Considering that third-party applications now pose a bigger security risk than Microsoft software, all organizations must have a strategy for ensuring that non-Microsoft applications are patched in a timely manner. This is where Shavlik’s SCUPdates can help.
SCUPdates supplements Microsoft System Center Updates Publisher for Microsoft System Center Configuration Manager (SCCM) 2007. System Center Updates Publisher publishes third-party software updates to Windows Server Update Services (WSUS) for deployment by using SCCM. Software update catalogs (.cab files) or updates that are provided as .exe files, .msi files, or .msp files can be imported into System Center Updates Publisher.
Shavlik provides third-party software updates for a series of commonly deployed non-Microsoft applications, such as Adobe Acrobat Reader and RealPlayer, as the updates are made available by the vendors. The updates are packaged for use with System Center Updates Publisher. They are then tested by Shavlik and distributed as .cab files to customers via email.
To use SCUPdates, you must be running SCCM 2007 SP2 on Windows Server 2003 SP2 or a later version of Windows Server. In addition, you must have WSUS 3.0 SP2 and System Center Updates Publisher 4.5 installed. If you’re not already using System Center Updates Publisher with SCCM, you can download the tool for free from the Microsoft Download Center. System Center Updates Publisher is licensed for use only with SCCM and with Microsoft System Center Essentials (SCE).
Although Shavlik charges you to download its catalogs for System Center Updates Publisher, you should note that Adobe provides free catalogs for Flash Player, Acrobat, and Acrobat Reader—as does the free, limited-use version of SCUPdates. Dell and HP also provide catalogs for updating software by bundling the catalogs with their servers and workstations. For more information, see “Third-Party Custom Catalogs for Configuration Manager 2007 and System Center Essentials 2007.”
System Center Updates Publisher uses the localupdates API to publish catalogs to WSUS. Because of the API’s limitations, you can’t view updates in the WSUS administration console. Instead, you must manage updates by using SCCM or SCE. For more information about WSUS local update publishing, see “Publishing Third-Party Updates to WSUS.”
When I imported the main .cab file that’s provided by SCUPdates into System Center Updates Publisher, 307 separate updates were loaded and displayed as ready for publication. SCUPdates supports popular applications such as RealPlayer, Adobe AIR, and Skype. However, programs such as Google Chrome and WinZip were noticeably absent. SCUPdates also provided two other .cab files, one for Apple applications and the other for the Sun Java runtime environment. You can find a full list of supported products on the Shavlik website. Figure 1 shows updates that have been imported into System Center Updates Publisher by using SCUPdates.
Figure 1: SCUPdates-published updates imported into System Center Updates Publisher
Assuming that you have a working SCCM server and that you also have System Center Updates Publisher already set up and configured, it will take you just a few mouse clicks to import the SCUPdates catalogs. To do this, right-click System Center Updates Publisher in the System Center Updates Publisher console, click Import Update(s) on the menu, and browse through the relevant .cab files. After the SCUPdates files are imported, you must set the publish flags for updates that you want to publish to Full Content or to Metadata Only in the System Center Updates Publisher console. In the Actions pane, click Publish Update(s). Everything from that point on relies on System Center Updates Publisher, SCCM, and WSUS. No additional software or agents are required to use SCUPdates.
You could consider SCUPdates to be more of a service than a product. In principle, it shouldn’t be difficult to create updates by using System Center Updates Publisher, as long as software vendors provide suitable update packages. However, it does require some experience and time to test the process, and SCUPdates eliminates this task by taking over the process. The program helps reduce the amount of time between the release of patches by vendors and the deployment of patches on your network. If you put SCUPdates to work, all that’s left for you to do is to make sure that the updates distributed to your servers and workstations don’t adversely affect your production environment.
|
SCUPdates |
