2 Replies Latest reply on Dec 12, 2013 11:47 AM by richreitenauer

    Any possibility of PM patching MACs


      I was wondering in the near future if Patch Manager is going to look at patching mac computers?  The reason I ask is due to looking at the Dell Kace 1000 appliance since it can patch Windows/Linux and MACs. 



        • Re: Any possibility of PM patching MACs
          Lawrence Garvin

          Greetings Richard.


          I can't really speak directly to "future plans" for any product, including Patch Manager; however, you should monitor the "What We're Working On" posts for future developments.


          What I can speak to, however, is the architecture of Patch Manager, and its dependencies on WSUS and the Windows Update Agent, and perhaps put this question in some sort of perspective. The roots of Patch Manager, as built from the company that created it (EminentWare), which SolarWinds acquired in January, 2012, was expressly to build extension functionality for Windows Server Update Services. WSUS is a Microsoft Windows patching mechanism. One of its dependencies is the Windows Update Agent, which also only exists on Windows systems.


          Now, WSUS does have a servicing API which allows for third-party agents to be built to communicate with it. Theoretically, at least, it would be possible for a Linux or OSX agent to be built that could communicate with a WSUS server.


          But WSUS, itself, also has another limitation with respect to the update packages it can support. Currently that support is limited to EXE, MSI, and MSP -based packages -- which are all, of course, Windows installation technologies. This is also why you don't see Linux or OSX packages in any of our direct competitors catalogs, because they too, are dependent upon the architectural capabilities of WSUS.


          So, to that point, there are two potential alternatives:

          • Microsoft extends the database and packaging schema for WSUS to support the package types needed by Linux and OSX.
          • An ISV builds an "alternative WSUS" server that has that capability. To be sure, there are many vendors who have done exactly this -- provide their own patch management engine and infrastructure. What you'll find, though, is that it's a very expensive proposition to get that Linux/OSX support in those products.


          The Kace appliance is certainly one way to approach that. If the majority of your systems are Linux and OSX, then this is likely an economical solution.


          However, if the majority of your systems (like most organizations) are Windows, I'd like to offer another approach for consideration:

          • Invest in the less expensive (and NATIVE) Microsoft patch management infrastructure for patching your Windows systems. (i.e. WSUS + SolarWinds Patch Manager)
          • Invest in a third-party product that licenses PER-NODE to patch your Linux and OSX systems. (This will minimize your expensive per-node licensing costs to only those node that need the more expensive solution.)
            • Re: Any possibility of PM patching MACs

              Thanks for your information.  I forgot to mention that I am currently using WSUS + Patch Manager and love it.  I also use Apple Remote Desktop to patch OSX clients.  Linux is not a problem with webmin.  Is there a way to tie in the Apple Remote Desktop console to the Patch Manager console....in the near future?


              Couple other questions:

              • Besides setting third party updates as "optional," and reading the What we are working on -- "Simplified distribution of packages to targeted nodes".  Is there a way to publish third party updates from Patch Manager to a website so users can go and download/install them individually?