Hardware

Alternatives for software distribution and patch management

Get a summary of several solutions for distributing software and managing patches on your network.


I used to really hate software upgrades. About ten years ago, I was working in the IT department for a large insurance company. Every time a new application, patch, or driver became available, the IT department would spend the entire weekend manually installing the new software onto a thousand machines. Depending on the size of the software being installed, this task would typically take all weekend. My staff and I would show up on Monday morning exhausted from working all weekend only to be bombarded by phone calls from end users who did not understand the new software.

Today this cumbersome practice is completely automated. IT departments are under constant pressure to accomplish more with an ever decreasing budget. Paying the entire IT staff a full weekend’s worth of overtime whenever a new software version or patch is released would be cost prohibitive. Thus, over the last few years several software distribution and patch management solutions have been released by various companies. Let's take a look at a few traditional alternatives, as well as a newcomer that looks very promising.

Systems Management Server
Microsoft’s preferred patch management and software distribution solution is SMS Server. While I haven’t worked much with the new version of SMS, from what I’ve seen it does a great job for larger organizations requiring massive deployments. However, there are some problems. The first downside is price. To run SMS Server 2003, you will need a server running Windows Server 2003. On top of the Windows licenses, an SMS Server 2003 license costs about $1,200. A five pack of client licenses will cost $279. There is also a fairly steep learning curve involved in packaging applications and distributing them.

Terminal services
Another common solution to the software distribution and patch management problem is to use Terminal Services. For the most part, this solution works great. There is no extra software to buy because the terminal services are included in Windows Server 2000 and 2003. Furthermore, you don’t really have to worry about distributing software or patches to the clients because the majority of the software is running on the server end. When updates are required, they can be applied directly to the terminal server.

As with SMS, there are a few negatives to using the terminal services. For starters, the terminal server must be very powerful because clients tend to consume a tremendous amount of server resources. Using the terminal services also eats up a lot of network bandwidth.

Perhaps a more serious issue is the client’s dependency on the terminal service. It’s common to cluster a terminal server, but in a nonclustered environment, if the terminal server were to crash, then all users are disconnected and lose whatever it was they were working on at the time. If the server were to be down for an extended period, then the users would be unable to work until the server was brought back online.

AppExpress
A company called Endeavors Technology has released a product called AppExpress that is designed for enterprise-level software distribution and patch management. AppExpress is similar to SMS Server in that it pushes the software updates to the client PC. Also, the applications are installed locally on the client’s PC. One of the things I like about AppExpress is it also supports the ability for clients to pull certain types of updates. For example, suppose that you were using AppExpress to distribute Microsoft Word to a few thousand clients. Obviously, you would want the distribution process to complete as quickly as possible since there are so many clients to update. In order to save time and other resources, it is possible to perform a minimal install during the initial distribution. If a client later needs to use an optional component, then it can be downloaded from the AppExpress server on demand at the time the client tries to use it. The client doesn’t have to do anything special, the component is pulled from the AppExpress server automatically.

According to the Endeavors Technology Web site, AppExpress can be used to deploy any application or patch to the clients. The software is also designed so that it can scale in a way that allows it to service thousands of clients while using very little bandwidth. AppExpress can even be used to distribute software over connections that are as slow as 56 Kbps. I can’t imagine how slow it would be to distribute some of today’s bloated applications over such a slow connection. However, because the software does a minimal install and pulls other components as needed, the download might not be that bad. Another feature found in AppExpress is real-time monitoring of software. This feature will aid the support department in license compliance and in the fight against software piracy.

Other versions of AppExpress
There are two other versions of AppExpress available; a trialware and a training-ware version. The training-ware version works similar to the enterprise version except on a much smaller scale. It is primarily used to roll out software within a classroom environment as a way of assisting with training sessions.

The trialware version is designed for people who own Web-based software companies. The software allows potential customers to download full copies of software, rather than the traditional, watered-down trial versions. Since the software tracks usage, you can allow potential customers to use the software for a limited period of time without having to modify the code. Once the time period is up, the potential customers will have to purchase a full license if they want to continue using the software. Because the Web server is actually handling the installation, there is no way the trial customer can use the installer to redistribute the software. Thus, the worries over people pirating your company's software are greatly reduced.

Editor's Picks