|
Microsoft SMS 2003 R2 to Streamline Patching of Third-Party Apps
Published: February 22, 2006
by Alex Woodie
In the next few months, Microsoft will deliver a new capability for distributing and applying patches for third-party line-of-business applications in System Management Server 2003 Release 2, which was released in beta format yesterday. In the meantime, SMS 2003 users have another update to download this week: SMS 2003 Service Pack 2, which brings support for SQL Server 2005, among other capabilities.
It's no secret that large organizations with lots of Windows desktops and servers face a nightmare when it comes to distributing patches in a timely manner. Without the assistance of automation, it would be practically impossible for administrators to physically visit each machine and manually apply the patches from a disk.
Luckily, there are a number of patch distribution utilities available to help users with this task, and Microsoft's is not laggard in this space. The software giant has a number of tools, including free low-end utilities like Windows Update (WU) and Microsoft Update (MU), the mid-grade (and also free) Windows Server Update Services (WSUS), and the granddaddy of update tools, Systems Management Server 2003 (SMS 2003), with pricing that starts at $1,219. If the WU-MU-WSUS-SMS conundrum has got you down, check out this comparison of the various products.
Up to this point, SMS 2003 and the other tools have focused on keeping users current with the array of security patches and updates to Windows operating systems and Microsoft products, which is no small task. However, with the SMS 2003 R2, Microsoft for the first time will enable users to manage the patch and updating process for third-party applications running on Windows desktops and servers.
Obviously, there are a heck of a lot more of these types of applications in the world than Microsoft apps, which begs the question: how is Microsoft going to do this? In a Q&A with Felicity McGourty, director of product management in Microsoft's Windows enterprise management division, the software giant explains.
"This R2 release includes the new Inventory Tool for Custom Updates (ITCU), which allows businesses to automate deployment of updates for third-party and line-of-business (LOB) applications with SMS 2003," McGourty says. "If independent software vendors use ITCU to create a catalog containing the definitions for their application updates, customers can download updates from the vendor's Web site in the same format and in the same way they download Microsoft patches. They then can deploy these updates using SMS. SMS' administration console now contains an option to point to any site that contains such a catalog and import it directly into SMS."
If it works as advertised, and if ISVs follow along--which are decent-sized, but by no means insurmountable, ifs--then the ITCU tool should save administrators a big chunk of time. Perhaps more importantly, a successful ITCU tool program will also boost the overall security of SMS 2003 R2 users. This is particularly timely considering the current trend among malicious software writers of moving up the software stack, from the operating system into middleware and applications (see "Applications the Target of Security Attacks, SANS Says").
Citrix is the first ISV to use the ITCU tool to create a custom software-update catalog for use with SMS 2003 R2. Citrix plans to use ITCU in Citrix Presentation Server, which provides Windows clients with access to just the types of third-party and line-of-business applications that Microsoft is targeting with SMS 2003 R2. This will enable "Citrix to provide much simpler and faster patching and updating to our joint customers," says Garry Olah, a senior director for Citrix. "As a result, we don't have to spend a lot of money and time building a proprietary solution for sending updates. MS 2003 R2 makes our lives easier."
The R2 release will also include the Enterprise Scan Tool for Vulnerability Assessment, which checks desktops and servers for numerous software configuration errors and other security vulnerabilities, including weak or old passwords. The beta of SMS 2003 R2 is available now, with release to manufacturing (RTM) expected in the next several months, McGourty says.
While we wait for R2 to RTM, SMS 2003 users have a new service pack to keep them busy. With SMS 2003 SP2, Microsoft has delivered a couple of new features, including enhanced virtualization support and the enablement of SQL Server 2005 to serve as the backend database engine for SMS. It also allows IT managers to use fully qualified domain names (FQDM). This eliminates SMS's dependency on NetBios and WINS and improves performance for software inventory processing, McGourty says.
SMS 2003 SP2 also includes a "roll-up" of bug fixes for the product. "There are only about a dozen fixes to remedy bugs reported by customers and partners in recent months. We are very pleased with the quality of the SMS 2003 code," McGourty says.
Microsoft is also trying to convince users of the old SMS 2.0 product to upgrade to SMS 2003. The end of mainstream support for SMS 2.0 is March 31, and beyond that time, users will need to pay for any non-security-related hotfix support. To get these users to make the jump to the latest, greatest release, Microsoft is offering a 30 percent discount on SMS 2003 licenses obtained through the Software Assurance program. This discount takes effect in April.
|
