Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Patch Management: The BigFix Is In: Page 2 of 3

For Windows shops, the default patch setting is "no reboot," even if the patch vendor has specified that a reboot is needed. This is useful for servers that can be restarted only during a maintenance window. We could set up a scheduled task to reboot any clients in the pending reboot state during a designated time frame.WIZARD FIX

 

IN DETAIL
FEATURED PRODUCT:
BigFix Enterprise Suite 7.0.7.96
$20,250 as tested price includes Core, AntiThreat Pack, Policy Enforcement Pack, and Desktop and Server Management Solution Pack
ABOUT THIS ROLLING REVIEW:
Patch management products are being tested at our Real-World Labs at Windward IT Solutions. We're assessing breadth of platforms supported, how well a product uses subscription services to discover patches, how thoroughly it discovers our environment, what rollback capabilities are available, testing and staging capabilities prior to production, reporting, and network bandwidth control.
ALREADY TESTED:

Shavlik
Lumension
NEXT UP:
LANDesk
OTHER VENDORS INVITED:
BladeLogic, BMC Software, CA, Configuresoft, Ecora Software, IBM, Kaseya, Novell, Opsware, and Symantec

Uninstalling a patch was more challenging than with previously tested products as it involved a wizard instead of a contextual option of the patch itself, but the process worked as advertised. A wizard was also necessary to obtain Sun Solaris patches, as that content now requires a login, and yet another wizard was used to set up pre-caching of patch files for deployment.

BigFix's reporting capabilities are provided through a Web reports component, rather than the console itself. The company covers all the bases here.

BigFix can integrate into a configuration management database or other applications, such as a network management system, to help determine if a patch could have caused an outage. This is overkill for desktops but useful for servers. BigFix offers a number of APIs, including for network access control, database access, vulnerability assessment, and inventory integration, and it supports a big roster of operating systems and apps.

The product is a standout for environments that need advanced bandwidth control. Not only can the BigFix server and clients be configured to use limited bandwidth, but relays are configurable for both upload and download usage. The client setting can even be throttled according to either kilobyte per second or percentage of available bandwidth. A related option lets an action be distributed over a user-defined number of minutes, to reduce network load. This was the most advanced set of controls we've seen.

BigFix also offers an easily accessible patch-creation feature. Building a new patch requires use of BigFix's language for action scripting, but the utility enables an internally created or customized patch to be treated much the same as one created by BigFix.