Does your network need the flexibility of an agentless patch management system or the diversity of an agent-based solution? Do you want centralized control over computers on your network or would you prefer a more decentralized, standalone organization? This quick guide will help put these two important patch management options into perspective.
Agentless
Server-side (agentless) patch managers offer the immediate benefit of quick initial setup. Whereas agent-based systems require a client on each workstation, agentless patch managers scans the machines from a centralized location and exerts action from there. Agentless patch managers are ideal for large businesses with a large number of machines – agentless puts an emphasis on pushing updates as opposed to micromanaging workstations.
Setting up an agentless system is as simple as loading a list of IP addresses or MAC addresses, then choose the updates to push, and monitor the progress from there. This straightforward configuration ensures that agentless solutions remain infinitely scalable: as long as your network has the bandwidth to support more workstations, you can add them to the update list without the need to purchase any more licenses.
Agentless solutions can do everything that an agent-based solution can but the difference lies in implementation. Deploy across the entire network from a single console, apply customized settings, string your installation and reboot chains to power through complicated processes. If you want to run through a few test deployments you have to try Batch Patch – centralized remote management means you can configure workstations on your network without even leaving your desk.
Agent-Based
Agentless offers a great number of advantages but agent-based apps still fill an important niche for some businesses, especially businesses with a small but diverse network. As the name implies, agent-based solutions require a client on each computer. This decentralized design allows for more control over varied configurations.
Agent-based patch managers are a smart choice for environments with machines that disconnect from the network frequently utilizing the ability to wake-on-WAN, although you can accomplish the same using an agentless system via a wireless LAN.
Another upside to the agent model is easier access and reporting for each individual workstation on the network. This might not mean much to an organization overseeing hundreds of computers, but it’s perfectly workable for diligent IT managers looking for a high degree of compliance. The problem is scaling up: each client requires its own license, whereas agentless systems are often infinitely scalable by nature.
Exploring Your Options
1. Reporting
How much time are you willing to dedicate to compliance reporting? Some patch managers automate the process for colorful printouts to impress the boss at last-minute meetings; others output enough information to really get at the heart of compliance issues but require a skilled eye to compile the data in a way that makes sense to the end user. Whether you choose a streamlined or specialized reporting system is simply a matter of preference and procedure.
2. Third-Party Support
Nearly every modern patch manager supports third-party apps, but “support” could mean many different things. Simple patch managers will give administrators the flexibility to input their own scripts – giving complete control over the patching process. Others go so far as to maintain preconfigured packages, sometimes even deploying them for you. These services come at a price but are worthwhile for those who have time to oversee and double check those processes.
3. Automation
This is another tricky feature. Patch management will never become a “set and forget” endeavor, but like the automated reporting and extensive third-party support options mentioned above, there are plenty of legitimate uses of the term. Just don’t be fooled by patch managers that throw around terms like “advanced automation” without describing what exactly the program is capable of automating.
Patch Perfect
The search for a suitable patch manager can be a long and daunting process, but it’s not hard to avoid all the trial and error if you already have a good idea of the features and capabilities your network needs. While most standards are easy to configure after the fact, the choice between a client-based and agentless patch management solutions will affect your compliance efforts for years to come.
Every patch manager has its place. Which one belongs on your network?
