Mais conteúdo relacionado Semelhante a Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS (20) Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS2. Thanks to
Russ Ernst, Director, Product Management
© 2014 Monterey Technology Group Inc.
www.Lumension.com
3. Preview of Key
Points
SCUP overview
Building software updates
Understanding the overall process
Where to obtain pre-built update catalogs?
© 2014 Monterey Technology Group Inc.
4. Compliance
3rd party security patching
What’s your state of compliance?
How do you demonstrate it?
© 2014 Monterey Technology Group Inc.
5. SCUP
Single-user application
Define software updates
Update program itself
Prerequisites
Applicability rules
Already installed rules
Publish to WSUS and SC Configuration Manager
© 2014 Monterey Technology Group Inc.
6. SCUP
SCUP objects
Catalog
Software Updates
Software Update Bundles
Publications
© 2014 Monterey Technology Group Inc.
8. SCUPCatalog
Catalog
Collection of pre-built software updates
Some published through Microsoft on the Internet
Others available for import
Creating your own updates?
No need for a catalog
© 2014 Monterey Technology Group Inc.
10. SCUP
Software
Update
Software Update
Actual installation file
Types
MSP – Windows Installer patch file
MSI – Windows installer file
EXE – Standalone EXE that performs update
Java
Success return codes
Command line parameters
© 2014 Monterey Technology Group Inc.
11. SCUP
Software
Update
Software Update
Prerequisites
CPU Architecture
Language
Other updates
Installable rules
i.e. Does this computer need this update?
Installed rules
i.e. Does this computer already have this update?
Superseded updates
© 2014 Monterey Technology Group Inc.
12. Applicability
rules
Depend on the update file type
EXEs
Specify files that should be present with version number, date, etc
Registry keys
MSPs
Automatically generated from meta-data in the MSP itself
Should not have to create additional rules unless MSP not authored well
MSIs
Automatically generated
But still necessary to add a rule to check if application being updated is
installed or not
© 2014 Monterey Technology Group Inc.
13. Pre-built rules
Great for re-use or templates
Java JRE file version rule template
Operating system version
© 2014 Monterey Technology Group Inc.
14. SCUP
Pre-reqs
WSUS
SCCM
Initial setup tasks
Client trust
Enable “Allow signed updates for an intranet Microsoft update service
location”
Choose signing certificate
Deploy toTrusted Root CAs,Trusted Publishers
Install SCUP
© 2014 Monterey Technology Group Inc.
15. SCUP
Over all process
1. Get the patch
2. Research
Pre-requisites
Applicability criteria
Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence
Files
Registry keys
5. Stage the software where clients can access it
6. Create Software Update in SCUP
7. Publish toWSUS
8. Test via SCCM
Installed on required systems?
Not installed on n/a systems?
9. Rollout to systems via SCCM
© 2014 Monterey Technology Group Inc.
16. Bottom line
Very few vendors publish catalogs for updating their own tools
Adobe
Acrobat and Flash
Oracle Java
Those that do seem have quality issues
Create updates yourself
Viable but time-consuming
Why does everyone have to re-invent the wheel?
They don’t
© 2014 Monterey Technology Group Inc.
17. SCUP with
Lumension
SCUP with Lumension
1. Get the patch
2. Research
Pre-requisites
Applicability criteria
Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence
Files
Registry keys
5. Stage the software where clients can access it
6. Create Software Update in SCUP
7. Publish toWSUS
8. Test via SCCM
Installed on required systems?
Not installed on n/a systems?
9. Rollout to systems via SCCM
Import Lumension catalog
© 2014 Monterey Technology Group Inc.
18. “Better than Free”
18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
For more, see https://www.lumension.com/system-center/
patch-manager-desktop/requirements.aspx (scroll to bottom)
19. Additional Information
19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Free Catalog
https://www.lumension.com/system-center/
patch-manager-desktop/free-catalog.aspx
https://www.lumension.com/system-center/patch-manager-desktop.aspx