congratulations – you survived the keynote with stan & ollie
DESCRIPTION
Congratulations – you survived the keynote with Stan & Ollie. 10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager. Kent Agerlund. Who am I. Kent Agerlund Chief System Management Architect Coretech A/S, Denmark - PowerPoint PPT PresentationTRANSCRIPT
Congratulations – you survived the keynote with Stan & Ollie
10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager
Kent Agerlund
Who am I Kent Agerlund
Chief System Management Architect Coretech A/S, Denmark Microsoft MVP: Enterprise Client Management Microsoft Certified Trainer, MCITP Enterprise Admin
I love questions – but DON’T ask me about hockey and the world cup
Agenda Patch Tuesday
Let’s spend 5 min together Why worry about 3rd party updates What are your options
SCUP 2011 (System Center Updates Publisher) Solarwinds Secunia
So….What is patch management?
PDPatch Deployment
PCPatch Creation
+
Vulnerability Scanning
VS +VIVulnerability Intelligence
+ PM=
Plan for Software Updates Define you Update process
Pilot environments Servers with automatic restart Servers with manual requirements Logically grouped servers Workstations in production Excluded devices
Define you SLA’s When is your Boss a “Happy Camper” Can you track compliance
Collection design Maintenance Windows
CD+IT+RT=MW
Workstation restarts Automatic restart? No restart = No compliance = No Make sure you have a restart plan Create custom report
Last Computer Restart
Give me 5 minutesDEMO Wake up it’s, Patch Tuesday or early Wednesday
Microsoft Programs
14%Third Party Programs
86%
Why worry about 3rd party Business
View
Criminals
ViewWhat criminals
attack
Business criticalprograms
Programs you know about
Programs you don’t know about
What do you patch today
Vendors
The numbers speaks for themselves – TOP 50 apps
Cybercriminals know:patch available
≠
patch installed
Vulnerabilitiesin 2012 TOP 50 Apps
1137
421 in 2009229 in 2007
0 10 20 30 40 50 600%
20%
40%
60%
80%
100%
Percentage of risk remediated by patching N programs
Number of programs patched
Perc
enta
ge o
f risk
rem
edia
ted
Patching N of 200 programs
80% risk reduction achieved by either patching the 12 most critical programs, or by patching the 37 most prevalent programs
12 37
Strategy 2: By CriticalityRisk remediated by patching the N most critical programs
Strategy 1: StaticRisk remediated by patching the N most prevalent programs
Where to begin
Are we doomed?
SCUP 2011
SCUP 2011 What is SCUP
Authoring tool Publishing tool
3rd Party Updates with SCUP Same experience for all updates in ConfigMgr Supports EXE, MSI and MSP based updates MSU workaround :
http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deploying-custom-msu-updates-with-sccm-and-scup.aspx
SCUP Process Flow
Author customSCUP catalog WSUS Server
Catalogs downloaded from web
ConfigMgr ServerSCUP Console
Publish Updates Sync Updates
ConfigMgr Clients
Scan Updates Deploy Updates
Author Updates
Import Updates
The signing certificate Used by SCUP to sign updates
Trusted Publishers Trusted Root
Configure WSUS GPO Allow self signed certificates
Create the self-signed certificate with SCUP External certificate - http://
blogs.msdn.com/b/steverac/archive/2011/09/18/using-system-center-update-publisher-2007-with-verisign-certificates.aspx
KB2720211 & KB2661254
Available Catalogs Free catalogs
Adobe Reader and Flash
Dell Client and Server updates
Hewlett-Packard Client and Server updates
Fujitsu ConfigMgr Cumulative updates
$$ catalogs SCUPdates from Shavlik, VMWARE
no wait today it’s LANDESK PatchMyPC
SCUPDEMOPatch ConfigMgr clients…..the easy way
Secunia
Secunia Products
CSI – Corporate edition SSB – Small Business edition PSI – Consumer and free
Cloud Based solution Database contains vulnerabilities in
software products since 2003 40k+ programs, applications and
plug-ins from thousands of software vendors
Automated patch repackaging Fully integrated with 2012
Reporting Integrated with Configuration Manager Custom Dashboard Custom reports E-Mail subscriptions
Deploying patches Custom created Secunia packages
Silent installations Can detect running applications like JAVA
Script support PowerShell VB Java
Updates are injected into WSUS
SecuniaDEMO3rd party patching
UTVÄRDERING Fyll i utvärderingen så att vi kan bli
ännu bättre till nästa gång! Antigen via länken du fick med
din biljett eller vid någon av datorerna i TrueSec:s monter
Tävla samtidigt om en HP Elitepad 900 (Vinnaren presenteras i Utställarfoajén direkt efter sista sessionen).
KVÄLLSMINGEL Best of MMS avslutas med ett
gigantiskt mingel på närliggande Dubliner direkt efter dagens sista session!
Microsoft och LabCenter bjuder på god öl och ett unikt tillfälle för experter, branschkollegor och eventdeltagare att mingla tillsammans.
Vi ses väl där?