Software Updates in an

enterprise a nightmare

or a blessing?Kenneth van Surksum

Peter Daalmans

Kenneth van Surksum

Managing Consultant @ Insight24

System Center Cloud and Datacenter

Management MVP, auteur, blogger en

spreker

@kennethvs | vansurksum.com | ksurksum@insight24.nl

Peter Daalmans

Technical Consultant @ IT-Concern BV,

Enterprise Client Management MVP,

auteur, blogger en spreker.

@pdaalmans | configmgrblog.com | Peter.Daalmans@it-concern.nl

Waarom Patch Management?

Waarom patch management?

Wat is patch management?

VI VS

PC PD

PM

Standaard ConfigMgr

functionaliteiten

Waarom SUM ipv WSUS■ 1 Client

■ Rapportage’s

■ 1 Console

■ Maintenance Windows

■ Scheduling

■ 1 Infrastructuur

■ Automatic Deployment Rules (ADR)

■ System Center Updates Publisher

(SCUP)

■ OS Deployment Integratie/Offline

Servicing

■ End User Experience

■ Targeting

Demo

Vulnerabilities75,7% of the vulnerabilities affecting the Top 50 programs involved Third Party (TP) Programs

Secunia Vulnerability Review 2014

http://secunia.com/?action=fetch&filename=secunia_vulnerability_review_2014.pdf

Updating 3rd Party Software

Patch 3rd party software

■Via System Center Updates Publisher 2011

■Secunia CSI

SCUP en ConfigMgr

■ Wat is SCUP?■ Authoring tool

■ Publishing tool

■ 3rd Party Updates via SCUP ■ Zelfde ervaring met updates via ConfigMgr

■ Ondersteund EXE, MSI en MSP gebaseerde updates

■ MSU work-a-round : http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deploying-custom-msu-updates-with-sccm-and-scup.aspx

SCUP Workflow

Catalogs gedownload van het Internet

WSUS Server

ConfigMgr Server

SCUP Console

Author custom

SCUP updates

Author updates

Import updates

Publish updates Synchroniseer updates

Deploy updates

Beschikbare catalogs■ Gratis:■Adobe (Reader en Flash)

■Dell , HP en Fujitsu (Client / Server updates)

■ConfigMgr Cumulative Updates

■ Betaald:■ SCUPdates van Shavlik

■ PatchmyPC

WSUS Certicaten■ Om 3rd party updates te installeren dienen updates

gesigned te worden via:■WSUS self signed certificate

■ Extern certificaat (link)

■ Deploy certificaten in trusted root en trusted publishers

■ Creeer WSUS GPO om self signed certs toe te staan

■ Installeer KB2720211 + KB2661254

■ Enable Self Signed in Windows Server 2012 R2

Secunia CSI■Doelmatig en flexibel Patch Management

■ Beveiligd en update vitale (3rd party) applicaties

■ PM van A-Z: Vulnerability Intelligence, Scanning, Patch Creation en Deployment

■ ConfigMgr 2012 en WSUS integratie

■ Scant PCs en Apple Mac OS X

Secunia CSI

■Cloud gebaseerde oplossing

■Database bevat vulnerabilities in software

producten sinds 2003

■40.000+ programmas en plugins

Secunia CSI Workflow

WSUS ServerConfigMgr Server

ConfigMgr /

Secunia Console

ConfigMgr Admin

Inloggen op

Secunia portal

Rapporteer en Creëer

update package

Approve updates Synchroniseer updates

Deploy updates

Secunia Cloud

Demo

Q&A

17:00-18:00

Keynote #2

Tom Coronel