With new trends in automation, IT administrators barely need to think about keeping their system fleets up to date. But with a shift to remote work models, patch management may be more difficult as users work from home. Let’s dive into why patch management is so important, especially in remote work models, and how to check patches on remote computers.
The Importance of Patch Management
Patches provide new features and address bugs and potential security vulnerabilities. They also optimize all-around system performance. As such, keeping patches up-to-date is a best practice for all admins.
Although most patches provide benefits, some have the potential to break critical functionality. For example, with macOS 10.15, Catalina, 32-bit versions of applications like Photoshop no longer run on Mac® systems, crippling users who rely on them.
Just like with other functionalities, a patch may fix a security hole in one part of a system or app, but create another one somewhere else in the process. As a result, the application developer will need to create a new patch to address these zero-day exploits. During the time between discovery of an issue and development of a fix, systems may be vulnerable to attack.
By managing how and when a system patches, IT admins can keep systems up to date while ensuring they’re also as secure as possible. Patch visibility guides admins’ decision making, enabling them to hold off if a new patch is known to have flaws.
With that in mind, let’s talk about how admins can accomplish patch management, and what tools they need to check patches on remote computers.
Managing Patches Remotely
Traditionally, on-premises patch management falls on the shoulders of SCCM or ConfigMgr, which is used in tandem with Active Directory (AD) to tightly manage Windows systems, their patches, and user access to them. Although great for on-prem, Windows-forward offices, these tools have difficulty extending control over objects that fall outside of their native Windows domain. Thus, IT organizations that need to manage remote systems and patches need to look elsewhere.
One such place to look is the dedicated remote patch management sector. Legacy solutions like SolarWinds, BigFix, and GFI among others use system-based agents connected to admin consoles which are used to push updates securely and remotely over the internet. Like many point solutions, these tools offer high degrees of functionality in their vertical, but often come at a much higher overall cost than all-in-one platforms.
An example of an all-in-one platform with OS software updates as a part of its device management offering is the cloud directory service. Much like the AD + SCCM combination of traditional offices, a Directory-as-a-Service, such as the platform offered by JumpCloud®, provides control over an entire domain of resources, including device management.
Checking Remote Patches with JumpCloud
JumpCloud Directory-as-a-Service supports major OSs like macOS, Windows, and Linux. Using the premium System Insights™ feature, IT admins can keep tabs on all of the systems they manage with JumpCloud, levying data including current patches, installed apps and browser extensions, storage space, and battery life to make informed decisions about how they should be managing their fleets. You can find all of the System Insights data points available to use here.
Additionally, admins can control patches through the application of Policies, the Directory-as-a-Service analogue to AD’s group policy objects. Policy-based patch management allows admins to choose when and how systems update, including the option to defer patches as necessary.
Manage Patches with JumpCloud for Free
JumpCloud Directory-as-a-Service is available for free for up to 10 users and systems, with premium System Insights (and Directory Insights) included on all 10 at no extra cost. Just sign up for your JumpCloud account, and we’ll even throw in 10 days of premium implementation and 24×7 chat support to help get you started.