4 Replies Latest reply on Feb 9, 2014 8:51 PM by Andy Shaw

    BSA application patching



      Of late, there has been an increase in customers asking us to present our patch management solution in the region. We have had feedback that our competitors solutions are not fulfilling expectations and more and more we find ourselves responding to patch management RFP's. This has raised a number of questions:


      1. What is the best response to questions like: do you patch application X or Y? We see a list of applications in the Windows Patch Catalog that come in through Shavlik, but to date I do not know how to leverage on anything other than OS patches. We see applications like Skype listed in the Shavlik catalog but surely we do not patch Skype, nor would I imagine many servers would be running Skype. How do we typically respond to a question like: list the applications that can be patched by BSA?


      2. Asset Core can patch server and client. In a situation where a customer is looking for a complete patch solution that covers both, should we be pushing Asset Core alone?


      3. If BSA does not patch a particular application, do we recommend packaging the application patch in BSA and then perform the roll out through BSA? If so, why?


      Thanks for any pointers on this!




        • 1. Re: BSA application patching
          Bill Robinson

          1 - shavlik has a list of the non-OS/Microsoft applications they patch.  when the docs maintenance is done we can find the link to it.  eg firefox, office (terminal servers for example), sharepoint, etc.  they get patched just like the os patches - catalog, patching job, deploy jobs.


          2 - asset core = ?


          3 - sure.  i mean, why not ?  it's automated. how else would you do it ?

          1 of 1 people found this helpful
          • 2. Re: BSA application patching

            Thanks Bill,


            1. Can application patching be automated in the same way that OS patching can? Surely there are a ton of considerations around applying a patch to, say sharepoint, that rule out an automated update? If not, fine.. we can just pull out the list we see in Shavlik and say we patch these applications on Windows.


            2. Just had an update on this: Asset core can pull in from Shavlik but not from the Unix vendors, which kind of rules that option out.


            3. Ok. I usually highlight the things we can do around the patch (start/stop services, etc) but worry about the additional effort. Customer has two WebSphere servers.. would they want to create a package in BSA each time a new patch is released, etc?




            • 3. Re: BSA application patching
              Bill Robinson

              1 - yes, if it's part of the shavlik meta.  it will be a 'filter' option when you create the catalog and work just like the windows patching works.  note this is only true for windows.  for unix it needs to be in the OS repository or you must create a custom repo and the software has to be registered in the OS'es package database.  meaning bsa will not automatically detected and patch a custom-compiled version of apache w/ the 'patching' functionality.


              3 - yes - get the silent install/upgrade instructions for websphere and create a package and job to deploy.  if you want to get fancy you can use a component template to detect websphere, and the version then push the update as remediation for the downlevel version.

              • 4. Re: BSA application patching

                Thanks as always Bill.


                I had no idea we could create a custom repo. Good to know.