Everdream Corp.s highly customizable Patch Management Service enables administrators to apply a predictable cost model to the thorny problem of Windows patch management.
The Patch Management Service is an add-on module to Everdreams Asset Management and Software Distribution solutions. Pricing for the Patch Management Service starts at $5 per managed computer per month on a 1,000-node network.
Everdream handles much of the legwork associated with patching. When Microsoft Corp. releases a hot fix, Everdream tests it on all supported platforms (Windows NT 4.0 Service Pack 6, Windows 2000 SP2, Windows XP and Windows 2003) in conjunction with several common applications.
Everdream packages the hot fix with customer-specified reboot and user interaction behaviors (such as whether user acknowledgement of an installation is necessary). The service notifies customers of the vulnerability and available patch, with a recommended course of action.
Everdream Patch Management Service
Everdreams reasonably priced Patch Management Service offloads the time and complexity involved with patching Microsoft systems. Everdream researches and tests the patches, then customizes hot fixes according to customers specifications. Everdreams service is highly customizable, but administrators should be prepared to make many decisions beforehand regarding patch behavior and the level of IT staff involvement in the process.
EVALUATION SHORT LIST
eWEEK Labs tests showed the Everdream modules scheduling, customization and reporting capabilities are vastly superior to Microsofts embedded Automatic Updates mechanism. Backed by a service-level agreement, Everdream guarantees availability of critical new hot fixes within 48 hours of a Microsoft bulletin; less-than-critical fixes may take a few weeks.
Each managed computer requires an agent tailored to communicate specifically to the customers account on the Everdream servers. In tests, the default Web-based agent installation method was unsatisfactory for enterprise distribution because individual users might not have installation permissions on the local client.
Customers can request an installer package for deployment via Active Directory or a nifty command-line tool that can deploy agents to designated IP ranges or subnetworks. Once the agent registers in Everdreams database, administrators can push a patch-parsing package to managed systems. The package identifies which hot fixes must be installed on the client, then transmits the findings to the database via an XML record.
Everdreams fine reporting tools allow administrators to easily identify missing hot fixes and push them to individual systems or queried groups at scheduled intervals, then receive up-to-the-minute details on the job progress.
However, the potential for excessive bandwidth use by the service is a major concern. The company provides bandwidth usage controls and can limit the number of systems that are downloading at once. Still, Everdream packages can be quite large because each patch supports multiple operating systems and is downloaded over the Internet by each target machine. Officials said Everdream can build a local patch relay station at a site on customer-provided hardware.
Several of the default behaviors of the Patch Management Service also caused us concern: User information is transmitted unencrypted to Everdreams database, users must acknowledge a successful patch job before another may begin and multiple patches cannot be applied in one reboot.
All these characteristics are customizable, however, and Everdream makes a solid effort to tailor its solution to customers needs. We recommend that customers come to the table with set ideas for how the service will communicate with their computers and how patches should behave on desktops and servers.
Discuss This in the eWEEK Forum
Technical Analyst Andrew Garcia can be reached at firstname.lastname@example.org.