Patch management: I know, I know -- patch management isn’t the shiny red sports car of security topics but it is an important component in any security plan. If you work in a regulated industry like banking or healthcare you are familiar with software patching, likely with Windows Software Update Services. It’s free and it covers Microsoft products (which need their share of patching) but it doesn’t cover third party products such as Adobe Flash, Mozilla Firefox, Java, etc. This likely has caused a blemish or two on your network security audits, but how do you get a handle on patching everything?
Some customers plan to patch these products and their security vulnerabilities by sitting at each computer and manually updating the key third party products such as Adobe Flash, Adobe Reader and Java. While this will lead to better interpersonal relations between IT staff members and the IT consumers, this isn’t a very efficient use of time.
To update just one workstation the IT staff would need to kick a user off their computer, download and install updates, reboot (possibly multiple times), then move on to the next workstation. A rough estimate of the time it takes from start to finish to complete this task is around 30 minutes per workstation. Add to that travel time to remote locations and lost productivity for the end user and there is even more time/money lost.
A better solution for machine patching is to use software that will update your entire server and workstation environment such as VMware vCenter Protect. If you’ve never heard of VMware vCenter Protect, you’re not alone, but I’ll bet you’ve heard of its origins.
VMware vCenter Protect was originally a product called NetChk Protect created by a Minnesota based company, Shavlik Technologies. VMware bought Shavlik Technologies in 2011 and changed the name of NetCheck Protect to VMware vCenter Protect.
Now that the history lesson is over, let’s take a look vCenter Protect’s features.
From VMware’s website:
VMware vCenter Protect Standard brings enterprise-level IT management to companies of all sizes. Get centralized patch management and asset inventory for Windows and third party applications for both virtual and physical machines. Add centralized antivirus, power management, and ITScripts with vCenter Protect Advanced.
IT management features:
• Patch management – Continuously scan and deploy all available patches—in particular, critical security patches—for deployed software. vCenter Protect makes patch management, a core of good security, an automated task that does not consume IT administrators’ time, enabling them to focus on business optimizations.
• Asset inventory – Discover and maintain a current inventory of all hardware and software assets, whether physical or virtual.
• Antivirus (Advanced version) – Run and maintain antivirus software across all platforms in an integrated fashion, lowering costs and increasing security; an “antivirus plus patch” approach is a key to network security.
• Power management (Advanced version) – With the Wake-on-LAN feature, bring machines online for patching, then power them down, enabling security management during power-off cycles to lower management costs. You can also schedule power settings for savings without business disruption—for example, by shutting a computer down on nights and weekends, businesses save an average of $60 per year in power costs.
• ITScripts – Quickly solve and automate many common workflow process challenges with ITScripts. You can use ITScripts to build unique workflow processes quickly and easily.
• Snapshot Backup Recovery – Take and manage “snapshots” of virtual machines—immediately before and after patching—while automating the backup process, so that a current and relevant backup copy of the virtual machine is immediately available for rollback or disaster recovery.
So in a nutshell, VMware vCenter Protect is a patch management solution for your physical and virtual machines with added benefits like asset inventory and basic ITScripts. If you purchase the advanced version you add antivirus, power management and advanced ITScripts to the product’s feature set.
With either version of the software you can schedule your security patch scans to run at night and when completed, automatically update the machines with the patches that were missing. When the patching is complete, VMware vCenter Protect can reboot the machines and email you a report of that night’s activities. If you ask me that sound better than floating from system to system and manually installing updates.
If you are struggling with keeping all of your systems and software patched, why not give VMware vCenter Protect a try? There is a free 60 day evaluation available and NetWork Center, Inc. technicians are available to assist with everything from answering basic questions to managing software pilot in your environment.
Update: VMware has recently sold the vCenter Protect line of product to LANdesk Inc. and it will be now sold under the name Shavlik Protect after July 1. We have contacted or LANdesk partner representative and inquired if there are any changes planned for the product. We were told that its “business as usual” so we expect no changes to the product line at this time. You can find more information here: http://www.shavlik.com/landesk-shavlik.aspx and if you have more questions please contact your account executive.
Contact us to get your free 60 day VMware vCenter Protect Advanced free trial.