The patch management system is an arrangement of agents running on the clients. The agents are designed to minimize bandwidth usage and report to the main server, which contains patches downloaded from the Microsoft, McAfee and Symantec websites.
The core database can be Microsoft SQL Server Desktop Edition (MSDE) 2000 or SQL Server 2000. MSDE is suitable for small deployments. Networks of more than 500 clients would benefit from a SQL Server database. This would be mandatory for dispersed systems where replication facilities are required.
Setup should be approached carefully and methodically and has a series of screens to follow. The Client Deploy Tool is supplied for networks where no suitable deployment engine can roll out the client agents. Once this is done, the server can be allowed to contact the Fixlet Server over the internet to start downloading "fixlet" messages. To avoid scams, this process is policed by a system that digitally signs all messages.
Based on the agent information, patches for each client or grouping are set up in a series of queues for the administrator to monitor. The initial updating of the clients is probably the most intensive patching activity the network will experience. It is good to see facilities for throttling the traffic and scheduling deployment in stages.
Patch Manager handles laptops as well as desktop systems, and policy enforcement removes unsanctioned software applications.
The management console shows details of each patch (downloaded from Microsoft's TechNet website), and reports have graphs to show the state of the network's populace. BigFix Patch Manager supports Sun Solaris and Red Hat Linux.
For:
: Can throttle network traffic and schedule patch deployment in stages.
Against:
: Needs SQL Server for big deployments.
Verdict:
: Can manage patching across a range of operating systems.
