Showing results for 
Search instead for 
Did you mean: 

Patching 3rd party applications: System Center Configuration Manager compared to 3rd Patch Management Solutions

Level 14

System Center Configuration Manager (SCCM) Pros & Cons
SCCM is popular patch management software among most administrators. A single admin or group of administrators can use SCCM to control the deployment of software patches with ease.  One of the salient features behind the usage of SCCM by most administrators is the simplicity involved in the deployment of patches.
Below are some of the advantages of SCCM:
• The user can automate the software installation across all the systems in the environment
• SCCM directly pushes the updates to the systems without end-user needing to be involved or take action
• SCCM software updates can be scheduled
• SCCM can push updates to ultra-secure computers if proper credentials are provided

One may wonder if - SCCM can do so much why you will need a 3rd party Patch Management Software? Well, SCCM has its own disadvantages too. Below are some of the disadvantages of SCCMs:

• No immediate notification for failed updates.  For example, in the case of a user system being corrupted or in the case  of a previous installation failure the updates pushed may fail
• SCUP (System Center Updates Publisher) only provides updates for available catalogued patches.  Many application vendors like Adobe, Google, Oracle, do  not provide catalogs and in this case, the end user is forced to research when these patches become available, build the package, test it, and so on. There are quite a few manual steps to create a package with SCCM:
     -Research the patches needed.

     -Obtain the update installer, run the update installer, and document the pre-installation and post-installation conditions relevant to the update.
     -Create a package definition that encapsulates the metadata about the update, as well as the specific rules used to determine if the update is applicable, if the update is not yet installed, or if the update is already installed.

     -Publish this update package to the Software Update Point (SUP).
     -Synchronize the update package from the SUP back to the Site Server.
     -Build a Deployment Package (or add to an existing Deployment Package).

• Group policy edit and certification is not possible with SCCM
• Rollback of patches is not possible

Patch Management with a 3rd party Patch Management Tool
Most 3rd party patch management software seamlessly integrates with SCCM and adds more control and scalability in deploying patches and provides pre-built and tested updates for common 3rd party applications. Big vendors like Adobe, DELL etc. provide catalogs that can be consumed by SCUP. Administrators need to build update packages if the vendor doesn’t provide a catalog. Why spend time in testing, building, deploying (and potentially rolling back updates) when there is plenty of 3rd party patch management software vendors that can automate this task for you?

About the Author
Like SolarWinds, I have roots in Oklahoma and have been fond of land grant schools as I went from Oklahoma State University, moving South to Texas A&M University.  Like my college career (accounting, political science, Russian language and then MBA), I have suffered ADD in my professional career moving from finance to strategy to product management and marketing.  I have, however, settled on the broad niche of systems management and have acquired knowledge in this space over the last 11 years. I was very happy to join the SolarWinds team in January 2012 and have been very impressed with the technology.  I look forward to engaging with this community.