4 min read

Rolling Review: Patch Up Your Windows

Kaseya targets Microsoft shops that need reliable patch management but are on tight budgets.

One differentiator that we found for Kaseya's product compared with many other patch management systems was the ability to configure settings for individual clients.

For example, Kaseya allows for per-client settings for reboot behavior and vulnerability notification, giving administrators more flexibility about when a deployed patch will trigger a reboot. For instance, instead of creating two separate patch packages--one for desktops or laptops that can be rebooted right away, and another for servers that require scheduled downtime--administrators can adjust the settings on individual clients to reboot as appropriate.

Administrators can choose a variety of reboot settings: forced reboots, scheduled reboots, notification to prompt the user to reboot, and no reboot.

The agents' vulnerability notification feature is also highly configurable. Desktop and laptop agents might only notify administrators about critical security vulnerabilities, while agents on mission-critical servers can be configured to notify admins about any vulnerability.

Kaseya Managed Services Edition 2008--

Patch management products are being tested at our Real-World Labs at Windward IT Solutions. We're assessing breadth of platforms supported, how well a product uses subscription services to discover patches, how thoroughly it discovers our environment, what rollback capabilities are available, testing and staging capabilities prior to production, reporting, and network bandwidth control.

A wrap-up of our patch management series

BigFix, BladeLogic, BMC Software, CA, Configuresoft, Ecora Software, IBM, LANDesk Software, Lumension Security/PatchLink, Shavlik, Novell, Opsware, and Symantec

Kaseya can regulate Windows Update behavior, a feature unique to this product. On a per-client setting, Windows Update can be disabled, left to user control, or enabled with the usual selection of options.

This is a useful feature for organizations that run updates through a change management process rather than have them automatically installed. The change management process can ensure that patches won't disable applications or otherwise affect a system's performance or availability.

Robust options for client deployment are another notable feature of Kaseya. Besides the usual options for deployment, such as by remote login, by domain, by Active Directory, or via a browser, Kaseya offers a LAN Watch component.


With LAN Watch, if you configure a client to act as a patch distribution point, that client can scan other machines on a LAN segment and deploy patches as necessary. Each client deployment package can be further customized to use any client settings already configured on the Kaseya server. This enables templates for server, desktop, or laptop deployment to carry correct client settings from installation, rather that having to manage individually or by group later.

Kaseya is ideal for Windows-centric shops looking for an easy-to-use patch system that's competitively priced. It supports all Win- dows versions, including 95, 98, and NT 4. Application support is based on Microsoft's updates, including Office, SQL Server, Windows Media Player, Direct X, and Exchange.

Kaseya's greatest drawback is the initial agent configuration. Each agent has to be configured individually after it's deployed, which will be time-consuming for all but the smallest shops.

Also, beware that default client settings include forcing immediate reboots and downloading all patches directly from Microsoft.

Pricing is based on a one-time licensing fee--that's it. There are no annual subscriptions for the software itself or the patches. In our scenario, Kaseya charged $12 per device for 600 Windows machines, for a total of $7,200. Other vendors will find that pricing structure hard to beat.

InformationWeek's Rolling Reviews present a comprehensive look at a hot technology category, beginning with market analysis and wrapping up with a synopsis of our findings. See our kickoff and other reviews in this patch management series at Rolling Reviews.