Network Infrastructure

IT professionals know that, when their network is at risk, the organization is at risk. It is a challenging task to keep up with and apply security or software updates within the IT infrastructure, especially if the networks span multiple locations, include multiple domains, traverse multiple firewalls and include remote and home users.

Patch Management is not just scanning and applying patches. Patches often need to be deployed in a test environment, undergo an approval process or require multiple steps to deploy.

MissionControl provides the tools and infrastructure to enforce policies and to easily address the complexities of software and security patch deployment. Patch Management automatically keeps servers, workstations and remote computers up-to-date with the latest important security patches and software updates.

From simple, fully automated patch deployment to script-based automation for a customized deployment, MissionControl delivers a secure and comprehensive Patch Management solution to help keep security holes closed and applications updated with a mouse click. Patch Management provides IT professionals with the tools they need to be successful and keep the organization running efficiently.

Automatic and Recurring Patch Scans

• Scheduled or ad-hoc
• By computer, group or user-defined collections of computers
• Scans networks for installed and missing security patches regardless of the size of the environment
• Automates the tedious process of researching
• Detects vulnerability
• Identifies which patches are installed and date-installed
• Determines which patches are needed
• Monitors and maintains patch compliance throughout your entire enterprise

MissionControl Agent Technology

• Does not require multiple patch servers
• Ensures that all systems, even remote users on laptops and workstations, are protected
• Allows implementation across entire network, not just servers
• Always know what patches and security holes reside on each user’s system

Patch Approval

• Approve or deny selected patches
• Select by user-defined computer collections

Automated Patch Deployment

• Schedule by time, computer, group or user-defined collections of computers
• Simultaneously deploy all required patches across operating systems
• Support for Windows® 2003, 2000, NT, XP, 98, 95 and Windows 7
• Single rollout strategy and policy enforcement
• Maximize uptime

Interactive Patch Management

• Select to deploy by patch or by computer
• Select individual computers, groups or user-defined collections of computers
• Ad-hoc simultaneous deployment of selected patches
• Across operating systems
• Across locations

Easy and Fast Deployment

• Up and running in minutes
• No software to install
• The MissionControl server automatically installs needed software components transparently
• Easy Administration of users and policies

Flexible Configuration

• Patch file location
• Patch file parameters
• Reboot actions and notifications
• By computer, group or user-defined collections of computers
• Saves bandwidth
• Security and policy control

Comprehensive Reports

• Graphical with Drill-Down
• User defined
• Scheduled
• E-mail notification
• Export to HTML, Excel or Word

Scan Machine

• Schedules scans to search for missing patches on each managed machine. Scanning takes very few resources and can be safely scheduled to run at any time of day. The scanning operation does not impact users at all.

Patch Status

• The current patch status of any given machine is one of the most critical data points when maintaining and troubleshooting a system. Within the Patch Status section of MissionControl, you get an instant view of number of patches installed, missing, denied, pending and failed. Most patch problems are the result of configuration and/or permission issues. The test function exercises the entire patch deployment process without actually installing anything on the target machine or causing a reboot.
• Initial Update is a one-time processing of all approved Microsoft patches applicable to a managed machine based on Patch Policy.

Pre/Post Procedure

• Use the Pre/Post Procedure page to run procedures either before and/or after Initial Update or Automatic Update. For example, you can run procedures to automate the preparation and setup of newly added machines before or after Initial Update.

Automatic Update

• The Automatic Update page is the preferred method of updating managed machines with Microsoft patches on a recurring basis. Automatic Update obeys the patch policies from within the MissionControl IT Automation Framework so that you can have total control over the machine behavior for patching.

Machine History

• The Machine History page displays the results from the most recent patch scan of managed machines. All installed and missing patches applicable to a managed machine are listed, regardless of whether the patch is approved or not.

Machine & Patch Updates

• The Machine Update page manually installs Microsoft patches on individual machines. Machine Update is often used to test a new patch prior to approving it for general release to all machines.
• The Patch Update page updates missing Microsoft patches on all machines displayed in the paging area. If you’re using Automatic Update, then Patch Update is used on an exception basis to apply individual patches to multiple machines or to re-apply patches that originally failed on certain machines.

Rollback

• There are times when patches get installed and have unintended impact on software installed. The Rollback page removes patches after they have been installed on a system. Not all patches may be uninstalled, but the system only lists patches supporting the rollback feature.

Cancel Updates

• Cancel patch installations manually scheduled from the Machine Update or the Patch Update pages. Terminate a currently running patch installation process on an individual machine. The Cancel Updates page can also terminate currently running patch installation processes.

Create/Delete

• Create patch policies to approve or deny patches. Initial Update and Automatic Update only install-approved patches.
• The Create/Delete page creates or deletes patch policies. Patch policies contain all active patches for the purpose of approving or denying patches.
• An active patch is defined as a patch that has been reported by a patch scan by at least one machine. Any machine can be made a member of one or more patch policies.

Membership

• The Membership page assigns machine IDs to one or more patch policies. Patch policies contain all active patches for the purpose of approving or denying patches.
• An active patch is defined as a patch that has been reported by a patch scan by at least one machine in the VSA. Any machine can be made a member of one or more patch policies.

Approval By Policy

• The Approval By Policy page approves or denies the installation of Microsoft patches on managed machines by patch policy.
• Patches pending approval are considered denied until they are approved. This gives you the chance to test and verify a patch in your environment before the patch automatically pushes out.

Approval By Patch

• The Approval By Patch page approves or denies the installation of Microsoft patches on managed machines by patch for all patch policies.
• Changes affect patches installed by all users. This saves you the trouble of approving pending patches separately for each patch policy.

Knowledge Base Override

• The Knowledge Base Override page sets overrides of the default approval status of patches set using Approval by Policy by KB Article for all patch policies. It also sets the approval status for existing patches by KB Article for all patch policies.
• Changes affect patches in all patch policies installed by all users.

Windows Auto Update

• The Windows Auto Update page determines whether Windows Automatic Updates on managed machines is disabled, left for the user to control or configured.

Reboot Action

• The Reboot Action page defines how reboots are performed after a patch install. Patch installs do not take effect until after a machine is rebooted.
• The Reboot Action policy applies to Machine Update, Patch Update and Automatic Update.

File Source

• The File Source page defines where each machine gets patch-executable files from, prior to installation, and where these patch executables are copied to the local machine.
• File source locations include:
  • The Internet
  • The server
  • A local file share

Patch Alert

• You can configure alerts for when new patches are available, agent credentials are invalid or missing, when a patch install fails or when Windows Auto Update information has changed.

Office Source

• Because Microsoft Office updates require source file locations, MissionControl has the ability for admins to specify the source file location for Office on each computer.
• The location can be a network share or directory or a standard local path.

Command Line

• The Command Line page defines the command line switches used to silently install a specified patch.
• Occasionally, a patch is released that does not use normal switch settings, or the patch database has not been updated with the new switches.
• If you find a patch does not successfully install with its assigned switch settings, you can change them with this page.
• Locate patch switches by clicking the Knowledge Base Article link and reading through the knowledge base article.

Patch Location

• The Patch Location page defines the URL from which each patch is downloaded. Only patches missing from machine IDs that currently match the Machine ID/Group ID filter are displayed here.