INF208Patch & Update ManagementInfrastructure, Management and Operations

George KovachevMicrosoft System Management Region DirectorBynet Data Communication Ltd.E-mail: v-gkovac@microsoft.com gio-k@bynet.co.il

Agenda

Patch Management FrameworksClient Patch Management OverviewWindow Update Service Overview

Demo

SMS 2003 Patch Management OverviewDemoSMS 2003 Hardware updates Add onSMS 2003 R2 - What’s in it?

Comparing WUS and SMS 2003

Patch Management Framework

Deploy the

Patch

Identify New

Patches

Evaluate and Plan

Patch Deployment

Assess Environment to Be Patched

Patch Management

Client Patch Management Overview• Standard Patch Deployments• Emergency Patch Deployments• Service Pack Deployments• Source Path Update Management Feature

• Managed source path for Office 2000, Office XP, and Visio

• Ensures Office updates can return to source to successfully patch

Standard Patch DeploymentStandard Patch DeploymentStandard Patch DeploymentStandard Patch Deployment

• Sync file• Update DP• Scan tool• Wait 10

minutes• Create

package• Test

package• Set up

remaining packages

• Notification• Patch SMS

servers• Update

Sync file

TUE WED THU FRI SAT SUN MON TUE

Days PercentComplete

40%Patched

80%Complete

98%Complete

• Begin patching

• Begin reporting status

• Start remediation for failed jobs

• Report status

• Continue remediation for failed jobs

• Report status

• Continue remediation for failed jobs

• Report status

• Forced patching begins

• Continue remediation for failed jobs

• Report status

• Continue remediation for failed jobs

Emergency Patch DeploymentEmergency Patch Deployment

Sync fileUpdate DPScan toolWait 10 minutesCreate packageTest packageSet up remaining packages

NotificationPatch SMS serversUpdate Sync file

11:00

40%Patched

80%Complete

98%Complete

Begin patching

Begin reporting statusStart remediation for failed jobs

Report statusContinue remediation for failed jobs

Report statusContinue remediation for failed jobs

Report statusForced patching beginsContinue remediation for failed jobs

Report statusContinue remediation for failed jobs

12:00 13:00 14:00 15:00 16:00 17:00 18:00

Thursday

10:00

Administrator subscribes to update categoriesAdministrator subscribes to update categories

< Back Finish Cancel

Windows Update ServicesWindows Update Services

Server downloads updates from Microsoft Server downloads updates from Microsoft UpdateUpdateClients register themselves with the serverClients register themselves with the serverAdministrator targets different updates at Administrator targets different updates at different clientsdifferent clientsAdministrator approves updatesAdministrator approves updatesClients installs administrator approved updatesClients installs administrator approved updates

< Back Finish Cancel

Windows Update ServicesWindows Update Services

Microsoft Microsoft UpdateUpdate

WUS WUS ServerServer

Desktop Desktop ClientsClientsTarget Group Target Group 11 Server Server

ClientsClientsTarget Group Target Group 22

AdministratAdministratoror

WUS Solution OverviewWUS Solution Overview

Windows Update Service

Patch Management Framework

Deploy the

Patch

Identify New

Patches

Evaluate and Plan

Patch Deployment

Assess Environment to Be Patched

Patch Management

SMS 2003 Patch Management How It WorksSMS 2003 Patch Management How It Works

Firewall

SMS SMS Site ServerSite Server

SMS DistributionSMS DistributionPointPoint

Client SMS

MicrosoftDownload Center

SMS DistributionSMS DistributionPointPoint

2.2. Scan components replicate to SMS clientsScan components replicate to SMS clients

1.1. Download Security Update Inventory Run Download Security Update Inventory Run inventory tool installerinventory tool installer

3.3. Clients scanned; scan results merged Clients scanned; scan results merged into SMS hardware inventory datainto SMS hardware inventory data

4. 4. Administrator uses Distribute Administrator uses Distribute Software Updates Wizard to Software Updates Wizard to authorize updatesauthorize updates

6.6. Software Update Installation Software Update Installation Agent on clients deploy updatesAgent on clients deploy updates

7.7. Periodically: Sync component checks Periodically: Sync component checks for new updates; scans clients; and for new updates; scans clients; and deploys necessary updatesdeploys necessary updates

5.5. Update files downloaded; Update files downloaded; packages replicated and packages replicated and programs advertised to programs advertised to SMS clientsSMS clients

Client SMS

Client SMS

SMS 2003 Patch Management

Patch Management Framework

Deploy the

Patch

Identify New

Patches

Evaluate and Plan

Patch Deployment

Assess Environment to Be Patched

Patch Management

SMS 2003 Hardware Updating• Inventory Tool for Dell Updates

• IBM Systems Update Tool – IBM firmware and HW driver updates– IBM server series: BladeCenter, Eserver, and xSeries

• SMS Inventory Tool for HP ProLiant and Integrity Updates– HP system software, firmware (ROM and BIOS updates), and

ProLiant or Integrity Support Packs– HP Proliant BL, DL, and ML series servers– HP Integrity Superdome series servers– Certain HP Integrity RX series servers

SMS 2003 R2 Features

What’s in it?• Scan Tool for Vulnerability Assessment

– Uses MBSA 2.0 as a scan engine– Provides VA reporting for common software mis-configurations

defined by MBSA 2.0 – Administered identically to existing SMS 2003 scan tools

• Inventory Tool for Custom Updates– Vendors create update definitions for commercial

software applications– Customers create update definitions for in-house line-of-business

(LOB) applications– Solution integrators (SI) and outsourcers build catalogs for

organizations to which they provide services

Comparing WUS and SMS 2003

Adopt the solution that best meets the needs of your organization

CapabilityWUSSMS 2003

Supported Software for Content

Win2K, WS2003, WinXP Pro, Office XP/2003, Exchange 2003, SQL Server 2000, MSDE

Same as WUS + NT 4.0 & Win98 + can update any other Windows based software

Supported Content Types for Supported Software

All software updates, critical driver updates, SP’s, & FP’s

All updates, SP’s, & FP’s & supports update & app installs for any Windows based software

CapabilityWUSSMS 2003

Network Bandwidth OptimizationYesYes

Patch Distribution ControlSimpleAdvancedPatch Installation & Scheduling FlexibilitySimpleAdvanced

Patch Installation Status ReportingSimpleAdvanced

Deployment PlanningSimpleAdvanced

Inventory ManagementNoYes

Compliance CheckingNo – status

reporting onlyAdvanced

Comparing WUS and SMS 2003

Adopt the solution that best meets the needs of your organization

For More Information

• Microsoft TechNet: http://www.microsoft.com/technet/itshowcase/

• Microsoft case study resources:http://www.microsoft.com/resources/casestudies/

• SMS 2003 patch management product documentation:http://www.microsoft.com/smserver/techinfo/productdoc/

• Windows Update Service

http://www.microsoft.com/windowsserversystem/wus

For More Information• SMS Home Page

– www.microsoft.com/sms• System Center Family of products

– www.microsoft.com/systemcenter• Community Sites

– http://www.microsoft.com/smserver/community/default.mspx – MyITForum.com

• SMS 2003 Scripting Center– http://www.microsoft.com/technet/scriptcenter/default.mspx

• SMS Download Center– http://www.microsoft.com/smserver/downloads/default.mspx

• Partner Resources – SMS Alliance– http://www.sms-alliance.com/

• Webcasts– http://www.microsoft.com/events/webcasts/upcoming.mspx

New York! New York!

איך ממלאים משוב?

בסוף כל יום emailב -

Beat Centerב -

מה מקבלים?Feel The Beatחולצת

השתתפות בהגרלת כרטיסי טיסהלממלאים משוב לכל ועוד...(i-mateמכשירי

יום)

Recommended Sessions

• INF319 – SMS 2003 Tips and Tricks

• INF317 - Proactive Monitoring of Active Directory with MOM 2005

• INF316 - Management and High Availability of Virtual Server R2 with MOM

• ASK304 - Ask The experts