|
|
Hello,
(sorry for my poor english)
I am actually in a big company with several AD sites etc...
We would like to choose a nice patch deployment application but we
hesitate between WSUS 3 or Landesk with patch deployment capabilities.
Do you know what are the advantages and drawbacks of each solution ?
Thank you :)
--
Pascal
|
|
|
|
Hi Lawrence,
thank you for your answer.
Please let me know about what kind of informations do you need ?
There are 2500 computers wolrdwide.
The company is already using landesk for software distribution and
actually no solution exists for patch deployment.
So we are thinking about a new solution.(We need to be SOX Compliant.)
We need te deploy the patch in a test environment then in few computers
and then in the whole company.
Logfiles are important and we need to know if a patch has been well
applied or not.
And in a global situation, one of this application (WSUS and Landesk)
is more powerfull than the other ?
Thank you
[Quoted Text] > "Pascal" <pascal_t[ at ]nospam.hotmail.com> wrote in message > news:mn.237a7d76920baefc.70874[ at ]nospam.hotmail.com... >> Hello, >> (sorry for my poor english) >> >> I am actually in a big company with several AD sites etc... >> We would like to choose a nice patch deployment application but we hesitate >> between WSUS 3 or Landesk with patch deployment capabilities. >> >> Do you know what are the advantages and drawbacks of each solution ? > > We're going to need a *lot* more information to provide a really useful > answer. > > But the primary one at this point is that WSUS is free and LANDesk is not. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> .... > > > >> >> -- Pascal >> >>
--
Pascal
|
|
"Pascal" <pascal_t[ at ]nospam.hotmail.com> wrote in message
news:mn.23fb7d76c4caabb1.70874[ at ]nospam.hotmail.com...
[Quoted Text] > There are 2500 computers wolrdwide.
How many sites? What kind of network links?
> The company is already using landesk for software distribution and
Well, if you already have LANDesk deployed for software distribution, then
that takes the cost issue out of the picture.
> actually no solution exists for patch deployment.
So.. with 2500 computers worldwide, how have you been applying patches for
the past 10 years?
> So we are thinking about a new solution.(We need to be SOX Compliant.)
You'll find as many opinions as there are SOX auditors on this, but the crux
of being "SOX Complaint" is that you've written a policy, and you can prove
you're complying with the policy. So, your first step, is to write a
=policy= concerning your philosphy and beliefs about patch management. Then,
once the policy exists, evaluate the tools available and write =procedures=
explaining how you will use those tools to achieve patch management
objectives.
The problem with SOX auditors and patch management is that the decision
about whether to install a patch, or not, is an arbitrary one, and differs
from organization to organization, based on philsophy, beliefs, attitudes,
numbers of systems, line-of-business applications, operating system
platforms, and perhaps a dozen other variables.
> We need te deploy the patch in a test environment then in few computers
> and then in the whole company.
Any patch management tool worth considering will provide the capability to
do this. If it doesn't, eliminate it immediately. WSUS does provide this
capability.
> Logfiles are important and we need to know if a patch has been well
> applied or not.
There are a couple of ways to approach this.
First, every patch installed by a Windows system has an installation log
KB######.txt in the %windir% directory. In addition, an installed patch will
be listed in Add/Remove Programs. Finally, a successfully installed patch
will be reported by the WUA to the WSUS server as =Installed=.
In addition, you may find it useful to use the Microsoft Baseline
Security Analyzer to perform additional scans on machines to get a
quasi-second source of confirmation as to installed updates. I say
quasi-second source, because the MBSA and WSUS both use the same client-side
engine, and the same source data, to determine if an update is Needed or
Installed. MBSA is not entirely an "independent" source, and I've heard of
some SOX auditors demanding "indepedent verification" that an update is
applied (as if the WSUS server, %windir% logfiles, and Add/Remove Programs
are not enough verification!)
> And in a global situation, one of this application (WSUS and Landesk) is
> more powerfull than the other ?
I'm not an expert on LANDesk, so I really cannot comment on it's
capabilities as a patch management tool in an enterprise environment.
I can tell you, however, that WSUS is scalable to a virtually unlimited
number of sites and/or systems, by adding additional WSUS servers to the
environment in strategic deployment locations. How many WSUS servers is
appropriate for your organization depends on the answers to my first two
questions.
What sort of investment would be necessary for the LANDesk is something
you'll have to ask somebody else about.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
|