Tip:
Highlight text to annotate it
X
Hello, this is Ben Lavalley, Senior Product Marketing Manager for Kaseya. This video will review the Kaseya patch management module.
Most people I talk to these days are using independent Microsoft WSUS servers when they are employing patch management, manually configuring them for each remote location, or they're simply using a native Microsoft Windows auto-update feature, leaving the responsibility of patching up to end users at the work station level and routinely remoting into servers to verify their patch status by hand.
Neither of these scenarios is very efficient, and both scenarios end up leaving machines you're responsible for without the critical security patches they need when it takes an inordinate amount of time for you to patch systems by hand. Leaving it up to end-users to consistently follow through with their routine Windows automatic update notifications is another sure-fire way to allow security exploits to take advantage of un- patched machines.
Kaseya's patch management module was built completely from the ground up by our own in-house development team, completely removing any piggyback on Microsoft WSUS servers, unlike most other software vendors in our market space that still rely on WSUS.
We allow you to centrally manage patches for all your work stations and servers from one Kaseya server, whether you're patching servers located centrally in a datacenter or roaming laptops with various types of Internet connectivity. You can schedule daily patch scans with daily deployment policies to ensure your work stations are fully up to date, especially important with the number of out of band patches Microsoft has released over the past year outside their typical Patch Tuesday.
Kaseya gives you granular control over when patches are installed, where the patches are actually downloaded from, what patches are approved for installation and how re-boots are handled. You can even roll back patches that you may have deployed and seen adverse effects from. Patches can be deployed manually or automatically. You can manually select a machine, viewing all of its missing patches and check off which patches you would like to deploy, or you can select a patch and view all the machines that are missing that particular patch and deploying that patch across all of those systems.
This real-time deployment ability is especially important when dealing with zero day security exploits where you may want to immediately deploy a patch that may otherwise only be deployed later in the week, depending on how your patch policies are configured.
When setting up automatic patch deployment, you first need to create a patch policy that defines what patch types you want to automatically approve or deny and then tweaking the policy to approve or deny specific patches. For example, you may wish to create a work station patch policy that automatically approves security updates and automatically denies other patch classifications.
When many IT departments were dealing with unwanted Internet Explorer 8 installations last year, Kaseya partners employing basic patch policy practices had absolutely nothing to worry about, as they manually approved the kind of patches that Internet Explorer fell under, non-security.
Once a patch approval policy is defined, you can select when you want to install patches, typically done during business hours when you know machines will be online. One major advantage to using Kaseya for patch management is that you can set up a federated patching architecture without needing to set up additional servers at your remote locations to handle local patch distribution.
By default, all patches will come directly from the Internet. When you want to start reducing bandwidth usage as patches are downloaded, you only need to set up a simple file share on any machine in your remote environments which will act as a patch cache for the rest of the network. You can even make changes for your laptops that may be in or out of their typical LAN environment to allow them to download patches directly from Microsoft when they cannot connect to the local file share.
You need not do anything but create the file share and configure your machines to use it. Kaseya will take care of the rest, ensuring patches are only downloaded once for that entire network. When it comes to deploying third-party patches, agent procedures can be used to patch a myriad of products, like the Adobe Reader, Flash, Java and ShockWave utilities that are most often needed on our work stations these days.
Patching Macintosh OS10 systems is also quite simple as we only need to execute the agent procedure that runs the software update command, every day or every week on our Macintosh machines, which can deploy either all missing updates or only recommended updates.
Finishing up our review of the patch management module, we have reports which can be used to show summarized patch data either on the executive summary report or in more detailed reports. For example, looking at missing critical security patches.
The patch management module allows for a very easy apples to apples comparison with how you're doing things today. It's an easy place to start seeing the efficiencies and simplicity you can introduce into your daily lives in IT with a unified management and automated platform like Kaseya. Allowing you to spend your time working on fewer repetitive, manual boring tasks, like patching machines, and spending more time on projects that are more rewarding to you and the businesses you service.