Product Reviews

Product Review: Keeping Systems Patched with SolarWinds Patch Manager 2.0

Patch management suite allows agents to schedule updates and provides better real-time reporting.

• By Derek Schauland
• 05/02/2014

IT pros have patched computer systems for quite some time and with all of the data breaches landing on the front page lately, it's an extremely important function for any organization. Because many systems administrators don't just patch one or two systems when keeping up with Patch Tuesday, using automatic updates without some external help can be pretty painful, not to mention staggered and hard to control.

Using Windows Server Update Services (WSUS) or another product such as Microsoft System Center to assist with patching is very helpful as it can keep patching organized by helping to report on patches that are needed and those that have been applied. In addition, keeping the synchronization of updates from Microsoft controlled and happening at scheduled intervals will reduce overall download time and size for your client computers. These are pretty solid features but there are some things missing from these tools, which is where SolarWinds Patch Manager 2.0 can improve the patching experience.

Back in 2012, I reviewed Patch Manager 1.8 outlining the features and functionality of the product. The company has added some worthwhile improvements in the latest release.

Patch Manager 2.0 starts off with a configuration wizard to get things moving, but also presents a wizard to find computers and (once found) install patches on the selected systems. During the initial discovery, metadata for known patches -- from a SolarWinds subscription service and from your environment's patching tool -- are published into the Patch Manager solution. This helps make it aware of what's available for your environment. Keeping in line with previous versions, the application has kept support for either WSUS or System Center. The installation of Patch Manager 2.0 is definitely improved over previous versions, reducing the number of clicks and fields to populate to get off the ground.

Management agents are a welcome addition to Patch Manager. These can be deployed on computers in an environment to help keep computers that don't check in very often managed. The agent polls the Patch Manager server for available updates and oversees the process for the client.

The licensing model for patch manager hasn't changed. The pricing is still handled by nodes on the network.

Working with WSUS and automated downloads, the provided scheduled updates have been a great tool to help get updates pulled into an environment. SolarWinds Patch Manager 2.0 adds to the features there and brings out abilities that have surprisingly not been added to WSUS.

Feature Highlights
New in version 2.0 are agents, which can help with focused reporting, as well as management of hard-to-reach computers (remote laptops that check in infrequently).

Real-time reporting and information has been improved in almost every area of the application. Seeing what's needed by computers in an environment as it happens can be extremely useful in helping keep tabs on which computers need which updates (see Figure 1).

One feature that isn't new to version 2.0, but helps make a very strong case for Patch Manager, is the ability to schedule updates. Not only in the way that has been seen in WSUS where updates that are approved and get pushed out at a usual 3 a.m. interval, but in a way that allows an update that has been downloaded as part of the scheduled update synchronization to be deployed on an independent schedule.

For example, imagine your environment has one computer that needs to use Windows XP because a line-of-business application requires it. Installing Windows XP from an image or media without the latest service pack will have to do. WSUS has synchronized Windows XP SP3, but items pulled into WSUS cannot be selected for individual installation. Patch Manager can perform these installations using updates that exist in the WSUS catalog. This will allow Windows XP SP3 to be deployed immediately or scheduled separately from the next WSUS patch deployment. This can be very helpful when configuring a system because it removes some of the wait time without losing any of the control over the installation.

Notification System
Another important feature is notifications. Patch Manager has a notification system that generates popup messages in the console and can be configured to use e-mail alerting. The popup alerts work like calendar reminders in Outlook, but for patching activities (see Figure 2).

Recommendations
Managing patches is something that can require a number of resources to keep up with the barrage of updates being produced. A solution to allow scheduling as well as installation from the updates catalog within your environment can really be a savior. SolarWinds has put a lot of thought into managing and using patches from Microsoft and other vendors to make patch management more controllable.

Much of the application hasn't changed in the upgrade release from 1.8 to 2.0, but the parts that have been improved are certainly more user-friendly than in previous versions.

Patch Manager still provides an abundance of reports to help show an organization what its patch environment really looks like. These can be useful in keeping things patched, as well as helping in areas of regulatory compliance.