Patch management for mobile devices will see two upgrades later this year, one from Microsoft and one from remote...
management supplier Mobile Automation.
Last week, Microsoft unveiled Windows Update Services (WUS) as a replacement to System Update Services (SUS).
WUS will allow users to stage patches from a Microsoft central server and push them out to Windows 2000, Windows Server 2003, Windows XP Professional, Office 2003, Office XP, Exchange 2003, SQL Server 200 and Microsoft DE (Desktop Engine).
WUS is now in beta with no confirmed ship date.
In the meantime, Mobile Automation will release version 6.0 of its Mobile Lifecycle Management Suite, which will include a feature called Patch Automation. The inclusion of Patch Automation in the suite is the result of a licensing deal with Shavlik Technologies' HFNetChkPro software.
David Friedlander, senior analyst with Forrester Research, said that both Shavlik Technologies and another supplier, PatchLink, have signed most of the deals with network management companies such as Hewlett-Packard and Novell.
"With tens of thousands of devices distributed across hundreds of places, the need to respond to threats quickly with security patches has become extremely important," said Friedlander.
Patch Automation is a subscription-based component, priced at $15 per node a year, which works locally as well as over almost all wireless connections including Wi-Fi, cellular, CDPD (cellular digital packet data), and dial-up.
Like Microsoft, the application works only with Windows operating systems and Windows applications. However, Doug Neal, president and chief executive officer of Mobile Automation, said the company is listening to customer requests for patch automation of non-Microsoft products.
A so-called smart client component sits on a desktop, laptop, or Pocket PC and connects to the corporate server whenever a user logs on and matches the remote device's application inventory with the availability of patches on the server for that software.
Friedlander said the ability of applications such as Patch Automation to do "firewall traversal", pushing patches and updates to users outside the corporate firewall, is important to enforce security policies.
"If a system isn’t updated with a patch, IT denies access to the VPN until it is," he added.
Both Patch Automation and Microsoft's WUS product feature bandwidth throttling, which detects available bandwidth to avoid interfering with other downloads.
"In a Lan environment, it can sense increased latency on the network and take appropriate action," Neal said.
Both solutions also include checkpoint restart, which continues a download following an interruption from where it left off and does not have to start over.
Although Microsoft and others also compete in this area, Mark Ehr, research director for Enterprise Management Associates, said that one feature that sets Mobile Automation Patch Management apart from its competitors is its ability to stage an update remotely without applying it.
"If Microsoft releases a security update and IT hasn't tested it yet, IT can push it down, but they don't have to pull the trigger until they complete their own QA," Ehr said.
Mobile Automation also added a component called SupportDesk Automation, to allow remote control and online chat with end-users even when they are sitting behind a firewall in a hotel room or at a local coffee shop.
Mobile Lifecycle Management Suite will ship on 15 April.
Ephraim Schwartz writes for InfoWorld