Kaseya Community

Software Mgmt and OS Patches

  • Wondering if anyone has been able to use the SM module to provide OS patches. Is it better than the Patch Management module?

  • We have used both of the modules in our environment and here are some of the differences that we have identified.

    Patch Management allows a better control of the patch content as it is split by severity and product level while Software Management splits everything by Critical or Recommended.  Reporting from Software Management is a bit complex and not as defined as PM.  

    SM allows for override profiles by product/ vendor etc  and supports 3rd party patching.

    We started using PM, switched to SM for 3rd party and then went back to PM because the reporting was not allowing us to collect the data that we wanted to collect and provide to our team.  All of the modules have their key points and they do not all interact the same way and some functions are available while others only exist in on or the other.

  • We're using SM, partly to be able to offer 3rd party application patching but also because PM increadably flakey when it came to patching WIndows 10 / Server 2016. It has proved generally reliable and the automatic retry of failed patches is a definite plus.

    It definitely has some irritating limitations: the lack of post-patch reboot options ('Reboot at xx:xx if not rebooted' is particularly useful for workstations), the lack of a wake up option prior to patching, no LAN cache...

    I have to agree with mikey: the reporting is woeful. In particular, the fact that report can only show "Machines with outstanding patches" rather than "Number of outstanding patches per machine" - including those with zero missing patches - is especially frustrating. Customers like to see all their machines listed in a report, not just those with missing patches. The ability to separate out rejected/denied patches from those simply missing would also be useful; yes, they are still vulnerabilities but these are patches being excluded for a reason.

  • What are you guys using for a reporting solution to present your patch statuses to customers?

  • We have come to the conclusion that you can use some data from the Info center, not rely on the "dashboards" that you cannot control (SaaS) the filters for.  We collect data daily from some of the patch applied/ vulnerabilities and build our own trend report.  

    It is very surprising that there is not such function in the reporting module and that you are unable to filter out non approved / excluded patch data from the reports effectively (SM) so you always have to account for what is approved / pending / recommended etc.

  • Hi Guys,

    On Automation Exchange Sidney has created a report specifically for software Management and is quite extensive and useful.

    We were struggling as well with this and had reached out to our rep, who in turn, scheduled some time to create it.

  • Well, let me picht in, we don't trust Software Management at all. But, I have to say our last serious testing of this module was a year ago. At that time bandwith usage to our internal VSA was ridiculous. And you need some 100 GB of disk space on your VSA to store all downloads. If you're on SaaS that's no issue.

    We've had a ticket open about Software Management for a year now, also a bad sign. The last update on this is 11 months ago, so... I don't believe this is a serious option for us.

    We currently run Patch Management on some 6000 machines from our VSA without too much issues. Indeed it's an older product, but with some care and attention it does the job. When we ran Software Management to patch our own 30+  servers this already killed our VSA access over 15 minutes or so. That's simply not acceptable to us. We have a solid 100 Mbit line, with gigabyte speeds internally and still downloading saturated our LAN. Distributing access wasn't possible for all machines without having to create a few hundred policies and having to balance those manually. Not great by all means.

    Just looked at one of our test machines running 3rd party updates, but all actions show Deploying Error, with incompatible architecture and language of just simply 'Software not supported on this machine'. And I know installing that software is no problem if I do it manually. So, guess what, we're not using this.

    Since then work has been done on better distributing the load, but that only addresses part of the issue. Waiting for Kaseya to come out with something more solid....

    Oops, typos, typos...
    [edited by: OudjesEric at 1:25 AM (GMT -7) on May 22, 2019]
  • Thanks to everyone that commented. This will help us going forward.