0
Sponsored by 
Using System Center 
Configuration Manager 2012 R2 
to Patch Linux, UNIX and Macs 
© 2014 Monterey Technolog...
Thanks to 
© 2014 Monterey Technology Group Inc. 
www.Lumension.com
Preview of Key 
Points 
 Need for patching from Data center to desktop 
 System Center support for *nix 
 8 steps for p...
The situation 
 Have to be compliant and secure 
 Everything has to be patched 
 Everything includes 
 Windows 
 MS A...
System Center 
 System Center de facto standard in MS-centric environments 
 25% of OpsMgr environments already monitor ...
System Center 
 Can you patch *nix from SC? 
 Yes 
 Manual 
 Patch by patch 
 Watering can 
 Can you show compliance...
Patching *nix 
from System 
Center 
1. Install SCCM agents 
2. Create collections 
3. Get inventory 
4. Pick out a patch f...
1. Install SCCM 
Agents 
 Microsoft System Center 2012 R2 Configuration Manager - Clients for 
Additional Operating Syste...
1. Install SCCM 
Agents 
 Mac 
 http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-B336# 
fbid= 
 Steps 
 D...
1. Install SCCM 
Agents 
 Linux 
 http://prajwaldesai.com/how-to-install-sccm-2012-sp1-client-agent-on-linux- 
computers...
1. Install SCCM 
Agents 
 UNIX 
 http://technet.microsoft.com/en-us/library/jj573939.aspx 
 Steps 
 On a Windows compu...
A little more 
 Rootless discover 
 http://blogs.catapultsystems.com/ttaylor/archive/2012/01/17/scom-manual- 
linux-agen...
Patching *nix 
from System 
Center 
1. Install SCCM agents 
2. Create collections 
3. Get inventory 
4. Pick out a patch f...
Watering can 
patching 
 Automatic updates on Linux 
 Yum 
 Zypper 
 Others? 
 Mac 
 Automatic Updates 
 http://blo...
What’s left? 
 What’s left? 
 Reporting 
 Think about this 
 We’ve patched one vulnerability on SUSE 
 What if you al...
Wouldn’t be 
nice… 
 Wouldn’t it be nice… 
 If you could get WSUS-like functionality for Linux, UNIX, Mac 
 Download pa...
Wouldn’t be 
nice… 
AIX 
HP-UX 
Solaris 
Mac 
OS 
X 
CentOS 
Oracle 
Linux 
SUSE 
Red Hat 
Windows 
MS Apps 
3rd Party 
Wi...
Wouldn’t be 
nice… 
AIX 
HP-UX 
Solaris 
Mac 
OS 
X 
CentOS 
Oracle 
Linux 
SUSE 
Red Hat 
Windows 
MS Apps 
3rd Party 
Wi...
Wouldn’t be 
nice… 
AIX 
HP-UX 
Solaris 
Mac 
OS 
X 
CentOS 
Oracle 
Linux 
SUSE 
Red Hat 
Windows 
MS Apps 
3rd Party 
Wi...
Wouldn’t be 
nice… 
AIX 
HP-UX 
Solaris 
Mac 
OS 
X 
CentOS 
Oracle 
Linux 
SUSE 
Red Hat 
Windows 
MS Apps 
3rd Party 
Wi...
Wouldn’t be 
nice… 
AIX 
HP-UX 
Solaris 
Mac 
OS 
X 
CentOS 
Oracle 
Linux 
SUSE 
Red Hat 
Windows 
MS Apps 
3rd Party 
Wi...
Additional Information 
22 
Whitepaper 
Practical Patch Compliance 
Relieving IT Security Audit Pain, From the 
Data Cente...
Upcoming SlideShare
Loading in...5
×

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs

3,221

Published on

Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.

Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.

Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.

The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.

Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,221
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Using SCCM 2012 r2 to Patch Linux, UNIX and Macs"

  1. 1. Sponsored by Using System Center Configuration Manager 2012 R2 to Patch Linux, UNIX and Macs © 2014 Monterey Technology Group Inc.
  2. 2. Thanks to © 2014 Monterey Technology Group Inc. www.Lumension.com
  3. 3. Preview of Key Points  Need for patching from Data center to desktop  System Center support for *nix  8 steps for patching *nix from System Center  How far does that get you and what’s left?  Show elegant Lumension Patch Manager DataCenter solution for bringing WSUS functionality to *nix with compliance reporting unified with SC for single pane of glass patch management from Data center to desktop
  4. 4. The situation  Have to be compliant and secure  Everything has to be patched  Everything includes  Windows  MS Apps  3rd party apps  UNIX  Linux  Mac OS X  Don’t just have to be secure  Have to be able show you are secure and compliant  Can waste a lot of time on  Patching the one-offs and minority systems – 80/20 rule  Showing compliance
  5. 5. System Center  System Center de facto standard in MS-centric environments  25% of OpsMgr environments already monitor Linux and UNIX  System Center 2012 R2 has Linux, UNIX and Mac support  Inventory  Hardware  Software  Script execution
  6. 6. System Center  Can you patch *nix from SC?  Yes  Manual  Patch by patch  Watering can  Can you show compliance?  Not without significant custom work  Everything repeated for each flavor/distribution  Walk you through how to do the above  Show elegant Lumension Patch Manager DataCenter solution for bringing WSUS functionality to *nix with compliance reporting unified with SC for single pane of glass patch management from Data center to desktop
  7. 7. Patching *nix from System Center 1. Install SCCM agents 2. Create collections 3. Get inventory 4. Pick out a patch for a given OS  OpenSSL fix for HeartBleed for SUSE 5. Download the patch to distribution point(s) 6. Determine applicability criteria 7. Create a package 8. Deploy
  8. 8. 1. Install SCCM Agents  Microsoft System Center 2012 R2 Configuration Manager - Clients for Additional Operating Systems  Specific versions supported for each flavor/distro  http://technet.microsoft.com/en-us/library/c1e93ef9-761f-4f60-8372- df9bf5009be0#BKMK_SupConfigLnUClientReq  http://www.microsoft.com/en-us/download/details.aspx?id=39360
  9. 9. 1. Install SCCM Agents  Mac  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-B336# fbid=  Steps  Download the Mac client msi file to a Windows system  Run the msi and it will create a dmg file under the default location “C:Program Files (x86)MicrosoftSystem Center 2012 Configuration Manager Mac Client” on the Windows system  Copy the dmg file to a network share or a folder on a Mac computer  Access and open the dmg file on a Mac computer and install the client using instructions in the online documentation. http://technet.microsoft.com/en-us/ library/jj591553.aspx
  10. 10. 1. Install SCCM Agents  Linux  http://prajwaldesai.com/how-to-install-sccm-2012-sp1-client-agent-on-linux- computers/  https://vlabs.holsystems.com/vlabs/technet?eng=VLabs&auth=none&src =microsoft.holsystems.com&altadd=true&labid=10436  Steps  On a Windows computer download the Linux client  The downloaded file is a self-extracting exe and will extract tar files for the different versions of your operating system.  Copy the install script and the .tar file for your computer’s operating system version to a folder on your Linux computer.  Install the client using instructions in the online documentation. http://technet.microsoft.com/en-us/library/jj573939.aspx
  11. 11. 1. Install SCCM Agents  UNIX  http://technet.microsoft.com/en-us/library/jj573939.aspx  Steps  On a Windows computer download the appropriate file for UNIX flavor you wish to manage  The downloaded file is a self-extracting exe and will extract tar files for the different versions of your operating system.  Copy the install script and the .tar file for your computer’s operating system version to a folder on your UNIX computer.  Install the client using instructions in the online documentation. http://technet.microsoft.com/en-us/library/jj573939.aspx
  12. 12. A little more  Rootless discover  http://blogs.catapultsystems.com/ttaylor/archive/2012/01/17/scom-manual- linux-agent-install-and-rootless-discovery-1.aspx  Troubleshooting  http://social.technet.microsoft.com/wiki/contents/articles/4966.troubles hooting-unixlinux-agent-discovery-in-system-center-2012-operations-manager. aspx  Licensing  Remember, you probably need valid subscriptions to legally patch most flavors
  13. 13. Patching *nix from System Center 1. Install SCCM agents 2. Create collections 3. Get inventory 4. Pick out a patch for a given OS  OpenSSL fix for HeartBleed for SUSE 5. Download the patch to distribution point(s) 6. Determine applicability criteria 7. Create a package 8. Deploy
  14. 14. Watering can patching  Automatic updates on Linux  Yum  Zypper  Others?  Mac  Automatic Updates  http://blogs.technet.com/b/scd-odtsp/archive/2013/05/29/system-center-configuration- manager-2012-sp1-automatic-updates-on-a-mac-2.aspx  Problems with this approach  No control, granularity, management  Every computer downloads directly from vendor over Internet  No maintenance windows  Not an enterprise solution  No reporting or compliance
  15. 15. What’s left?  What’s left?  Reporting  Think about this  We’ve patched one vulnerability on SUSE  What if you also have  Redhat  AIX  Macs  etc  What if you have  What if you aren’t a *nix troll expert?  What if someone else manages *nix? Discover Download Package Assess Deploy Report
  16. 16. Wouldn’t be nice…  Wouldn’t it be nice…  If you could get WSUS-like functionality for Linux, UNIX, Mac  Download patches  Assess applicability  Deploy  Report  Without leaving System Center  And be able to report on everything from one console?  And wouldn’t be nice  To add 3rd Party Windows apps to all of that?
  17. 17. Wouldn’t be nice… AIX HP-UX Solaris Mac OS X CentOS Oracle Linux SUSE Red Hat Windows MS Apps 3rd Party Windows Apps
  18. 18. Wouldn’t be nice… AIX HP-UX Solaris Mac OS X CentOS Oracle Linux SUSE Red Hat Windows MS Apps 3rd Party Windows Apps
  19. 19. Wouldn’t be nice… AIX HP-UX Solaris Mac OS X CentOS Oracle Linux SUSE Red Hat Windows MS Apps 3rd Party Windows Apps Patch Manager DataCenter
  20. 20. Wouldn’t be nice… AIX HP-UX Solaris Mac OS X CentOS Oracle Linux SUSE Red Hat Windows MS Apps 3rd Party Windows Apps Patch Manager DataCenter Patch Manager DeskTop
  21. 21. Wouldn’t be nice… AIX HP-UX Solaris Mac OS X CentOS Oracle Linux SUSE Red Hat Windows MS Apps 3rd Party Windows Apps Patch Manager DataCenter Discover Download Package Assess Deploy Report Patch Manager DeskTop
  22. 22. Additional Information 22 Whitepaper Practical Patch Compliance Relieving IT Security Audit Pain, From the Data Center to the Desktop https://www.lumension.com/sccm Free Adobe SCUP Catalog https://lumension.com/system-center/patch-manager- desktop/free-catalog.aspx
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×