Ditch Manual Patching in the Datacenter
Patching in the datacenter is still a lot of manual work. That is the conclusion I could make after talking to several of our customers, partners, and service providers. Ivanti can help streamline the patch process of your backend servers using automation and integrating with your service management solution.
In the talks I have had with the different administrators in the last half year, I heard a lot of the same manual tasks being mentioned for the patch process:
- You have to get an overview of all missing patches on at the different systems. Mostly this is a manual task and it is difficult to find out if a patch is applied. It’s even worse for systems that are under control of a different administrator. It is difficult for security officers to get the big picture of the patch status of all systems.
- After creating the reports of missing patches, you must create different change requests for all the systems that need updates. The change requests have to reflect which patches need to be applied and which underlying systems are going under maintenance in that process to determine the maintenance window.
- At the time of the maintenance window, an administrator has to logon to the server and install the patches, reboot the server and close the change request reflecting the status of the patches. Most of the time those maintenance windows are in off hours, making it work late in the evening at the office.
- It is difficult to find out if a patch is applied rightly on the systems and to get an overview of the status of all systems after installing the patches.
On top of this, there are also “forgotten” applications on servers. Applications that are installed on systems with other software, like Adobe Acrobat. Or applications that where installed on a system to quickly do some tasks, such as Google Chrome to download a piece of software needed on the server. Those application are mostly forgotten in the process to check which patches are needed. But most attacks happen by targeting such 3rd party software on servers.
Ivanti Security Controls delivers agentless patching in the datacenter. Scanning for patches for the OS as well as a lot of third party software, such as Adobe Acrobat, Flash, Java, Google Chrome and Firefox. By combining it with Automation, it enables you to automate a lot of the patching process. It can scan the systems automatically in off hours, creating reports of the hole environment for administrators and the security officer.
Ivanti Automation also integrates with your service management solution. We have a direct integration between Ivanti Automation and Ivanti Service Manager, but we can also connect to other solutions using API’s. With this integration it is possible to automatically create a change request when a scan with Ivanti Security Controls shows that there are patches missing. CI’s are linked to the change request to show what system is going down and with that information Ivanti Service Manager can also show which other systems are going to be affected by the patch deployment. The only thing that is left for the administrator is approving the change and set a maintenance window.
At the time of the maintenance window, Ivanti Service Manager can start the patch deployment. An administrator does not have to spend its evening at the office and just have to be standby at home.
First the servers being patched are set to ‘Under Maintenance’ in the Service Management solution. This give other users, like the support desk, insight in which systems are down at that moment. Ivanti Security Controls installs all the patches and reboots the server if necessary. At the end of the deployment the server is scanned again for missing patches, to check if all patches are rightly deployed and results are sent back to Automation. If all patches installed without problems, the change request is closed and the CI is put back into production within Ivanti Service Manager. If one of the patches failed, Ivanti Automation will keep the change request open, the CI is kept under maintenance and the administrator is notified by email or SMS that something is wrong and needs manual intervention.
Because Ivanti Security Controls scans the system after patch deployment, the status is immediately changed in all reports for administrators and the security officer, reflecting the change in installed and missing patching.
Using Ivanti solutions automates a lot of manual work from the patching process but keeps you into control. It gives better insight in the patching status of your environment at any time. Using Ivanti Security Controls, Automation, and Service Manager gives you the power of true Unified IT and makes your live as administrator, IT manager or security officer a lot easier.
The video below shows this Unified IT power in action. For more information how we can help you, please contact your account manager.