Seal the Cracks
Patchlink Update 3.0 systematically keeps your network up to date.
Let’s face it—Windows has cracks. A lot of them apparently, based on
the number of security warnings, updates and alerts that crop up every
time an enterprising hacker finds and exploits a vulnerability.
Enter Patchlink Update 3.0. Patchlink Update requires Windows 2000 Server
(with Service Pack 2), plus 512MB RAM and 20GB disk space. Software requirements
include IIS Web Server and “...no other software application. Specifically,
you must not have SQL Server or MSDE installed on the target system...”
In addition, the system can’t be a primary domain controller. Once you’ve
ensured that you meet all of these requirements and exceptions, installation
PatchLink claims to be a targeted, systematic management framework to
patch all computers on a network. The claim, while a bit grandiose, isn’t
overly inflated. The application is a software-distribution product coupled
with an inventory system and a subscription service that helps keep an
organization’s systems patches up to date. Basically it does for NDS eDirectory
and ADS what Windows Update does for the Windows desktop: It detects software
product versions on all networked systems and provides the means to correct
It does this through a patent-pending Discovery Agent, which can effectively
detect patch fingerprints across many different types of computers connected
by nothing more than your existing Extranet. Whether you patch your systems
by hand or use the Deployment Wizard to do it automatically, the Reports
generated by Discovery Agent will always show you what is patched—and
Patchlink checks vendor Web sites every day for new releases, then notifies
agents on your site if new software is available. You get notification
via e-mail showing what’s available for which platforms. Update Agents
are available for NetWare as well as Win2K, Windows NT, Windows 95/98/Me,
Unix/Linux, and Java environments. The administrator can then roll out
the fixes using a Web-based distribution system. The small native code
footprint coupled with the ability to run without user intervention, provides
a ready way for to distribute software across an enterprise.
The “packages” (Patchlink’s term) to be distributed can include patches,
service packs, and even small administrative tasks—which can either come
pre-built directly from the PatchLink Patch Archive Subscription or be
developed expressly for your enterprise. Finally, the Update Agent communicates
exclusively via Web protocols, even through a proxy server, if necessary.
This means you won’t need to open additional holes in your firewall to
update computers scattered around your company’s extranet. Patchlink can
also update the PCs of mobile workers or at remote locations using nothing
more than an Internet connection.
Version 3.0 is capable of fingerprinting the patches that exist on a
particular computer and then advising an administrator on exactly what
type of patch a machine has and what revisions it may need. The fingerprinting
requires a good deal of planning and diligence in order to be done correctly.
For example, in NT, if you have a service pack installed and you install
another product, it may replace some of the files, meaning you’d have
to reapply the service pack. PatchLink is supposed to catch all of these
PatchLink also has the option to patch servers and workstations in parallel
or sequentially. In parallel, it’ll patch all PCs at once; in sequential
order, it will patch one and, if it’s successful, will continue to the
next machine. If something were to go wrong, an admin would only have
to deal with one down computer.
Patchlink.com notes that it’s imperative to test all patches before rolling
them out and that they will only guarantee what the manufacturer says
about the patch. Once a patch is tested, it can be sent automatically
with a single click.
Patchlink Update 3.0 lived up to its promises in my testing and proved
to be a solid, reliable product that should be a must where accurate patch-like
activity is required or time savings are imperative. You should remember,
however, that without careful monitoring on the administrator’s part,
the program can’t succeed.
David W. Tschanz, Ph.D., MCSE, is author of the recent "Exchange Server 2007 Infrastructure Design: A Service-Oriented Approach" (Wiley, 2008), as well as co-author of "Mastering Microsoft SQL Server 2005" (Sybex, 2006). Tschanz is a regular contributor to Redmond magazine and operates a small IT consulting firm specializing in business-oriented infrastructure development.