Microsoft's desktop management software is getting an interim release this spring that will include an inventory tool for custom updates and a scan tool for vulnerabilities.
The beta for Systems Management Server (SMS) 2003 R2 will begin this week simultaneously with another beta, SMS 4.0, which is the next major version of this server software. The SMS 4.0 beta will be released on Thursday.
The Inventory Tool for Custom Updates lets independent software vendors (ISVs) publish their patches in a particular format and catalog them so that SMS can download and scan for the machines that may need a particular patch.
"Customers can download these patches just as they would a Microsoft patch," said Peter Pawlak, an analyst at Directions on Microsoft, a Kirkland, Wash., consulting firm.
The inventory tool should benefit any customer who operates in a mixed computing environment. Microsoft has traditionally focused on updating only Microsoft products, so while it has been possible to inventory other products, there has been no way to update them, said one Microsoft MVP who declined to be idenfied.
Generally, if a third-party application needs to be updated, an SMS administrator has to scour for relevant updates, a mission that can take days. The inventory tool lets third parties publish a catalog of updates with the same schema and format as Microsoft. SMS can now scan those catalogs and quickly figure out which ones need updating.
"In a large corporation, this could take a 10-step process, which might take two weeks, down to three days," the MVP said.
But Microsoft will have to convince other vendors to create the catalogs, and much of that convincing depends on the success and influence of SMS. If third-party vendors and customers work to create and publish catalogs containing updates, it will mean customers are one step closer to seeing total management of all applications.
The MVP said he expects that some third-party applications will not be included because they're not widely used but said he thought that the major vendors will be on board.
Either way it will take pressure from customers to make it work. "I suppose there will be some close Microsoft partners who will jump on this, but just how many are really interested in doing this depends on the penetration [of SMS]," Direction's Pawlak said.
"If it's broad, it behooves [vendors and users] to do this. But if it's not universal, customers will still need some other method for getting patches on desktops and servers."
Compliance, governance, security inspections
The Scan Tool for Vulnerability Assessment scans about 100 configuration settings to spot potential vulnerabilities. It also reports settings out of compliance with internal configuration policies, Microsoft said.
The tool is based on the Microsoft Baseline Security Analyzer 2.0, and indeed will produce a similar result. But, Pawlak said, the new tool gives a report that summarizes what is in and out of compliance with various policies.
The tool will let an administrator set a policy for the environment, such as whether to have firewalls on or off, as well as a policy for setting passwords. The tool is not automated but must be run from the SMS console.
One analyst said the Scan Tool will appeal to large enterprises facing issues of compliance, governance and security.
"Recent trends are such that 'reasonable prudence and responsibility' are no longer adequate to protect executives from liability in the case of security or performance breakdown," said Richard Ptak, principal at Ptak, Noel and Associates, an analyst firm addressing converging IT trends. "You need to show extraordinary efforts are taken to ensure policies exist, are applied consistently and that rigorous searches to look for, identify and resolve vulnerabilities are made regularly," he added.
The fact that Microsoft placed both features in an R2 release was surprising to Direction's Pawlak, who last year said that analysts were told the features would be offered for free.
"Now it's coming as an R2 product, which is licensed," he said. "It's bizarre for as little as they are delivering on this release. It seems like it would be offered as a feature pack."
SMS R2 is indeed a carrot to get customers to sign up for Microsoft's Software Assurance (SA) licensing. SMS R2 will be available in May and is free to IT shops with SA. Also, Microsoft is offering SMS licenses with a 30% discount starting on April 1. SMS 2.0 reaches the end of mainstream support on March 31, 2006.