Some folks from Everdream stopped by the other day to fill me in on the changes in their Patch and Asset Management services since I last looked at the service, and I was quite intrigued by the way they have adopted existing Microsoft technologies to enhance specifically their patch capabilities.
The Everdream solution requires a client agent to be installed on each desktop so the managed system can pull down policies and send inventory data to Everdream’s hosted servers. Everdream’s folks touted how slim the agent is, requiring a minimal memory footprint. How is that possible? Everdream uses Windows’ built-in Automatic Updates engine to scan for and then deliver needed patches.
Basically, the Automatic Updates client is redirected to Everdream’s server farm, where Everdream hosts a bunch of WSUS servers. Everdream’s engineers test Windows patches and then make them available for installation on their servers. Their customers can then pick and choose what to install and when.
Of course, Automatic Updates cannot deal with non-Microsoft patches, so Everdream still maintains a software delivery system through its own agent, which can be used to get Automatic Updates up-to-date (the BITS and Windows Installer components) or deliver patches for other applications.
Even with Everdream’s new reliance on the Automatic Updates engine, Everdream’s solution still has the potential for bandwidth utilization abuse, as each client must download directly from Everdream’s hosted servers, causing much repeat traffic as the same patch gets downloaded by each client.
Everdream’s solution? To help customers set up their own WSUS relay station on the internal networks, which point to the upstream Everdream servers. That way the premise-based server will utilize the same policies and configuration settings as the upstream server, without all the redundant downloads.
But to me, this really seems to take away some of the advantage of a Software-As-A-Service solution. Customers buying a service aren’t looking to acquire more hardware and a Windows server license, then put together a patch implementation. If they wanted to do that, they would have done it already.
I’d like to see Everdream put together a VMWare appliance preconfigured for WSUS that they could sell to their customers. I have been running WSUS via VMWare Server successfully for over a year to support my 25+ node test environment and found it to be a highly flexible solution.
Of course, since Windows Server 2003 is not free software, such a virtual appliance will likely never come to pass as licensing woes would likely torpedo such a sensible solution.