Posts Tagged ‘patch management’

Patch Management Made Easy: StarDeploy

Wednesday, December 22nd, 2010

There is a new donateware tool available for Mac OS X called StarDeploy. StarDeploy is a straightforward patch management solution that allows you to place items in Applications, Libraries or User Folders on a centralized server and have those items sync to client systems. StarDeploy also allows you to push out packages using the centralized file share as well.

The combination of StarDeploy and DeployStudio allows you to image and then patch manage systems in simplistic environments fairly quickly, easily and to do so in a cost effective manner. However, StarDeploy isn’t as object oriented as JAMF’s Casper Suite, FileWave, Symantec’s Altiris or other solutions you may currently be using or reviewing. The solution manages somewhat flat structures. You can create multiple file shares if you have multiple groups, but compared to how Casper or other comparable tools operate, this could get somewhat tedious to manage in complex environments. However, the cost is a donation that you can make and so it is inexpensive.

In our use, StarDeploy has been able to easily push out packages to a large number of systems very quickly. The packages that you build for StarDeploy can then be moved into other solutions if you outgrow StarDeploy. This makes for a nice modular approach where you can grow into a more complex solution or even have StarDeploy work in conjunction with other solutions; for example: allowing StarDeploy to manage lab environments and using a more robust solution for more robust environments.

Overall, StarDeploy makes an excellent addition to the toolkit of anyone with a keen eye on managing large numbers of Mac OS X systems. If you would like to discuss using StarDeploy, JAMF’s Casper Suite, FileWave or other products for patch management, contact your 318 Professional Services Manager or sales@318.com today!

Tags: , , , ,
Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off

ESX Patch Management

Tuesday, April 14th, 2009

VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:

esxupdate -query

Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:

tar xvzf .tgz

Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:

esxupdate –test update

Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):

esxupdate update

There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).

If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.

You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:

esxcfg-firewall -allowOutgoing

Next, issue the esxupdate command with the path embedded:

esxupdate –noreboot -r http:// update

Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:

esxcfg-firewall -blockOutgoing

Tags: , , , , , ,
Posted in Linux, Mass Deployments, Scripts, Windows | Comments Off