Shavlik HFNetChkPro Plus 5.8
Shavlik HFNetChkPro Plus 5.8 incorporates a unique combination of push and pull
topology choices. The push component uses the Windows Remote Registry service
and Microsoft Server Message Block/Common Internet File System (SMB/CIFS) communication
from the Console (Shavlik's term for the patch management server) to initiate
vulnerability scans on clients. The pull component uses a client agent to initiate
communication with the Console. HFNetChkPro Plus supports Microsoft OSs only,
but it can provide patches for major Microsoft applications and some nonMicrosoft
apps, including Adobe Acrobat and Flash and Mozilla Firefox. A separate product,
Shavlik HFNetChkPro for Solaris, supports the Sun UNIX OS.
The HFNetChkPro Plus installer makes setup easy by downloading and installing
the prerequisite Windows components, which might not be present on a clean server
install. Like the other products in this review, HFNetChkPro Plus supports multiple
distribution servers and lets you customize which patches are deployed in response
to scan results. For example, you can create a Patch Scan Template to define
which patches to look for and a Deployment Template to define how and when missing
patches are deployed, how much bandwidth to use, and when client reboots can
be tolerated. Like PatchLink Update, HFNetChkPro Plus can combine scheduled
patch scans with on-demand scans for a flexible posture in responding to patching
needs. HFNetChkPro Plus lets you uninstall patches in any order.
HFNetChkPro Plus works without an agent on most clients, which should make
installation easier but might mean extra configuration on some clients. You
might need to configure an XP client's Windows Firewall and Remote Registry
service to accept connections from the Console.
With HFNetChkPro Plus, all clients that report to the same Console must use
the same configuration settings. (Shavlik plans to resolve this in an upcoming
minor version release.) Both WSUS and PatchLink Update have greater flexibility
in this area and can accommodate multiple client configurations per server to
better match network topology and client needs.
Because of its push topology, HFNetChkPro Plus can manage computers that might
otherwise be outside your control. HFNetChkPro Plus's built-in IP Range Scan
facilitates a comprehensive network scan that finds any client computers to
which you have administrator access. On mobile computers, firewalled computers,
and other difficult cases, you can install the HFNetChkPro Plus agent. The agent
supports push installation as well as local installation from CD-ROM or USB
flash drive, so no independent software distribution infrastructure is needed.
The HFNetChkPro Plus admin interface is a standalone .exe file rather than
a Web interface. Also, some scheduled tasks on the Console server execute inside
a command prompt window. Together, these minor points cause HFNetChkPro Plus
to feel like a desktop application rather than a service.
HFNetChkPro Plus's prepackaged reports are well done and include a few helpful
analysis reports, including the Top 10 Vulnerable Machines and Top 10 Missing
Patches, which Figure 3 shows. Reports
such as this help you quickly get a handle on the most serious threats to network
health.
HFNetChkPro Plus also has an optional, extra-cost antispyware add-on that was
in development at the time of this review.
Overall, I found Shavlik HFNetChkPro Plus a well-rounded patch management product
that addresses many of the software patching challenges facing modern enterprises.
| Summary
Shavlik HFNetChkPro Plus 5.8
PROS: Flexible combination of push and pull updating, easy deployment,
usable interface and well-rounded feature set, helpful reports CONS: Console
isn't Web based, inflexible client configuration
RATING: 4 out of 5
PRICE: $38 per seat
RECOMMENDATION: Recommended for organizations that need flexible
Windows platform patch management, easy deployment, and solid reporting.
CONTACT: Shavlik Technologies • http://www.shavlik.com
• 800-690-6911 |
Conclusion
All three of the reviewed products provide significant benefits for the overworked
system administrator. They all deliver the core functionality of modern patch
management solutions: patch approval, patch delivery, and reporting. And most
importantly, all three products were successful in delivering and applying patches
in my test lab environment. Beyond this core functionality, the three products
have significant differences.
WSUS provides the base level of functionality that administrators need to control
the Windows Automatic Update client and save bandwidth. Its spartan reporting
provides usable information about the status of patch deployment and it can
accommodate a variety of network topologies.
HFNetChkPro Plus adds several useful features to the expected core patching
functionality. I was impressed with the smart combination of push and pull models
for patch management, and the management interface was easy to use, although
I would have preferred a Web-based interface.
PatchLink Update also adds several useful features to the core patching functionality.
It offers agents for multiple platforms, hardware and software inventory collection,
and useful summary and analysis reports that can be easily exported. PatchLink
Update also has the most flexible access control model for administrators. Because
of its solid functionality in the multiplatform enterprise and its useful features,
PatchLink Update is my pick for Editor's Choice.
See Associated Table
End of Article
Register
frenchmanofdeath October 02, 2007 (Article Rating: