Another issue we were thrown when preparing for our SAS 70 audit was managing license compliance and patches. In other words, we need to know we only have Microsoft Office installed as many times as we have licneses for, and we need to know when there are updates and which computers have not applied those updates. For this issue, we are still very much in the process of working it out. We have a system that should help a lot, but we are still in the process of figuring it out and how best to use it. It’s the KBOX 1000 from Kace.
We do really like the visibility the KBOX gives us. We can now see all software installed on all our workstations, both Windows and Linux. To a certain extent, we can also use the KBOX for automatically distributing new software and updates. It has a patch management functionality, though I’m still tinkering with it and trying to figure it out. It tells me patches and identifies machines it thinks needs the patch, but one thing it’s really missing in my opinion is telling me WHY it thinks that machine needs the patch as I think I’ve found several times when a patch doesn’t apply to a machine.
Another thing I think it’s missing in it’s patching and software distribution features is the concept of dependencies. Let’s say I have software package A and B. If software package B must be installed after package A, there’s really no way to enforce that rule in KBOX. Same with patches. Some patches will have a note buried in teh comments saying that some other peice of software must already be installed in order for the patch to work properly.
The KBOX does provide license management, though I’m currently waiting on the next version that has some updates, mainly the ability to create Software Families. Currently, there’s no good way to group different versions of software together and apply the same license to all versions of the software.
So if you have similar issues, I would encourage you to take a look at the KBOX appliance as it does seem to be a very good tool in general, though I’m not quite ready to through full support behind it without first seeing the next version (which was supposed to reach General Availability on 6/23, but as of today I still haven’t seen it). Does anyone else have some good suggestions on how to solve these issues?