LANDesk Tool Keeps Tabs on Patches

The LANDesk Patch Manager 8 add-on automates patch management.

LANDesk Software Ltd. joins a growing list of patch management providers with the introduction of a new add-on to its LANDesk Management Suite.

The LANDesk Patch Manager 8 add-on moves the Intel Corp. spinoff into the desktop security arena, beyond its desktop administration base. The tool draws on the inventory-gathering capabilities on the front end of the suite as well as automated software distribution on the back end to provide more complete patch management, officials said.

The new add-on automates a broad range of functions, including monitoring different sources of information about what patches and vulnerabilities exist, identifying vulnerabilities, notifying administrators, and downloading patches that have been tested for conflicts. Also, when administrators are ready to deploy patches, they can be scheduled for automated deployment using the LANDesk Suites distribution scheduling function.

But LANDesk Patch Manager 8 cannot automate testing for all conflicts and dependencies, nor would most IT organizations trust new patches without testing them internally, according to beta testers of the tool. "We do a lot of testing in-house. Its monumental just testing our own [internally developed applications]. If youre managing a lot of in-house applications, you would want to test before [patches are] deployed," said Andy Nosal, supervisor, LANDesk operations and technical services at Raymond James & Associates Inc., in St. Petersburg, Fla.

The tool relies on Ecora Software Corp.s continuously updated database of tested patches for Microsoft Corp.s Windows XP, Windows 2000 and Sun Microsystems Inc.s Solaris systems, which includes checks for prerequisites and possible conflicts. In addition, LANDesk Software supplements that with its own testing for legacy Microsoft operating systems.

"We test the patches to see if there are dependencies, conflicts or superseded patches," said Ben Cahoon, LANDesk director of product management in South Jordan, Utah. "We make that information available automatically, so the system would know you deployed the old patch instead of a [superseding] one," Cahoon said.

The tool provides roles-based access to limit which machines users can update. It supports as many as 10,000 nodes per server, and as many as 200,000 nodes can be supported using multiple servers. It will be available next week for $12 per managed node.