TechWeb

Rolling Review: Patch Up Your Windows

May 23, 2008 (08:05 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=207801689


THE UPSHOT
CLAIM:  Kaseya is an easy-to-use, inexpensive patch management application that will let you deploy critical application patches quickly and securely.

CONTEXT:  This Rolling Review will rate patch management tools on breadth of platforms supported, testing and staging capabilities, reporting, the ability to roll back, and more. Kaseya is an agent-based patch offering that focuses on Windows.

CREDIBILITY:  While Kaseya was by far the easiest to use, it has limited OS support and initial agent configuration is cumbersome. That said, the product is aggressively priced, boasts a good feature set, and should appeal to Windows shops.

Kaseya's Managed Services Edition 2008 provides enterprise patch management functionality for IT managers on a limited budget. It offers many features usually seen on higher-end products, including bandwidth throttling, rollback options, and endpoint configuration management.

Kaseya performs well and offers the ability to regulate Windows Update behavior, a feature not found in more expensive products. The suite is agent-based and administered though a Web-based user interface that's surprisingly easy to use. Kaseya is a great fit for all-Windows IT shops that are looking for a policy-based patching process.

Kaseya is extremely secure. All network transactions are encrypted, and no ports are opened for any component. File transfers to clients are always dynamically compressed, and there's a per-client option for bandwidth throttling. You can also configure endpoints to distribute patches to other computers. This can ease bandwidth consumption across your network if set up efficiently.

Kaseya patches all Windows versions and Mac OS X v10.3.9 and above. Through its ability to run scripts on clients, it also can be configured to deploy patches that are not natively supported, such as a custom app that wouldn't have a commercially distributed patch.

Administrators can assign policies to groups of computers and use automated updates to ensure that they stay in compliance with the policies.

Kaseya's implementation of reporting, rollback, and new patch awareness is on par with the other products we've reviewed.

Kaseya's user interface is the best of all the patch management products we've seen. It's clean and easy to use. The sleek, Web-based user interface lets administrators control every aspect of the application.




CONFIGURATION STANDOUT

One differentiator that we found for Kaseya's product compared with many other patch management systems was the ability to configure settings for individual clients.

For example, Kaseya allows for per-client settings for reboot behavior and vulnerability notification, giving administrators more flexibility about when a deployed patch will trigger a reboot. For instance, instead of creating two separate patch packages--one for desktops or laptops that can be rebooted right away, and another for servers that require scheduled downtime--administrators can adjust the settings on individual clients to reboot as appropriate.

Administrators can choose a variety of reboot settings: forced reboots, scheduled reboots, notification to prompt the user to reboot, and no reboot.

The agents' vulnerability notification feature is also highly configurable. Desktop and laptop agents might only notify administrators about critical security vulnerabilities, while agents on mission-critical servers can be configured to notify admins about any vulnerability.

IN DETAIL
FEATURED PRODUCT:
Kaseya Managed Services Edition 2008--5.0.0.0

ABOUT THIS ROLLING REVIEW:
Patch management products are being tested at our Real-World Labs at Windward IT Solutions. We're assessing breadth of platforms supported, how well a product uses subscription services to discover patches, how thoroughly it discovers our environment, what rollback capabilities are available, testing and staging capabilities prior to production, reporting, and network bandwidth control.

UP NEXT:
A wrap-up of our patch management series

ALSO INVITED:
BigFix, BladeLogic, BMC Software, CA, Configuresoft, Ecora Software, IBM, LANDesk Software, Lumension Security/PatchLink, Shavlik, Novell, Opsware, and Symantec

Kaseya can regulate Windows Update behavior, a feature unique to this product. On a per-client setting, Windows Update can be disabled, left to user control, or enabled with the usual selection of options.

This is a useful feature for organizations that run updates through a change management process rather than have them automatically installed. The change management process can ensure that patches won't disable applications or otherwise affect a system's performance or availability.

Robust options for client deployment are another notable feature of Kaseya. Besides the usual options for deployment, such as by remote login, by domain, by Active Directory, or via a browser, Kaseya offers a LAN Watch component.

EYE ON THE LAN

With LAN Watch, if you configure a client to act as a patch distribution point, that client can scan other machines on a LAN segment and deploy patches as necessary. Each client deployment package can be further customized to use any client settings already configured on the Kaseya server. This enables templates for server, desktop, or laptop deployment to carry correct client settings from installation, rather that having to manage individually or by group later.

Kaseya is ideal for Windows-centric shops looking for an easy-to-use patch system that's competitively priced. It supports all Win- dows versions, including 95, 98, and NT 4. Application support is based on Microsoft's updates, including Office, SQL Server, Windows Media Player, Direct X, and Exchange.

Kaseya's greatest drawback is the initial agent configuration. Each agent has to be configured individually after it's deployed, which will be time-consuming for all but the smallest shops.

Also, beware that default client settings include forcing immediate reboots and downloading all patches directly from Microsoft.

Pricing is based on a one-time licensing fee--that's it. There are no annual subscriptions for the software itself or the patches. In our scenario, Kaseya charged $12 per device for 600 Windows machines, for a total of $7,200. Other vendors will find that pricing structure hard to beat.

InformationWeek's Rolling Reviews present a comprehensive look at a hot technology category, beginning with market analysis and wrapping up with a synopsis of our findings. See our kickoff and other reviews in this patch management series at Rolling Reviews.