We sent out a survey to the patch management community and got some interesting data back regarding what applications users patch with different tools.  The majority of respondents patch Microsoft with WSUS, and secondly System Center Configuration Manager.



 

How are WSUS and System Center users patching 3rd party applications?


Over 40% of WSUS users do not patch 3rd party applications, and 35% use scripts or perform patching of 3rd party apps manually.  ConfigMgr users perform 3rd party application patching more frequently – only 11% of SCCM users do not patch 3rd party apps at all.  However, System Center users are still spending a lot of time patching 3rd party apps – only 22% are using a tool that provides automated 3rd party pre-built packages, like Patch Manager.


There is a misconception that System Center Configuration manager is very effective at patching 3rd party applications. The SCCM users patching 3rd party applications spend on average 3.8 hours researching, scripting, publishing and testing each 3rd party update, and spend an average of 3 days deploying the update.  On average, Patch Manager customers surveyed spend 2.5 hours patching 3rd party updates.

 

Comparison of WSUS, ConfigMgr and Patch Manager


Let’s compare the capabilities for patch management in these three tools.

 

Capability

WSUS

SCCM

SolarWinds Patch Manager

Centralized & automated software installation

Yes, Microsoft only

Yes, Microsoft & SCUP

Yes, via WSUS & SCCM. Patch Manager leverages this robust feature of these tools.

On demand patching

N/A

N/A

Yes

Application inventory

Hardware inventory limited, no software inventory

For System Center Essentials (SCE) environments, which use WSUS natively, they enable the use of the WSUS/WUAgent. The Extended Inventory collection tool, includes software and hardware inventory.

Microsoft & 3rd party applications, hardware inventory, disk space & other metrics

Reporting – visibility into what needs to be patched/what has been patched.

Limited

Requires some knowledge of SQL programming as well as administration of SQL Server Reporting Services (SSRS).

  1. Custom reporting requires no SQL programming or scripting

Filtered views

N/A

N/A

Yes

Schedule approvals

N/A

N/A

Yes

Notification of failed updates

Provides notification but no information why the update failed.

N/A

  1. Provides information via the client log file as to why the update failed.

Patch scheduling

No WSUS does allow some primitive patch scheduling… pick a particular hour of the day, and optionally a single day of the week, and hope the  target machine is actually powered on at that time.

Yes

Yes, push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.

3rd party pre-built & tested packages

N/A

Only for catalogued patches

Yes, for most common applications

Custom package creation

N/A

Requires SCUP

Wizard driven.  Includes PackageBoot™ for complex before and after deployment scenarios (Java).

Client health diagnosis & remediation

N/A

Client health data

Repair WMI, WUAgent, and Configuration Manager Agent.

 

As you can see from the above chart, Patch Manager is a great add-on for any WSUS or SCCM environment.  The top Patch Manager features which have benefited customers patching Microsoft applications include scheduling, reporting and filtering capabilities.  Customers patching 3rd party applications appreciate the pre-tested & pre-built 3rd party applications as well as the ability to create custom packages and perform pre-and post deployment scenarios.  In speaking with one customer yesterday, he reduced the time it took to patch Microsoft applications using WSUS by 50% with Patch Manager.


And now, Patch Manager has native integration with System Center Configuration Manager 2012.  Check out this short video to see 3rd party updates directly from the Software Library page of the Configuration Manager 2012 console.