Managing Windows 10 cumulative updates with Ivanti leverages years of features and expertise in patch management. Ivanti Patch Manager provides automated assessment and targeting, robust network-sensitive update distribution, third-party patching, and custom patch definitions all of which make a comprehensive solution for Windows 10 patch management. This article will explore the capabilities in Ivanti Patch Manager that address Windows 10 cumulative updates.
Automated assessment and targeting
Ivanti Patch Manager provides content to identify computers missing cumulative updates and then target those computers for automated or approved remediation. Content is specific to Windows 10 branches which enables proper targeting of cumulative updates to the appropriate computers.
The large size of the updates is one of the biggest challenges that enterprises will need to address. The challenge of distributing these large packages, at least monthly, requires strong software distribution capabilities. Ivanti Patch Manager leverages best in industry distribution capabilities to quickly push packages while minimizing the impact on the network. Such capabilities include:
- Targeted multicasting: efficiently distributes packages to multiple computers through network efficient communications.
- Peer-to-peer downloading: peer-to-peer technology enables computers on the same subnet to share packages eliminating the need to communicate across slow links or overwhelming a single server.
- Bandwidth throttling: throttling limits the amount of traffic a computer uses to preserve network capacity for other communications.
- Distribution servers: Distribution servers can be designated to host packages in different locations so updates only need to be downloaded once across slow WAN links that connect remote sites to a central datacenter.
- Checkpoint restart: nothing is more annoying than having to restart a download. With automated checkpoint restart, package downloads can continue where they left off if a system gets disconnected.
Third-party application patching
I continue to be shocked when I speak with enterprises who are not patching their third-party applications. Some are painfully packaging applications for distribution one update at a time, while many others are doing nothing. If there is one thing to be learned from Windows 10 cumulative updates, it is that 3rd party application compatibility is at continuous risk and the need to update such applications rapidly is more important than ever.
With Ivanti Patch Manager, thousands of common third-party applications are analyzed to create content that enables silent detection and update of such applications.
Custom application patching
For those applications not in our extensive catalog, there is also the option to create a custom definition to detect and update the application. This capability can be particularly beneficial for internally developed applications which will also be under compatibility pressure with Windows 10 updates.
Systematic rollout of cumulative updates
In my previous article on using Ivanti for Branch Upgrades, I discussed the use of the feature, Rollout Projects, to systematically deploy branches. The same feature can be used to deploy Windows 10 Cumulative Updates (as well as any other update, branch, or software package). Rollout projects automates the assessment, distribution, and installation of updates to groups of computers in a predefined order.
Steps can be defined to sequence different rollout groups to have a measured approach to updates. Each step can have exit criteria before moving on to the next step. Exit criteria includes:
- Minimum success rate of systems upgraded
- Minimum duration of executing that step to give time to identify potential issues
- Email approval if you need manual change control to proceed
These exit criteria enable the complex process of rolling out branch upgrades to proceed automatically, but with controls to stop rollout issues from spreading.
Ivanti Patch Manager solves the challenge of managing Windows 10 cumulative updates through:
- Automated identification of vulnerable Windows 10 computers
- Network-sensitive update distribution
- Extensive catalog of third-party application patching
- Custom patch definition
- Systematic project-style roll out of patches