PatchLink Update 6.3 review
PatchLink Update provides a centralised patch-management system that can audit, monitor and update the patch state of networked systems under its control. With new software security exploits occurring almost every day, locating and applying patches and updates to networked systems is an ongoing process. Keeping track of the patch levels of systems can become a major activity. Just to make things worse, patches need to be applied carefully; simply applying every available patch not only wastes time and resources, it can occasionally cause issues with previously stable software.
Automatic patch updates have their place, but it’s impossible to know what the real situation is without examining every system. PatchLink takes vendors’ patches as they’re released, and runs them on the applicable systems to check they’re effective before placing them in the PatchLink Repository along with the appropriate digital fingerprint package.
PatchLink Update has two components: the PatchLink server, which must be installed on a Windows 2003 system, and software agents installed on each managed system. These report back to the central server, providing an updated view of the current status of each one. The PatchLink server displays the current status, and downloads the latest patches from PatchLink’s own central distribution servers before distributing them to whichever system needs updates.
The software offers a number of reporting features, available as both browser displays and generated reports that can be exported in CSV, XML or Microsoft Excel (XLS) formats, or simply printed out for later use. Each report can cover the entire network or be narrowed down to individual systems or groups of systems. The range of available reports includes useful hardware and software inventory information and a detailed vulnerability analysis. This provides several filtering options, enabling the user to confine reports to types of systems and vulnerability levels, so that the most urgent can be patched first. It’s also possible to exclude a vulnerability from the scanning process altogether, if required. The software will only list and apply patches to individual systems according to the software installed, rather than simply applying all available patches to them regardless. It’s also possible to define a standard set of patches that must be applied to a group of systems. PatchLink will ensure that these systems always have these patches applied. Systems can be divided into groups for easier management. The default groups, one for each operating system supported, will be sufficient for most networks, but new groups can be created.
Security is important, and PatchLink provides comprehensive user-management facilities. These work with Windows user account security to control access to the system by assigning one of four predefined roles to each user. New user roles can also be created if needed. The system monitors its own state, as well as that of the systems in its care. It will generate email alerts for abnormal conditions, such as a patch deployment or download failure, as well as when new patches are available. In this way, PatchLink can really help network administrators to stay on top of the patch situation.