software updates in an enterprise a nightmare or a...
TRANSCRIPT
Software Updates in an
enterprise a nightmare
or a blessing?Kenneth van Surksum
Peter Daalmans
Kenneth van Surksum
Managing Consultant @ Insight24
System Center Cloud and Datacenter
Management MVP, auteur, blogger en
spreker
@kennethvs | vansurksum.com | [email protected]
Peter Daalmans
Technical Consultant @ IT-Concern BV,
Enterprise Client Management MVP,
auteur, blogger en spreker.
@pdaalmans | configmgrblog.com | [email protected]
Waarom Patch Management?
Waarom patch management?
Wat is patch management?
VI VS
PC PD
PM
Standaard ConfigMgr
functionaliteiten
Waarom SUM ipv WSUS■ 1 Client
■ Rapportage’s
■ 1 Console
■ Maintenance Windows
■ Scheduling
■ 1 Infrastructuur
■ Automatic Deployment Rules (ADR)
■ System Center Updates Publisher
(SCUP)
■ OS Deployment Integratie/Offline
Servicing
■ End User Experience
■ Targeting
Demo
Vulnerabilities75,7% of the vulnerabilities affecting the Top 50 programs involved Third Party (TP) Programs
Secunia Vulnerability Review 2014
http://secunia.com/?action=fetch&filename=secunia_vulnerability_review_2014.pdf
Updating 3rd Party Software
Patch 3rd party software
■Via System Center Updates Publisher 2011
■Secunia CSI
SCUP en ConfigMgr
■ Wat is SCUP?■ Authoring tool
■ Publishing tool
■ 3rd Party Updates via SCUP ■ Zelfde ervaring met updates via ConfigMgr
■ Ondersteund EXE, MSI en MSP gebaseerde updates
■ MSU work-a-round : http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deploying-custom-msu-updates-with-sccm-and-scup.aspx
SCUP Workflow
Catalogs gedownload van het Internet
WSUS Server
ConfigMgr Server
SCUP Console
Author custom
SCUP updates
Author updates
Import updates
Publish updates Synchroniseer updates
Deploy updates
Beschikbare catalogs■ Gratis:■Adobe (Reader en Flash)
■Dell , HP en Fujitsu (Client / Server updates)
■ConfigMgr Cumulative Updates
■ Betaald:■ SCUPdates van Shavlik
■ PatchmyPC
WSUS Certicaten■ Om 3rd party updates te installeren dienen updates
gesigned te worden via:■WSUS self signed certificate
■ Extern certificaat (link)
■ Deploy certificaten in trusted root en trusted publishers
■ Creeer WSUS GPO om self signed certs toe te staan
■ Installeer KB2720211 + KB2661254
■ Enable Self Signed in Windows Server 2012 R2
Secunia CSI■Doelmatig en flexibel Patch Management
■ Beveiligd en update vitale (3rd party) applicaties
■ PM van A-Z: Vulnerability Intelligence, Scanning, Patch Creation en Deployment
■ ConfigMgr 2012 en WSUS integratie
■ Scant PCs en Apple Mac OS X
Secunia CSI
■Cloud gebaseerde oplossing
■Database bevat vulnerabilities in software
producten sinds 2003
■40.000+ programmas en plugins
Secunia CSI Workflow
WSUS ServerConfigMgr Server
ConfigMgr /
Secunia Console
ConfigMgr Admin
Inloggen op
Secunia portal
Rapporteer en Creëer
update package
Approve updates Synchroniseer updates
Deploy updates
Secunia Cloud
Demo
Q&A
17:00-18:00
Keynote #2
Tom Coronel