May 23, 2008 (08:05 PM EDT)
Rolling Review: Patch Up Your Windows
Read the Original Article at InformationWeek
Kaseya's Managed Services Edition 2008 provides enterprise patch management functionality for IT managers on a limited budget. It offers many features usually seen on higher-end products, including bandwidth throttling, rollback options, and endpoint configuration management.
Kaseya performs well and offers the ability to regulate Windows Update behavior, a feature not found in more expensive products. The suite is agent-based and administered though a Web-based user interface that's surprisingly easy to use. Kaseya is a great fit for all-Windows IT shops that are looking for a policy-based patching process.
Kaseya is extremely secure. All network transactions are encrypted, and no ports are opened for any component. File transfers to clients are always dynamically compressed, and there's a per-client option for bandwidth throttling. You can also configure endpoints to distribute patches to other computers. This can ease bandwidth consumption across your network if set up efficiently.
Kaseya patches all Windows versions and Mac OS X v10.3.9 and above. Through its ability to run scripts on clients, it also can be configured to deploy patches that are not natively supported, such as a custom app that wouldn't have a commercially distributed patch.
Administrators can assign policies to groups of computers and use automated updates to ensure that they stay in compliance with the policies.
Kaseya's implementation of reporting, rollback, and new patch awareness is on par with the other products we've reviewed.
Kaseya's user interface is the best of all the patch management products we've seen. It's clean and easy to use. The sleek, Web-based user interface lets administrators control every aspect of the application.
One differentiator that we found for Kaseya's product compared with many other patch management systems was the ability to configure settings for individual clients.
For example, Kaseya allows for per-client settings for reboot behavior and vulnerability notification, giving administrators more flexibility about when a deployed patch will trigger a reboot. For instance, instead of creating two separate patch packages--one for desktops or laptops that can be rebooted right away, and another for servers that require scheduled downtime--administrators can adjust the settings on individual clients to reboot as appropriate.
Administrators can choose a variety of reboot settings: forced reboots, scheduled reboots, notification to prompt the user to reboot, and no reboot.
The agents' vulnerability notification feature is also highly configurable. Desktop and laptop agents might only notify administrators about critical security vulnerabilities, while agents on mission-critical servers can be configured to notify admins about any vulnerability.
Kaseya can regulate Windows Update behavior, a feature unique to this product. On a per-client setting, Windows Update can be disabled, left to user control, or enabled with the usual selection of options.
This is a useful feature for organizations that run updates through a change management process rather than have them automatically installed. The change management process can ensure that patches won't disable applications or otherwise affect a system's performance or availability.
Robust options for client deployment are another notable feature of Kaseya. Besides the usual options for deployment, such as by remote login, by domain, by Active Directory, or via a browser, Kaseya offers a LAN Watch component.
EYE ON THE LAN
With LAN Watch, if you configure a client to act as a patch distribution point, that client can scan other machines on a LAN segment and deploy patches as necessary. Each client deployment package can be further customized to use any client settings already configured on the Kaseya server. This enables templates for server, desktop, or laptop deployment to carry correct client settings from installation, rather that having to manage individually or by group later.
Kaseya is ideal for Windows-centric shops looking for an easy-to-use patch system that's competitively priced. It supports all Win- dows versions, including 95, 98, and NT 4. Application support is based on Microsoft's updates, including Office, SQL Server, Windows Media Player, Direct X, and Exchange.
Kaseya's greatest drawback is the initial agent configuration. Each agent has to be configured individually after it's deployed, which will be time-consuming for all but the smallest shops.
Also, beware that default client settings include forcing immediate reboots and downloading all patches directly from Microsoft.
Pricing is based on a one-time licensing fee--that's it. There are no annual subscriptions for the software itself or the patches. In our scenario, Kaseya charged $12 per device for 600 Windows machines, for a total of $7,200. Other vendors will find that pricing structure hard to beat.