Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
-
Upload
lumension -
Category
Technology
-
view
776 -
download
1
Transcript of Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
Sponsored byUsing SCUP (System Center Updates
Publisher) to Security Patch 3rd Party Apps
with WSUS
© 2014 Monterey Technology Group Inc.
Thanks toRuss Ernst, Director, Product Management
© 2014 Monterey Technology Group Inc.
www.Lumension.com
Preview of Key Points
SCUP overview
Building software updates
Understanding the overall process
Where to obtain pre-built update catalogs?
© 2014 Monterey Technology Group Inc.
Compliance 3rd party security patching
What’s your state of compliance?
How do you demonstrate it?
© 2014 Monterey Technology Group Inc.
SCUP
Single-user application
Define software updates Update program itself Prerequisites Applicability rules Already installed rules
Publish to WSUS and SC Configuration Manager
© 2014 Monterey Technology Group Inc.
SCUP
SCUP objects Catalog Software Updates Software Update Bundles Publications
© 2014 Monterey Technology Group Inc.
SCUP
Catalogs
Software
Updates
SCCM
WSUS
Custom Create
d
Approve
Publications
Software Update Bundles
© 2014 Monterey Technology Group Inc.
SCUP Catalog
Catalog Collection of pre-built software updates Some published through Microsoft on the Internet Others available for import
Creating your own updates? No need for a catalog
© 2014 Monterey Technology Group Inc.
SCUP Software Update
Software Update Actual installation file Rules
© 2014 Monterey Technology Group Inc.
SCUP Software Update
Software Update Actual installation file
Types MSP – Windows Installer patch file MSI – Windows installer file EXE – Standalone EXE that performs update
Java Success return codes Command line parameters
© 2014 Monterey Technology Group Inc.
SCUP Software Update
Software Update Prerequisites
CPU Architecture Language Other updates
Installable rules i.e. Does this computer need this update?
Installed rules i.e. Does this computer already have this update?
Superseded updates
© 2014 Monterey Technology Group Inc.
Applicability rules
Depend on the update file type EXEs
Specify files that should be present with version number, date, etc
Registry keys MSPs
Automatically generated from meta-data in the MSP itself Should not have to create additional rules unless MSP not
authored well MSIs
Automatically generated But still necessary to add a rule to check if application being
updated is installed or not
© 2014 Monterey Technology Group Inc.
Pre-built rules
Great for re-use or templates Java JRE file version rule template Operating system version
© 2014 Monterey Technology Group Inc.
SCUP
Pre-reqs WSUS SCCM
Initial setup tasks Client trust
Enable “Allow signed updates for an intranet Microsoft update service location”
Choose signing certificate Deploy to Trusted Root CAs, Trusted Publishers
Install SCUP
© 2014 Monterey Technology Group Inc.
SCUP
Over all process1. Get the patch2. Research
Pre-requisites Applicability criteria Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence Files Registry keys
5. Stage the software where clients can access it6. Create Software Update in SCUP7. Publish to WSUS8. Test via SCCM
Installed on required systems? Not installed on n/a systems?
9. Rollout to systems via SCCM
© 2014 Monterey Technology Group Inc.
Bottom line
Very few vendors publish catalogs for updating their own tools
Adobe Acrobat and Flash
Oracle Java
Those that do seem have quality issues
Create updates yourself Viable but time-consuming
Why does everyone have to re-invent the wheel? They don’t
© 2014 Monterey Technology Group Inc.
SCUP with Lumension
SCUP with Lumension1. Get the patch2. Research
Pre-requisites Applicability criteria Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence Files Registry keys
5. Stage the software where clients can access it6. Create Software Update in SCUP7. Publish to WSUS8. Test via SCCM
Installed on required systems? Not installed on n/a systems?
9. Rollout to systems via SCCM
Import Lumension catalog
© 2014 Monterey Technology Group Inc.
“Better than Free”
18PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
For more, see https://www.lumension.com/system-center/patch-manager-desktop/requirements.aspx (scroll to bottom)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Additional Information
19
Free Cataloghttps://www.lumension.com/system-center/patch-manager-desktop/free-catalog.aspx
https://www.lumension.com/system-center/patch-manager-desktop.aspx
Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 85255
[email protected] http://blog.lumension.com