We sent out a survey to the patch management community and got some interesting data back regarding what applications users patch with different tools. The majority of respondents patch Microsoft with WSUS, and secondly System Center Configuration Manager.
How are WSUS and System Center users patching 3rd party applications?
Over 40% of WSUS users do not patch 3rd party applications, and 35% use scripts or perform patching of 3rd party apps manually. ConfigMgr users perform 3rd party application patching more frequently – only 11% of SCCM users do not patch 3rd party apps at all. However, System Center users are still spending a lot of time patching 3rd party apps – only 22% are using a tool that provides automated 3rd party pre-built packages, like Patch Manager.
There is a misconception that System Center Configuration manager is very effective at patching 3rd party applications. The SCCM users patching 3rd party applications spend on average 3.8 hours researching, scripting, publishing and testing each 3rd party update, and spend an average of 3 days deploying the update. On average, Patch Manager customers surveyed spend 2.5 hours patching 3rd party updates.
Comparison of WSUS, ConfigMgr and Patch Manager
Let’s compare the capabilities for patch management in these three tools.
SolarWinds Patch Manager
Centralized & automated software installation
Yes, Microsoft only
Yes, Microsoft & SCUP
Yes, via WSUS & SCCM. Patch Manager leverages this robust feature of these tools.
On demand patching
Hardware inventory limited, no software inventory
For System Center Essentials (SCE) environments, which use WSUS natively, they enable the use of the WSUS/WUAgent. The Extended Inventory collection tool, includes software and hardware inventory.
Microsoft & 3rd party applications, hardware inventory, disk space & other metrics
Reporting – visibility into what needs to be patched/what has been patched.
Requires some knowledge of SQL programming as well as administration of SQL Server Reporting Services (SSRS).
Notification of failed updates
Provides notification but no information why the update failed.
No WSUS does allow some primitive patch scheduling… pick a particular hour of the day, and optionally a single day of the week, and hope the target machine is actually powered on at that time.
Yes, push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.
3rd party pre-built & tested packages
Only for catalogued patches
Yes, for most common applications
Custom package creation
Wizard driven. Includes PackageBoot™ for complex before and after deployment scenarios (Java).
Client health diagnosis & remediation
Client health data
Repair WMI, WUAgent, and Configuration Manager Agent.
As you can see from the above chart, Patch Manager is a great add-on for any WSUS or SCCM environment. The top Patch Manager features which have benefited customers patching Microsoft applications include scheduling, reporting and filtering capabilities. Customers patching 3rd party applications appreciate the pre-tested & pre-built 3rd party applications as well as the ability to create custom packages and perform pre-and post deployment scenarios. In speaking with one customer yesterday, he reduced the time it took to patch Microsoft applications using WSUS by 50% with Patch Manager.
And now, Patch Manager has native integration with System Center Configuration Manager 2012. Check out this short video to see 3rd party updates directly from the Software Library page of the Configuration Manager 2012 console.