates International, Hewlett-Packard, and BMC Software as prime candidates to push out Windows Update, Office Update, and a new Microsoft update product due within a year for add-on products, including SQL Server and Exchange Server, said Jeffrey Jones, senior director of marketing at Microsoft.
"We'll be looking at having (prepackaged installed behavior) identify itself to systems so our tools will discover, in a consistent way, what paths and tools have been installed and what has not," Jones said. "The ideal goal is if we understood (system) requirements and fed that into patch management."
While no agreements have been finalized, a CA executive confirmed that the company is interested in integrating SUS and currently evaluating Microsoft's plan. Jones said that Tivoli and HP, meanwhile, are on deck for discussions.
"If Microsoft did convince a CA or Tivoli to include SUS into client management systems it would be a great coup for Microsoft. But if I was CA or Tivoli I don't see why I would want to," said John Pescatore, vice president at Gartner.
Furthermore, several obstacles stand in the way of customers welcoming SUS with open arms and IBM, CA, HP, and BMC accepting Microsoft's overtures, he added.
Pescatore said many people have "reacted badly" to enabling the AutoUpdate in a Service Pack for Windows 2000 and XP on servers and desktops because it requires a signature on a licensing agreement that allows Microsoft to view all software on a PC. He added that many SUS integrations would not cure patch-management ills for customers that do not run pure Microsoft environments.
"There really hasn't been widespread use of SUS, which is why Microsoft is looking to get it tied in with the 'big guy's' products," Pescatore said.
Despite the relative success of niche patch-management players such as Shavlik Technologies, PatchLink, St. Bernard Software, and BigFix, Jones said the need for third-party intermediary products will disappear if customers trust Windows Update more fully.
For that to happen, patch management must be run through a testing and change configuration process and become more tightly integrated with broader systems management and application management platforms, said Chuck Darst, solutions manager at HP OpenView in Palo Alto, Calif.
"A lot of people are very nervous about patch management installation -- all of a sudden patches popping up," Darst said. "Before (Microsoft) releases something, making sure the patch won't blow up is a really big step for users."
To get patches deployed to the desktop, HP has recruited St. Bernard to build a smart plug-in for OpenView, which also works with Novadigm and Altiris for patches.
Some customers have flocked to niche patch-management players due to past failures with Microsoft and concerns about the software giant's patch automation tactic.
"Microsoft has started to go down the path of automating patches and that's a bad idea. It opens up too much opportunity for folks to exploit those channels and put in Trojan code," said James Baird, senior systems security analyst at Ashburn, Va.-based MCI. "I'd have to see something drastically different to make me switch" from Shavlik Technologies to Microsoft SUS.