I am currently using Patch Management to handle Windows updates on all of our systems. I have noticed some vulnerabilities related to 3rd-party apps and would like to use Software Management to patch them. Will there be any conflicts in the VSA if I use both features? Is one better than the other for Windows updates?
Anyone with more than about a few hundred systems and bandwith to spare should leave Software Management alone for now. After testing it is deemed inadequate.
It's poorly thought out and executed in true Kaseya style for a fresh product, meaning not really a finished product and not ready for production, as far as we're concerned. I've heard 9.6 should solve the issues Software Management was born with. If that will actually be true, we'll have to wait and see....
We have a feature within software management which prohibits this behavior (it can be turned off). Here is some detail from our documentation:
Prevent an agent from running both Patch Management and Software Management at the same time - If checked, Software Management will not run Scan Now on an agent if that agent is configured to use any of these Patch Management features:
Personally, I would stay with Patch management for now. What kind of vulnerabilities are you having issues with?
You can use Patch Management for Windows and Software Management for third party software separately.
Have they fixed the issue where Software Management is completely destroying the available bandwidth on networks yet?
There is a reason why I said personally :p
No they haven't! I created ticket 249898 and the support rep told me that I should stagger my scan. I'm new to Kaseya, but the onboarding training said that the scan should be done during the day to capture as many machines as possible. My professional services onboarding person said the same. When I explained that we kick this off on wed afternoon for 400 agents, our entire 300down 20up is toast for the afternoon. He said that he's heard that. We aren't even doing the deployment yet. Just the scan. I'm still managing patching with Labtech at this point.
There's also an issue with Software Management Policies - you can't merge a Scan Schedule with an Update policy - whichever applies first overrides the other.
We use a single policy to define server scans, and around 50 policies to define the update schedule. We keep them separate so we don't have to update 50 policies when the scan schedule changes.
This is just one of a few issues in S-M that's keeping us from using or recommending it at this time.
So in regards to the network bandwidth issue, does this mean that "Software Management" has been developed without the ability to use LanCache if configured?
The way they described Software Management was outside of the LANCache ... But that it would use a proprietary client to client type system ... That if a patch was out there that one endpoint needed, it would be able to simultaneously download said patch from all of the other endpoints that had already downloaded the patch (or portions thereof) ... Or at least, that is how we understood it to be ... In practice however, it seems to always download thru the KServer and just bogs whatever network the KServer is on to a standstill (IF you try to deploy more than a few at a time ...) . and Support's answer was to setup 50 thousand different policies so you only do a few at any given time, but if you have more than a handful of endpoints it would take all week to deploy patches without killing anyone's bandwidth ...
Thanks for the information!!!