Posts Tagged ‘patch management’

BizAppCenter

Thursday, November 29th, 2012

It was our privilege to be contacted by Bizappcenter to take part in a demo of their ‘Business App Store‘ solution. They have been active on the Simian mailing list for some time, and have a product to help the adoption of the technologies pioneered by Greg Neagle of Disney Animation Studios (Munki) and the Google Mac Operations Team. Our experience with the product is as follows.

To start, we were given admin logins to our portal. The instructions guide you through getting started with a normal software patch management workflow, although certain setup steps need to be taken into account. First is that you must add users and groups manually, there are no hooks for LDAP or Active Directory at present (although those are in the road map for the future). Admins can enter the serial number of each users computer, which allows a package to be generated with the proper certificates. Then invitations can be sent to users, who must install the client software that manages the apps specified by the admin from that point forward.

emailInvite

Sample applications are already loaded into the ‘App Catalog’, which can be configured to be installed for a group or a specific user. Uploading a drag-and-drop app in a zip archive worked without a hitch, as did uninstallation. End users can log into the web interface with the credentials emailed to them as part of the invitation, and can even ‘approve’ optional apps to become managed installs. This is a significant twist on the features offered by the rest of the web interfaces built on top of Munki, and more features (including cross-platform support) are supposedly planned.

sampleOptionalinstall

If you’d like to discuss Mac application and patch management options, including options such as BizAppCenter for providing a custom app store for your organization, please contact sales@318.com

More fuel for the Simian fire – how does free sound?

Thursday, March 15th, 2012

Well we’ve been busy keeping our finger on the pulse of the Mac-managing open source community, and that genuine interest and participation continues to pay off. Earlier, we highlighted how inexpensive and mature the Simian project running on Google App Engine (GAE for short) is, although as of this writing refreshed documentation is still forthcoming. In that article we mentioned only one tool needs to be run on a Mac as part of maintaining packages posted to the service, and an attempt is being made to remove even the need for that. This new project was originally¬†announced here, and has a growing number of collaborators. But that isn’t the biggest news about Managed Software Update (Munki) and Simian we have to announce today.

A technique that had been previously overlooked is now proven to be functional that allows you to use Simian as the repository of all of your configurations, but serve the actual packages from an arbitrary URL. Theoretically, if you take the publicly available pkginfo files, modify them to point to a web server on your LAN, (or even the vendors website directly, if you want them to be available from anywhere,) and your GAE service would fall under the free utilization limits with very little maintenance effort. This is big for institutions with a tight budget and/or multiple locations that want to take advantage of the App Engine platforms availability and Simian’s great interface. Beyond helping you save on bandwidth usage, this can also help control where your licensed software is stored.

Previously people have wished they could adapt Google’s code to run on their local network with the¬†TyphoonAE beta project, but versus the recommended & supported method to deploy the server component, this is a great middle ground that brings down a barrier for folks having difficulty forecasting costs.

It’s an exciting time, with many fully-featured offerings to consider.

Patch Management Made Easy: StarDeploy

Wednesday, December 22nd, 2010

There is a new donateware tool available for Mac OS X called StarDeploy. StarDeploy is a straightforward patch management solution that allows you to place items in Applications, Libraries or User Folders on a centralized server and have those items sync to client systems. StarDeploy also allows you to push out packages using the centralized file share as well.

The combination of StarDeploy and DeployStudio allows you to image and then patch manage systems in simplistic environments fairly quickly, easily and to do so in a cost effective manner. However, StarDeploy isn’t as object oriented as JAMF’s Casper Suite, FileWave, Symantec’s Altiris or other solutions you may currently be using or reviewing. The solution manages somewhat flat structures. You can create multiple file shares if you have multiple groups, but compared to how Casper or other comparable tools operate, this could get somewhat tedious to manage in complex environments. However, the cost is a donation that you can make and so it is inexpensive.

In our use, StarDeploy has been able to easily push out packages to a large number of systems very quickly. The packages that you build for StarDeploy can then be moved into other solutions if you outgrow StarDeploy. This makes for a nice modular approach where you can grow into a more complex solution or even have StarDeploy work in conjunction with other solutions; for example: allowing StarDeploy to manage lab environments and using a more robust solution for more robust environments.

Overall, StarDeploy makes an excellent addition to the toolkit of anyone with a keen eye on managing large numbers of Mac OS X systems. If you would like to discuss using StarDeploy, JAMF’s Casper Suite, FileWave or other products for patch management, contact your 318 Professional Services Manager or sales@318.com today!

ESX Patch Management

Tuesday, April 14th, 2009

VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:

esxupdate -query

Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:

tar xvzf .tgz

Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:

esxupdate –test update

Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):

esxupdate update

There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).

If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.

You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:

esxcfg-firewall -allowOutgoing

Next, issue the esxupdate command with the path embedded:

esxupdate –noreboot -r http:// update

Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:

esxcfg-firewall -blockOutgoing