Microsoft looks to tie SUS frameworks

Microsoft Corp. revealed an effort to align with systems management vendors to integrate its SUS (Software Update Services) into...

Microsoft has revealed that it is trying to align with systems management suppliers to integrate its Software Update Services into their frameworks, with the goal of easing Windows patch management, installation and configuration.

But analysts said the software giant's motive is to jump-start stalled adoption of SUS and off-loading security maintenance, as well as upkeep of graying Microsoft products such as Windows 2000 and NT.

Microsoft is targeting IBM, Tivoli, Computer Associates, Hewlett-Packard and BMC Software as prime candidates to push out Windows Update, Office Update, and a new Microsoft update product due within a year for add-ons, including SQL Server and Exchange Server, said Jeffrey Jones, senior director of marketing at Microsoft.

"We'll be looking at having [prepackaged installed behaviour] identify itself to systems so our tools will discover, in a consistent way, what paths and tools have been installed and what has not," Jones said. "The ideal goal is if we understood [system] requirements and fed that into patch management."

While no agreements have been finalised, a CA executive confirmed that the company is interested in integrating SUS and is evaluating Microsoft's plan. Jones said that Tivoli and HP, meanwhile, are ready for discussions.

"If Microsoft did convince CA or Tivoli to include SUS into client management systems it would be a great coup. But if I was CA or Tivoli I do not see why I would want to," said John Pescatore, vice-president at analyst Gartner Group.

Furthermore, several obstacles stand in the way of customers welcoming SUS with open arms or any of its targets accepting Microsoft's overtures, he added.

Many people are uneasy about enabling the AutoUpdate in a Service Pack for Windows 2000 and XP on servers and desktops because it requires a signature on a licensing agreement that allows Microsoft to view all software on a PC,  Pescatore said. Many SUS integrations would not cure patch-management ills for customers that do not run pure Microsoft environments, he added.

"There really has not been widespread use of SUS, which is why Microsoft is looking to get it tied in with the big guy's' products," Pescatore said.

Despite the relative success of niche patch-management players such as Shavlik Technologies, PatchLink, St. Bernard Software and BigFix, Jones said the need for third-party intermediary products will disappear if customers trust Windows Update more fully.

For that to happen, patch management must be run through a testing and change configuration process and become more tightly integrated with broader systems management and application management platforms, said Chuck Darst, solutions manager at HP OpenView.

Some customers have turned to niche patch-management players following past failures with Microsoft and concerns about the software giant's patch automation tactics.

"A lot of people are very nervous about patch management installation - all of a sudden patches popping up," Darst said, adding that users would prefer Microsoft to invest its effort in getting patches right before they were issues.

To get patches deployed to the desktop, HP has recruited St. Bernard to build a smart plug-in for OpenView, which also works with Novadigm and Altiris for patches.

"Microsoft has started to go down the path of automating patches, and that is a bad idea. It opens up too much opportunity for folks to exploit those channels and put in Trojan code," said James Baird, senior systems security analyst at MCI. "I would have to see something drastically different to make me switch" from Shavlik Technologies to Microsoft SUS.


Read more on IT risk management