How will IBM BigFix Patch address new servicing models from vendors?
AshwinManekar 120000JK9A Comment (1) Visits (7923)
Patch management as of today
Software vendors have published individual patches for a long time. This fragmented approach allowed vendors to ship purpose specific patches quickly. Endpoint customers also received the benefit of selecting patches that they considered fit for deployment in their environment and thus control the distribution of the content. But the faster delivery and the controlled distribution came with a cost which was primarily absorbed by the endpoint customers. Software vendors were able to limit the scope of testing to the patch itself and did not invest as much in testing for patch coexistence or identifying the root causes that can create potential conflicts with other patches or business applications. Friction with other patches or applications were painfully discovered by the endpoint customers. As a result of this, the general patching business practice followed by endpoint customers involved deploying patches in a test environment, identifying the ones that cause conflict, resolving cases of conflict, excluding unresolved patches and then deploying it in production after going through this certification process.
Trends in patch management
Over the period of time, patch development processes have started to mature. Software vendors have acquired enough data and have refined their development processes to provide a much better end to end experience without sacrificing efficiency or compromising with the ability to deliver quickly. The next frontier in the area of patch management involves consolidation of patches by vendors. This would simplify the servicing models tremendously making it easier for customers to limit the test matrix and deploy patches much sooner. Microsoft has recently announced these kind of changes in the servicing model for Windows 7 and Windows 8.1. At BigFix we believe that many vendors will follow this approach in the long run. This post aims to highlight the philosophy of BigFix Patch and how BigFix Patch will address these upcoming changes in content packaging.
It’s all about the channels!
Microsoft releases content on multiple channels. Some of these channels are public and can be accessed by 3rd party vendor tools while others are private and available only for Microsoft tooling. BigFix can access public channels such as Download Center and Update Catalog. Windows update is a private channel available for Microsoft tools such as WSUS and SCCM. Patches released in Windows update are also available between Download Center and Update Catalog. Download center contains patches, applications, tools. Update Catalog contains only patches and sometimes rare patches such as Windows XP Embedded patch.
Microsoft’s patch content strategy is evolving
Microsoft currently publishes multiple patches per OS every month and releases bulletins that shares information about these patches. As per the servicing model for Windows 7 and Windows 8.1 post, Microsoft is making changes in content packaging. Instead of releasing multiple updates per OS, Microsoft will release one Security-only update per OS and one Monthly roll-up per OS. Monthly roll-up will contain non-security updates and some security updates.
BigFix Patch adheres to vendor’s patch distribution mechanisms
BigFix Patch is a comprehensive patch management solution that provides an automated and simplified patching process. Our goal is to be the "Fedex" for patch content and we focus on efficient and reliable delivery of vendor patches to the endpoints. This also means is that we do not unpack any vendor content or massage any metadata thus keeping intact the integrity of the delivered patch. BigFix will provide Fixlets for each of these updates for Windows 7 and Windows 8.1 i.e. 2 Fixlets per OS: 1 for Monthly Roll-up and 1 for Security-only.
Here are the key takeaways for our customers: