solution white paper Patch Management The set-it-and-forget-it strategy



Similar documents
Seven Steps to Getting a Handle on Software Licensing

Why you need an Automated Asset Management Solution

Atrium Discovery for Storage. solution white paper

Securing the Service Desk in the Cloud

Is it Time to Modernize Your Service Desk?

Streamlining Patch Testing and Deployment

BMC Control-M Workload Automation

ALTIRIS Patch Management Solution 6.2 for Windows Help

Enterprise Cloud Management: Drive business value by balancing speed, cost and risk

How to Build a Service Management Hub for Digital Service Innovation

Integrate Big Data into Business Processes and Enterprise Systems. solution white paper

Thought Leadership White Paper Strategies for Effective Job Scheduler Consolidation

Solution White Paper Build the Right Cloud, Quickly

The Convergence of IT Operations

Software License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER

Northwestern University Dell Kace Patch Management

BMC Remedy IT Service Management Suite

BSM for IT Governance, Risk and Compliance: NERC CIP

Solution White Paper Monetizing the Service Provider Cloud

BMC BladeLogic Client Automation Installation Guide

Release Management for BMC Remedy IT Service Management version 7.0 WHITE PAPER

BMC Remedy with Smart IT

BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

SOLUTION WHITE PAPER

Control-M for Hadoop. Technical Bulletin.

Hybrid IT A Low-Risk Path from On-Premise to ITaaS

Five Steps to Changing Your Scheduler to an Enterprise Workload Automation Solution. Thought Leadership White Paper

BMC BSM for PCI DSS Addressing PCI DSS File Integrity Monitoring SOLUTION WHITE PAPER

Extend the value of your service desk and integrate ITIL processes with IBM Tivoli Change and Configuration Management Database.

This document contains the following topics:

AVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management

IBM Tivoli Netcool network management solutions for enterprise

Taking the Service Desk to the Next Level BEST PRACTICES WHITE PAPER

Better Visibility into Change Management with Kinetic Calendar Abstract

Address IT costs and streamline operations with IBM service desk and asset management.

SOLUTION WHITE PAPER. 6 Advantages of a Cloud-Based IT Service Desk By Jeff Moloughney, Principal Solution Marketing Manager, BMC Software

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services

Improving PCI Compliance with Network Configuration Automation

Simplify Your Windows Server Migration

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

The CMDB: The Brain Behind IT Business Value

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

BMC Client Management - Client Agent Rollout. Version 12.0

VMware vcenter Update Manager Administration Guide

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Hybrid Cloud Delivery Managing Cloud Services from Request to Retirement SOLUTION WHITE PAPER

Address IT costs and streamline operations with IBM service request and asset management solutions.

Solution White Paper Connect Hadoop to the Enterprise

Print Audit 6 Client Only Installation Guide

IBM Tivoli Asset Management for IT

IT service management solutions Executive brief. Making ITIL actionable in an IT service management environment.

Between the Bazaar and the Cathedral. Where ITIL, Business Service Management, and Open Source Converge

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist

Implement a unified approach to service quality management.

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Cloud Lifecycle Management

TECHNICAL WHITE PAPER. Accelerate UNIX-to-Linux Migration Programs with BMC Atrium Discovery and Dependency Mapping

Patch Management for Red Hat Enterprise Linux. User s Guide

Resolving the Top Three Patch Management Challenges

CA Automation Suite for Data Centers

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

Patch Management Policy

Best practices for data migration.

BMC Cloud Management Functional Architecture Guide TECHNICAL WHITE PAPER

Closing the Vulnerability Gap of Third- Party Patching

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

Print Audit 6 Network Installation Guide

BEST PRACTICES WHITE PAPER. BMC BladeLogic Client Automation and Intel Core vpro Processors

IBM Tivoli Provisioning Manager V 7.1

Effective End-to-End Enterprise Cloud Management

Remote Logging Agent Configuration Guide

ESG Lab Review Symantec NetBackup 5230 Appliance Author: Vinny Choinski, Senior Lab Analyst, and Kerry Dolan, Lab Analyst.

ORACLE OPS CENTER: VIRTUALIZATION MANAGEMENT PACK

W H I T E P A P E R. VMware Software Lifecycle Automation Solutions

VMware vcenter Update Manager Administration Guide

eeye Digital Security Product Training

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot

Patch Management Hands-On Exercises. Patch Management Hands-on Exercise

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Solution White Paper BMC Service Resolution: Connecting and Optimizing IT Operations with the Service Desk

Reduce IT Costs by Simplifying and Improving Data Center Operations Management

Configuration Management

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

HP Operations Orchestration Software

SOLUTION WHITE PAPER. Building a flexible, intelligent cloud

Transcription:

solution white paper Patch Management The set-it-and-forget-it strategy

Table of Contents 1 INTRODUCTION Service Packs 2 PATCH GROUPS 3 SET-IT-AND-FORGET-IT PATCHING 4 CREATING A SCHEDULE Benefits of Automation 4 VERIFICATION

INTRODUCTION Anyone in IT who is responsible for managing multiple machines and applications should have a solid patching strategy. Surprisingly, many organizations do not have a standardized approach and often rely on built-in patch mechanisms, such as automatic update. Unfortunately, relying on the automatic update feature can create more problems than those the patch fixes. What s more, these approaches don t always provide a standardized way to manage third-party software packages and their update programs. There is a lot to consider when building a patch management strategy that works best for your organization, your various systems, and your applications. BMC Client Management supports both manual approval patching via patch groups and set-it-and-forget-it patch management. Both of these approaches reduce costly manual efforts by enabling IT to protect systems and data more quickly and efficiently. Only you can determine which patches to automatically deploy versus those that need to be lab tested before placing them into production. Both methods have advantages that we will cover in the following sections. You need to consider both service packs and individual operating system (OS) and application patches when developing your strategy and deciding when it makes sense to fully automate patching versus maintaining a hands-on process. There are two approaches for patch deployment: Controlled: (testing and deployment) Set-it-and-forget-it: (trusted vendor; auto-deployed) SERVICE PACKS Service packs should set the foundation for your patching strategy. Rather than deploying them via the set-it-and-forget-it method, you should use patch groups in a controlled manner. This reduces the likelihood they will negatively impact your environment. Service packs consolidate all the security vulnerabilities and updates into one update package. Utilizing the service pack helps with the long and continuous update processes throughoutand betweenongoing security patch releases. Service packs tend to be large and cumbersome, so we recommend using a centralized delivery mechanism. FIG 1: Quickly view which systems have the latest service packs. BMC Client Management allows you to easily scan and identify which service packs are missing. Then, by simply rightclicking on the relevant device, you can apply a patch to the desired machine. You can also push out service packs to select machine groups in the environmentapplying a scaled approach to your update process. Simply select a patch group, assign the service pack you would like to deploy to that patch group, and then assign that patch group to specific device groups. 1

PATCH GROUPS With the first of these two options, you should have a process in place that includes new patch testing through patch groups and small test groups within your environment. We cannot stress the importance of this process enough, especially when dealing with business-critical machines. In most environments, there are numerous user machines that only have basic softwarenothing out of the ordinary. Because of their generalist nature, these machines typically require very little testing and operate smoothly with most patches. With BMC Client Management, you simply assign device groups to those patch groups that you previously designated as groups containing non-business critical devices that can be patched without issue. FIG 2: Consolidated view of missing patches in the environment There are also certain machines grouped within your environment that you may often leave out of the general patching pool. These machines typically require additional patch testing before deployment due to the nature of the applications that reside on them. Similarly, if a system is working, it may be considered ineligible for patching. That is, if it is not connected widely (or at all) to an exposed network (external or broad internal). For example, this includes legacy applications on systems that are functioning properly. You should always consider your machines accessibility and connectivity as part of this patching approach; securing critical applications and associated data should be a priority. You can use a centrally managed patching system to separate which patches go to which machines and when, minimizing disruption to business and user productivity. Using BMC Client Management, you can create various machine groups from queries based on any criteria you want. For example, you may need to only patch devices with a specific type of software that is installed on the machine. First, create a query of devices with the software you are targeting. FIG 3: Quickly create a query by device type or installed software to group machines. 2

Next, create the test patch group you want to use. From there, you can specify the patches you want to deploy, assign device groups, and activate the patch group that will deploy the right patches to the right machines in this group. FIG 4: Right-click to create a patch group, add a patch to a patch group, or activate a patch group to deploy patches to the selected group of machines. SET-IT-AND-FORGET-IT PATCHING The second option for patching focuses on the automatic update patching process. Third-party software is hard to reach and control, especially for every update. Therefore, you will need to download and install the patch on each machine. You may have to reboot the machines too. Not having a centrally managed plan in place for third-party patching can create very time-consuming processes. To maintain productivity, you will want to back up systems and make sure changes can be rolled back if needed. To set up automated patching, we recommend using the Patch Distribution Wizard within BMC Client Management. From here, you can easily and quickly specify which patch types and criticalities to deploy. FIG 5: Use the Patch Distribution Wizard to select which patches to download automatically based on severity, type, and product name. 3

CREATING A SCHEDULE Patching is not an optional activity. When the rest of the business knows you patch on the third Thursday of the month, for example, no one will schedule conflicting tasks. That s why you will want to make sure your own server patch management schedule includes predictable, published, and inviolate maintenance windows. Below is an example of how simple it is to set a patch schedule with BMC Client Management. Within BMC Client Management, you can specify configurable patching windows. For example, you can deploy patches every second Wednesday of the month at 8:00 p.m. With automated patch schedules, you can inform your key business and IT stakeholders when patches will be deployed and when they can expect changes. You can also build these schedules around your internal processes, so the patch deployment process does not conflict with other business activities. BENEFITS OF AUTOMATION Using the BMC Client Management Patch Distribution Wizard, you can ensure that all patches from specific vendors are installed as soon as they are available. Your configured patch window will open, on specific pre-approved devices, without any user interaction. Agents automatically scan, update, and download the latest patches from an extensive, constantly updated knowledge base. This removes the need to conduct manual device scanning or to review what software versions are currently deployed versus the latest available. FIG 7: The patch group history shows patch installation trends over time. 4

VERIFICATION Now that you have automated your patch deployment process and it is running like clockwork, the only thing left to do is to verify patch installation over time. You can schedule some built-in patch reports to automatically run and email to managers on an ongoing or scheduled basis, specific to your patch deployments. FIG 8: Get an on-demand snapshot of your patch status or share patch status reports as needed or on a scheduled basis. BMC Client Management even gives you an easy reporting mechanism, so you can see which machines have been patched properly and which may still need attention (see Figure 8). Your patching strategy depends on proper implementation. From start to finish, deploying the right mix of patch groups with set-it-and-forget-it patching is simple and quick with the Service Pack Distribution Wizard in BMC Client Management Patch. Have you successfully patched today? To learn more about BMC Client Management, please visit www.bmc.com/it-solutions/client-management.html BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. We have worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, we pair high-speed digital innovation with robust IT industrializationallowing our customers to provide amazing user experiences with optimized IT performance, cost, compliance, and productivity. We believe that technology is the heart of every business, and that IT drives business to the digital age. BMC Bring IT to Life. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. UNIX is the registered trademark of The Open Group in the US and other countries. Tivoli and IBM are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. IT Infrastructure Library is a registered trademark of the Office of Government Commerce and is used here by BMC Software, Inc., under license from and with the permission of OGC. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by BMC Software, Inc., under license from and with the permission of OGC. All other trademarks or registered trademarks are the property of their respective owners. 2014 BMC Software, Inc. All rights reserved. Origin date: 8/14 *441959*

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information