St. Bernard Softwares UpdateExpert 6.0 is the only product of the four eWEEK Labs tested that uses an optional agent. This provides the option of additional security, such as encryption, when communicating with systems on the other side of a firewall, but it also allows for easy maintenance.
We were able to use UpdateExpert with and without agents during tests—the only product that gave us such an option. We used the agent technology to provide encryption and communicate with servers outside our firewall, where the use of remote procedure calls is unacceptable. For systems that were inside the firewall, we used the product out of the box.
The biggest drawback to using the optional machine agents, which UpdateExpert calls "leaf" agents, is that we had to install them one at a time. We patiently plodded through the task of installing the agents on each of our test systems, wishing all the while for a command-line interface from which we could have whipped up a batch file.
UpdateExpert 6.0 started shipping in April, with an enhanced version expected this month. Per-seat pricing for a one-year contract is $14 for 100 seats, $8.58 for 1,000 seats and $8.70 for 2,500 seats. Maintenance is priced at 30 percent of the contract price.
UpdateExpert, like PatchLink, searches the Microsoft Web site and other sites for patches, then makes the patches available to subscribers.
One key difference between PatchLink and UpdateExpert, however, is that UpdateExpert does not repackage patches and doesnt automatically send patches to a central repository at the customer site. We dont think IT managers need to make this a line-in-the-sand issue yet, but its easy to imagine a time in the not-too-distant future when repackaged, encrypted, compressed and digitally signed patches will be the norm in an effort to evade tampering by ever-more-sophisticated crackers.
UpdateExpert was the easiest to use when it came to setting up base-line conformance policies, making it a snap to build a profile and use it as a measure for other machines in the network. For example, we set up a Windows 2000 Server system and applied all current service packs and hot fixes. We then ran a simple wizard in UpdateExpert to create a profile, which we saved in the central management console. We used this profile to ensure that other machines in the network met the base line.
We were especially impressed with UpdateExperts strong reports. Although some of the other packages we tested provided good change management records (especially Ecora Patch Manager), UpdateExpert was by far the easiest to use and the most comprehensive when it came to reporting. We used the profile we generated of our Windows 2000 Server, for example, to generate conformance reports that showed which systems in the network were up to snuff and which were not. These reports made it much easier to form a battle plan for proceeding with patching activities.
Although there is no facility in UpdateExpert for automatically e-mailing reports to specific system managers, it will be worth the effort for administrators to cut and paste UpdateExpert reports into e-mail for them.
Also in This Feature: