Customized Systems Management Suites

So you're not a Fortune 1,000. That doesn't mean your small enterprise doesn't deserve its own custom-tailored systems management strategy. Here's how to design a strategy to match your needs

September 8, 2006

31 Min Read
Network Computing logo

Systems management is never a one-size-fits-all proposition, and that goes double for SMALL ENTERPRISES. Sure, they have fewer nodes to manage, but the flip side is fewer people and dollars to go around. Enterprise IT pros know automation is key to staying focused on business priorities rather than getting bogged down in day-to-day tasks like patch management. But few small and midsize businesses can justify the HIGH cost of entry for beefy automation apps, even though their need is just as great.

For this article, we posed a theoretical scenario: A small data center is growing from 20 nonblade servers to 50, with the 100 mark on the horizon, while looking to incorporate Linux and possibly Solaris. IT management wants to prepare by applying as much automation as it can, to accomplish provisioning, patching, application deployment and performance monitoring without hiring an additional administrator. The question is, Should this company think long term and stretch its budget to purchase a comprehensive management suite, or should it assemble point products to address specific problems?

Automation Station

Eighteen months ago, we tested suites that provide role-based administration, patch management, vulnerability assessments and more; our Editor's Choice started at $92 per node, and a 10,000-node volume discount only brought us down to $63. Installation, implementation and ongoing administration not included, of course. Not surprisingly, few small shops go that route today.

Big vendors are trying hard to change this dynamic, looking to sew up the lucrative small-to-midsize business market: Total IT spending for 2006 is projected at $786 billion, according to Forrester, with about half that coming from the small business side. Growth in this sector is forecast at 8 percent, compared with 6 percent for the enterprise market. Systems management vendors are taking notice, hoping to give growing small businesses a snug strategic management fit, seducing them with visions of self-healing systems that basically administer themselves.

As to our query--why strain the budget to purchase a comprehensive management suite, rather than cobble together a tactical toolbox?--the answer, at first glance, seems evident. But our product testing (see a summary on page 48) and interviews with IT pros in the trenches show that for some, tactical is the strategic way to go: Fix the biggest problem first, using the best point solution, then move down the line. Automating a single systems management task, regardless of importance, does not justify the purchase of a loaded systems management suite, period.

Management vendors say automation will not only make it easier to administer systems, but will offset having to hire new IT personnel as the business and data center grow. Vince Hunt, executive VP of engineering at, refuted that contention and captured the thoughts of most readers we spoke with: "You have to buy the tool and hire someone to run it."

And beyond the cost, there's the commitment: When you say "I do" to one vendor's vision of enterprise management, it's a monogamous adherence to not just its tools, but to its support and development vision for your management strategy. Vendor promises of future integration are worth their salt only if you remain in sync.

The Vendor Landscape

A leading indicator of when to choose a point product versus a suite is the number of managed devices. All the server-side systems management products on the market also support desktops, and it does make sense to count desktops in your managed-device tally. In any case, the scale starts to tip at about 100 nodes. In a reader poll, 38 percent of respondents said at somewhere between 100 and 500 systems, some automation is required. It's here that the single-view, single-asset-store, single-access-control goodies you get with a suite begin to justify the price.

The size of your business also matters in terms of which vendors want to partner. Management tools from CA, Hewlett-Packard, IBM and, until recently, Microsoft have focused on enterprises. Even when we've tested low-cost, single-server products from these vendors, as in "Network Management on $1.19 a Day" ( 1402f1.html), all the underlying knobs that would be needed by an enterprise--and are nothing but a hassle for the small enterprises--remain. These big guys are trying to change this with a collaborative specification to simplify management; see "They Feel Our Pain. Really," below.

Although these large systems management vendors may be out of reach operationally for small enterprises, they do represent stable, viable public companies. At the other end of the spectrum are smaller point-product vendors, often start-ups, VC-funded, doing one thing well, but lacking deep resources. The lower price and lack of vendor lock-in associated with these tactical tools must be balanced by long-term vendor reliability and viability evaluations.

For a strategic management plan, some smaller point vendors can be too loose a fit. But that's not true for all. We tested products touted as specifically designed to grow with small shops. We required provisioning and patching, and asked for application deployment and performance-monitoring capabilities. Altiris, LANDesk Software and PatchLink accepted.

System Management Architecture Click to enlarge in another window

System Management Vendors Click to enlarge in another window

We invited GroundWorks and SolarWinds, but their small enterprise systems management offerings lack the required patch functionality. Symantec and Novell declined; the former's Client Management Suite would have been a fit, but the company said it does not offer CMS for review. Novell said our scenario would not mesh well with its current product offerings.

We didn't test high-end suites from CA, HP and IBM Tivoli due to their cost (usually at least a six-figure deal) and complexity (you'll need a team to care and feed). But as strategic goes, these guys are the bomb. They include the distributed, mirrored, multi-language, CMDB stuff that Altiris, BMC and LANDesk provide, plus a raft of third-party integrators, huge service organizations and interoperability out the wazoo.

Among midrange suite vendors, Altiris, BMC and LANDesk, are still the best fit for most small enterprises--at least until next year when Microsoft releases its System Center Essentials, which combines SMS (Systems Management Server) and MOM (message-oriented middleware) functions for the small enterprise. Microsoft's DSI (Dynamic System Initiative), which the company says is aimed at making Windows the most cost-effective OS to own and operate, is also indicative of Redmond's new focus and is a natural fit given Windows' footprint in small businesses.

Microsoft has been jumping up and down about SMS 2003 R2 availability, but the bigger deal is its re-alignment of Microsoft Operations Manager and SMS into Systems Center. Beyond the press it's gotten for this name change, Microsoft is working with HP, IBM and Intel to build a standard way to describe how applications should behave. This structured metadata, Service Model Language, or SML, is also scheduled to ship next year: The second wave of Systems Center and DSI will include SML and a new Systems Center Essentials. The open beta for Systems Center Essentials is planned for Q4 2006, with product release promised for March 2007. We'll be watching for it.

BMC has beat the drum of strategic management long and hard, pushing CMDB and configuration management, and like Microsoft is on the cusp of releasing a new systems management suite for the small enterprise. This scaled-down appliance version of BMC's full Configuration Manager, now in beta, basically repackages an existing standalone product currently popular with enterprise branch-office deployments. Due to its beta state we didn't include it in our comparative review, but we did get an early look at its functionality (see "Systems Management Starts With Patchwork" at

LANDesk, recently purchased by KVM behemoth Avocent and a participant in our testing, offers a good patch- and hardware-monitoring suite. The LANDesk suite is staying close to its Intel chip-making roots, managing BIOS, IPMI (Intelligent Platform Management Interface) and planning to leverage out-of-band management interfaces through Avocent's support of standards like DMFT SMASH (Systems Management Architecture for Server Hardware). LANDesk is also stepping up its functionality, implementing workflows to move IT away from tools and toward processes.

System Management Suite Features Click to enlarge in another window

Altiris has long championed integrated systems tools for the small enterprise. Its strengths are broad systems management offerings with deep provisioning, plus software delivery and virtualization. Altiris also has good third-party relationships with a variety of vendors, including Dell, Fujitsu, HP, IBM, Intel, Siemens and VMware. Its Dell server management app, for example, is distributed by Dell and included with Altiris' entry-level server management product. Altiris sent its Server Manager for our testing; it included software delivery, OS provisioning, monitoring and more.

Vendors traditionally focused on management for small enterprises, such as PatchLink, GroundWorks and SolarWinds, aren't standing still either. They're moving up the stack, adding management functions. SolarWinds, for example, has added configuration management to its performance monitoring, and PatchLink now provides compliance reporting and basic inventory. Not the breadth you'd expect from a comprehensive systems management suite, but definitely an expansion and an indicator of where these vendors are headed.

Two companies we thought were a fit for our testing, Symantec and Novell, claim not to be focusing on small enterprises. It's clear that Novell's eye is on the enterprise. This seems less than sensible to us, but the company was adamant in its position. Symantec kept us at arm's length during our review, declining to send product. Even though the company has small enterprise roots, it appears to be trolling for bigger fish.

Which Leg First?

When we began researching small enterprise systems management, we wanted a centralized store of our inventory and a way to provision and monitor servers. We thought this would be the way to get a CMDB. But we found that provisioning and monitoring are not the biggest problems facing small enterprise IT managers. They told us, in interviews and polls, that patching mattered most: Eighty-eight percent said if a suite didn't do patch management, it would be unlikely to earn a spot in their shops. We'll buy that.

As to what your second priority should be, systems monitoring, provisioning and software delivery are all good choices. If you need one of these plus patching, consider a suite. Add centralized inventory, single point of administration, access, reporting and single-pane-of-glass management, and you've moved beyond point products.

Deciding when to make a commitment to a suite requires being brutally honest about how much time and money you're willing to commit to gain automation. If you're sure that growth to more than 100 nodes is imminent, a suite is likely worth the front-end effort and cost. But care and feeding will require a significant chunk of time because suites are loosely coupled--that is, they integrate various services, processes, applications, access privileges and databases. Plus, there are differing development and service-pack release schedules.

The person at the helm must also have a solid knowledge of your infrastructure. These suites are updated on a batch schedule: Agents have set intervals for scanning target machines, sending updates back to the central server, and updating software and patches. The server has a period when it will load updates from distributed agents into the database. By default, those processes are infrequent--from a minimum of every hour up to once a day--to minimize the impact on system and network resources. But when using the console for diagnostics, this delay can be a factor, so it's important for the operator to have an understanding of the architecture and schedules and where overrides can be applied to ensure accurate report data.

They Feel Our Pain. Really.

BIG VENDORS are well aware of the difficulty inherent in systems management for all IT groups, but especially small enterprises. To make their systems management products easier to use, Hewlett-Packard, IBM, Intel, Microsoft and others are jointly developing a modeling language, dubbed rather unimaginatively Service Monitoring Language, or SML.

SML is based on Microsoft's SDM (Service Definition Model), part of its Dynamic Systems Initiative. Before jumping to the conclusion that the entire world is eating Microsoft's dog food, realize that each of these vendors had similar or complementary notions of consistent metadata that describe health and configuration requirements. For example, by describing the expected performance of an application at development time, alerts from a poorly performing app can more clearly show operations staff that an application problem is, indeed, an application problem, and not a fault with a piece of the infrastructure.

SML isn't the be-all and end-all, but it will roll out-of-the-box functions into management products, giving IT groups the ability to customize how they manage without having to understand the architecture of the underlying suite. Learn more about SML at hp. com/ hpinfo/ newsroom/ press/ 2006/ 060731b.html.

Beta Beat: BMC Software'S Configuration Manager For Servers

WE TYPICALLY DON'T TEST beta products for our reviews, but we couldn't resist taking a peek at BMC's new Configuration Manager for Servers. This baby has more functionality for policy creation and communicating with agents than any company will ever need, whether it has 20, 50 or even 100 servers in the same room.

Its sweet spot is desktop and server software/data distribution. Like Altiris, BMC does not test or front-end patches, as do PatchLink and LANDesk. Only the Microsoft patch service comes defined in the product. Patches for Hewlett-Packard HP-UX, IBM AIX, Red Hat and Sun Solaris are obtained by subscribing Configuration Manager directly to each vendor's patch services; unfortunately, during our tests, many of these links were broken. The amount of patch data provided--including patch dependencies and information regarding uninstalling a patch--was sufficient. BMC was the only vendor to specifically offer an uninstall deployment option.

BMC policy templates are a powerful way to target devices or organizational units. The Microsoft Adam AD directory is included in the product, for example, and these templates leverage all the OUs and devices to generate targets. This automates consistent patch and software deployment per user or by org chart location but adds a layer of management that is uncalled for when managing fewer than 100 servers.

Reporting is driven by a strong SQL query engine, similar to the Altiris product. And it comes with plenty of predefined, annotated queries. There were lots of categories to learn, but poking around got us what we wanted without much effort. However, during testing, we stubbed our toes on a bug in a query for reporting deployed patches. A problem with the query remained unresolved with tech support, and gave us some insight into the complexity required to administer the product.

In fact, we suspect that, despite the small-enterprise-friendly appliance form factor, small businesses will have a tough time implementing and administering this product. The level of architectural know-how required is about what we'd expect for an enterprise deployment covering thousands of desktops but simply too much information for a small or midsize business.

The canned SQL queries provided for patch analysis reporting, for example, required understanding of the database to execute. Drop downs for filter selections would have been nice. Of course, some of these quirks could be related to the beta status of the product. BMP pricing and product bundling were also still up in the air at press time, but given the in-house skill needed to administer this puppy, we think it might end up a good buy for those who need strong software distribution functionality and plenty of growth potential.NWC Reports: Systems Management Suites

To qualify for this review, products had to provide patching and provisioning and be readily usable by--and designed to grow with--small enterprises. We also evaluated support for multiple external databases, distributed processing, role-based access, software distribution, OS provisioning and system monitoring.

Altiris, LANDesk Software and PatchLink


Our test servers ran Microsoft Windows 2000 and 2003 with IBM WebSphere, Apache Web server and Microsoft's Internet Information Server, and widely differing patch levels.

• After installing each product's server and agent pieces, we evaluated vulnerability reporting, slicing and dicing patches by machine, group of like machines or operating system, patch type and patch impact.

• We evaluated the level of architecture knowledge required to administer each product effectively, the usability of the user interface and the thoroughness of the vendor-supplied documentation.

• We tested provisioning by performing operating system deployment.

• We also examined additional systems management functionality, such as transaction monitoring, BIOS provisioning and remote access, that assist in getting new servers up and running quickly in a consistently very-low-touch mode.


• Usability and documentation: 25 percent. Rates whether the product will quickly solve the problem it was purchased to solve.

• Patch management: 20 percent. Our subcategories were patch analysis, deployment, application support and agent OS support.

• Price, both initial and ongoing: 20 percent. MSRP for supporting 20, 50 and 100 servers. Also includes any warranty, license, subscription and support features.

• Provisioning: 15 percent. Besides OS deployment, this area rates grouping, migration and scripted installations.

• Other systems management functions: 10 percent. Rates the architectural features that allow the product to grow with the small enterprise; these include support for multiple external databases, distributed processing, role-based access, software distribution, OS provisioning and system monitoring.

• Architecture and third-party integration: 10 percent. Higher grades for products that work with a wider variety of management suites.


Altiris and LANDesk battled for the top spot with suites that cover a variety of automation tasks on servers and desktops, but Altiris squeaked out the win thanks to its high scores in provisioning and integration and its more comprehensive suite of management tools. LANDesk Server Manager tied PatchLink in patch-management scoring and held the middle ground on price. PatchLink offered excellent patch management, was very easy to use and has by far the lowest price. In some shops, this will compensate for weaker all-around functionality.

Systems Management Suites Reviews

For this review, we imagined a small company poised to double the number of servers in its data center. IT management is concerned that provisioning, patching, deploying applications and monitoring system performance will require hiring a new administrator. The company wants to get additional servers into production fast and is weighing the upfront costs of a new hire versus buying automation software.

Systems-management marketing strategists like to justify purchasing an expensive automation suite to avoid hiring a full time employee, but the more a suite automates, the more care and feeding it requires. You're more likely to end up with the suite plus a full-time employee than reduced headcount.

To find the best systems-management solution for a data center in a small or midsize enterprise, we invited a mix of vendors that have products specifically designed to grow with small shops. Altiris, LANDesk and PatchLink accepted and sent product to our Syracuse University Real World Labs®. Symantec and Novell declined. GroundWorks and SolarWinds weren't a fit because their offerings lack patch functionality, a requirement. We excluded complex, expensive NSM (network and systems management) suites from CA, Hewlett-Packard and IBM Tivoli. See much more on the small enterprise automation vendor landscape in "Insist on a Perfect Fit."

Our three products varied in focus and scope and ended within a hair's breadth of one another. LANDesk Server Manager and Altiris Server Management Suite perform a wide range of automation functions on servers and desktops, while PatchLink Update is focused primarily on patch management. Altris and LANDesk were very close, but Altiris squeaked out the win thanks to its more comprehensive suite of management tools.

PatchLink, not surprisingly, has the best patch management, and in some shops its ease of use and low cost of ownership will make up for a lack of provisioning. Our grading reflects our scenario, but companies that would rather pay a bit less and get better patch functionality won't go wrong with PatchLink.

Patch Patrol

Although patch management isn't all there is to data center automation, it's a darn good jumping off point. If you're a 20-server shop and can smell 50 or even 100 servers in your future but have limited resources for automation, implement a top-notch patch-management system. By doing so, you'll be able to build an inventory database. This centralized store of your CPUs, OSs and applications will be the cornerstone for your future automation strategy.

Good patch management involves analysis and deployment functionality and requires a depth of OS and application support. In our Wintel-centric data center, servers run Windows 2000 and 2003 with IBM WebSphere, Apache and IIS with widely differing patch levels. After implementing each product's server and agent architecture we evaluated each product's vulnerability reporting--slicing and dicing patches by machine, group of like machines or OS, type of patch, and impact of the patch.

The data we collected for our patch needs also culled other inventory information, highlighting one reason to consider a suite like Altiris or LANDesk rather than a point product like PatchLink. To be fair, PatchLink has inventory reporting, but its depth is limited to OS information, whereas LANDesk listed IPMI (Intelligent Platform Management Interface), memory and BIOS data, for example. Altiris, thanks to its software delivery functionality, had deep application inventory reports. In fact, Altiris clearly provided the most flexibility thanks to its extensive canned SQL queries and report-builder dialogs.

PatchLink Update's vulnerability reporting was like the rest of the product: easy to use, yet thorough. It lacked the flexibility of Altiris, but worked like a charm for patch management. LANDesk Server Manager's vulnerability reporting had a tight interface but offered only two canned reports. Altiris has the strongest ad hoc reporting, driven by a wizard for building the report query. LANDesk also has query functionality but is centered on device hardware attributes and lacks a wizard front end. PatchLink does not support ad hoc reporting, but has excellent canned patch analysis reports.

To decide which patches to deploy, we needed to know more about their possible impact and criticality. Each product included metadata with patch summaries, giving us a clue about what each patch fixed. Here PatchLink excelled, with detailed explanations about the impact of the patch on system executables, vulnerabilities in detail, and other patches that were associated or preceded this patch.

PatchLink and LANDesk both tested and analyzed our patches prior to providing them. PatchLink offers this as a subscription service, while LANDesk includes it in annual maintenance. LANDesk's as-tested price is higher both for purchase and maintenance, however, compared with PatchLink. Altiris' metadata also provided good analysis, even though related patches were not cited. Instead, we were linked to Microsoft for those details.

After analyzing and choosing patches for our machines, we implemented the mechanism each vendor provides for automating this process. Each product creates a dynamic or static group of targets and then schedules the job. All the products made this simple, but again, the suites clearly had more functionality under the covers than just pushing out patches. This included agent-to-server subscription services, software installation, and bandwidth throttling to trickle large files over slow links. In our single test data center we didn't need this functionality, but if your machines are distributed in various locations, consider LANDesk or Altiris.

One of the most important criteria for selecting a patch management product is the accuracy of the inventoried data on what was patched on the machines. As we started this review, we were warned that some products would not recognize patches they didn't distribute and update. In the data center, desktops don't present this problem, but if Windows update is turned on and a machine is already patched, we wanted to know about it. But our concern proved unnecessary: All the products registered any updates we performed, whether through Windows Update or other products. Of course, if you apply patches outside the management system, you lose the ability to track and report on patch success and failure.

Beyond Patching

Among small enterprises, where everyone in IT wears multiple hats, usability is especially important. Note that usability isn't only about GUI navigability and intuitiveness; we also considered how much architecture know-how an admin is going to need to use the product effectively. This directly impacts what level of time and expertise are needed for care and feeding--too much, and you could end up hiring in addition to purchasing.

We were neutral in our weighing of specific extended features, in other words, we didn't give provisioning more weight than, say, software management. This will vary from shop to shop. In NETWORK COMPUTING'S data center, provisioning is important, as we are constantly changing OSs. For many small enterprises, monitoring performance--especially environmental--might be more important. See the features chart for a list of each product's included functions.

We found that PatchLink was the quickest product to learn and use. LANDesk was the second easiest, literally taking us an afternoon, but it did take longer to ferret out the patch functionality. Altiris took longer to get going, but the instructions were well written. In fact, with the exception of a new interface being slightly out of sync with some of the documentation, Altiris was the best for leading newbies through task completion.

Price is clearly important for everyone, but in a small business, it's more than a sensitivity--it's a make-or-break issue. In our scenario, patching is used to justify cost, but we added into the mix the extended functions each product provided. We asked for MSRP pricing for initial purchase and yearly maintenance for 20, 50 and 100 servers.

Altiris and LANDesk had the most bundled extended functions. Altiris boasted software distribution and provisioning of systems, and LANDesk had the deepest hardware inventory and systems monitoring. This time, Altiris took our Editor's Choice, aided by its excellent provisioning and documentation. LANDesk was second.

PatchLink, the least-expensive offering and best patch manager, isn't going to support growth with any additional systems management functions. But it will keep systems patched without costing much money or time, clearly allowing companies to prepare for growth.

Altiris Server Management Suite 6.0

Altiris Server Management Suite has the best overall management of the products we tested. It covers the most functional areas, including patch, provisioning and monitoring. Compared with PatchLink and LANDesk, its patching functionality isn't as comprehensive, however, and it will likely take longer to learn than the other products. Fortunately, Altiris' documentation is easy to follow.

Altiris Server Management Suite, like the other products tested, gathers patches into a single repository and identifies them by severity as applied to groups of devices. The detailed metadata on affected components and exploit information helped determine which vulnerabilities posed the biggest threat. The display didn't link to related patches, unlike PatchLink's--and we had to navigate through more screens--but from Microsoft's site we retrieved information about other patches that should be considered if we were updating this one.

Like LANDesk, provisioning is included in the Altiris Server Management Suite, but Altiris adds migration and server management tasks in addition to OS imaging. We were able to not only deploy an OS image onto a server, Altiris also parameterized our network setting, including NetBIOS Name, IP address and the use of multiple NICs. We were also able to associate license and user account creation with image installation. This eliminates the need to duplicate device name and attributes after a deployment, which then are changed on each sever manually.

Reporting is consistently good across Altiris, which features hierarchal organization and excellent documentation. The reports run from a query page where we could specify such items as date, severity, OS and status. Patch reporting is just a small part of what it offers: Filterable and schedulable, Altiris' reports are powerful tools for all of the system management functions within the suite.

Altiris contained two GUIs, an old and a new. Both are Web-based and support the same functions, however, both were also clunky and required a lot of waiting and navigating. The new GUI is more intuitive and required fewer clicks, but it didn't line up with the documentation, so we learned on the old, then moved to the new. Not a deal breaker, but annoying.

On the plus side, Altiris boasts one of the best-designed help and learning mechanisms we've seen in any management product. For example, Getting Started guides aren't just separate help documents, they integrate through links to console functions and wizards for completing tasks, similar to Windows' help function.

Altiris was the most-expensive product in this review; our "as-tested" pricing for 50 nodes and one year of maintenance was $5,819. Fifty nodes will run $14,548, and 100 nodes totaled $29,095. Volume discounts are available.

LANDesk Software Server Manager 8.7

LANDesk dives into the hardware side of devices more deeply than either of the other two products we tested and excels in OS provisioning.

LANDesk's provisioning capabilities let us deploy its own OS image files as well as images from Symantec Ghost, PowerQuest DeployCenter and Microsoft Ximage. LANDesk deploys its own PXE servers on each subnet; this offered boot menu control but required a MAC include file as an extra step. LANDesk did not have the personality migration functions or parameterization of Altiris.

Like PatchLink, LANDesk tests patches prior to releasing them to the Server Manager server. It covers Microsoft, Linux, AIX and Solaris, in multiple languages, as well as driver updates and Dell and Intel BIOS updates. As with Altiris and PatchLink, metadata gathered is available as an analysis tool, with similar detailed descriptions and impact analyses. Perspective regarding the pervasive nature of a patch is also included; for example, Server manager noted that a patch for a Microsoft Data Access Component (MDAC) vulnerability will be installed just about everywhere, it then listed specific systems and applications where Microsoft has distributed the service.

The LANDesk reporting GUI was straightforward. Drop-down filters for vulnerabilities, software and drivers were displayed in a single screen. We could download and schedule the patch execution from a single interface, a convenient touch.

We were less impressed with LANDesk Server Manager's reporting, however, compared with Altiris and PatchLink. Only two canned reports were available, and we were unable to choose a vulnerability and see the applicable systems and the status of the patch in regard to those systems the way we could with its rivals. If we knew that a job had run to patch a device, we could look at the success or failure of the job; otherwise, we had to look at each server's inventory to determine patch status.

As for pricing, LANDesk Server Manager was less costly than Altiris, at $3,870, $9,676 and $19,350 for 20, 50 and 100 managed nodes, respectively.

PatchLink Update 6.2

PatchLink Update is a tested patch service, in that the company creates and tests a deployment script for every patch. PatchLink maintains 250 systems on which it performs rigorous testing for all supported languages; patches are not provided to the PatchLink Update server until they've passed this testing. Just in case, however, PatchLink provided a script that let us uninstall patches.

What PatchLink doesn't provide is a strategic, multifunction management platform. PatchLink Update is the only product of the bunch that isn't a systems management suite, although it has gained some new features, including the ability to report on hardware and OS configurations, and store that inventory data.

In fact, PatchLink Update's was the most detailed and prescriptive metadata of all the products tested. Take the advice that certain patches should be updated immediately, while others could wait for the operator's convenience. All the product passed along the status applied by the company issuing the patch, but only PatchLink added its own recommendations. Status info includes date and file data, but also expected impact and what will be affected, whether hardware or software. This description went beyond explaining why the patch is useful, what the patch will do, and how to determine the patch's outcome by defining where the log for the patch is located. For example, the information in a Mydoom removal patch listed the process as deleting special files, removing registry entries and restoring the host file. We looked for the linking of two security patches, and PatchLink made us aware of the linkage in the display of patch metadata

Patch analysis reporting includes three filter drop downs--system groups, status of the patch, and patch impact--that shorten the time it takes to find and report for analysis and deployment. Groups refer to OS groups, status shows if the patch has been defined to a machine or group, if it has been applied, and if there were errors.

PatchLink's Update features a real-time interface, compared with the other products. In fact, it can perform a configurable scan within a minute. We launched an on-demand scan easily and got feedback on the screen when a scan was running. All the systems we tested required the installation of agents on managed servers. The agents scan on schedule and report to, or are polled by, a centralized server that then stores scan results in a database. The other products' agents could be connected to or run via a terminal session but were much less interactive.

It didn't take long to find our way around the PatchLink Update interface; in fact, we spent remarkably little time getting PatchLink Update operating. We didn't need to understand much about how the system works under the covers to configure agents and get the status of machines under management. Configuration and updating of agents and packages was accomplished from a single page, unlike the Altiris and LANDesk products, which spread configuration and control into many containers.

PatchLink Update's online help isn't as sophisticated as that of the other products, but then, it isn't as complex as its rivals, so we accepted its simple table of contents.

The PatchLink Update server software cost the same--$1,495--whether we were administering 20 nodes or 100. Add an annual subscription of $18 per Windows node and we get an "as-tested" price of $1,855 for 20 nodes; $2,395 for 50 nodes; and $3,295 for 100 nodes. If we added a Linux, Unix or NetWare server, pricing would rise to $75 per node per year; a Mac OS X box would run $33 per node per year.

Bruce Boardman, executive editor of Network Computing, tests and writes about network and systems management. Write to him at [email protected].

System Management Suites Interactive Report Card

your browser
is not Java

Welcome to NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.

Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights

you entered.

Click here for more information about our Interactive Report Card ®.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights