Powering Up WSUS with EminentWare Extension Pack
For a long time now Windows Server Update Services from Microsoft represents the best possibility to handle, distribute and install updates in your Windows platform. Over the years WSUS scalable and stable architecture find its way to be one of the most mature Windows Server roles.
But still any platform always can be improved a little bit more: adding some missing functionalities, more automation process, scaling up the possibilities by expanding the scope. WSUS it’s not an exception, that’s when I met EminentWare WSUS Extension Pack.
Here are some of the features included:
Improvements in WSUS reporting.
Inventory features. You can handle system details for over 200 systems and easily identify rogue machines.
Keep scaling up! Flexible machine selections, granular approvals, immediate updates, precise scheduling, and even more.
Update! EminentWare Extension Pack now available in 64bit systems. EminentWare’s console and server now run on x64 systems extending the power of WSUS and SCCM with enhanced patch scheduling & control, reporting, and 3rd party patch management. More info here: https://www.eminentware.com/cs2008/media/p/736.aspx
If you are familiar with the WSUS administration then I’m pretty sure you’ve asked yourself about the features mentioned above.
Ok then, let’s take a look into the product.
Before starting to review the product, here’s a little explanation about the components included in the extension pack.
Data Grid Server: This is the main component, responsible of scheduling and executing tasks in the EminentWare system. This service contacts directly with WSUS to retrieve all the necessary information; also talking to the WMI providers
Administration Console: MMC 3.0 integrated directly with WSUS.
WMI Providers: These are the components, installed on each client, in charge of automating the process and collecting the information from managed computers.
EminentWare Extension can be installed on the same server where WSUS resides, but it is recommended to use a dedicated server.
This recommendation applies for most production environments, since EminentWare process and WMI queries could be a significant load if we are talking over 500 clients. Also the use of the EminentWare database, different from SUSDB, could cause a bottle-neck in your server.
For more information check the EminentWare WSUS Extension Pack Deployment Guide.
Memory: 2GB as separate server. 3GB (recommended) WSUS with EminentWare.
Disk Space – System Partition: 1GB.
Disk Space – EminentWare Database: 2GB.
Operating System & Software
One of the interesting options from this extension pack is that can be installed on a desktop or server operating system. The following are supported:
Windows XP Professional SP2 or superior.
Windows Vista Business, Enterprise or Ultimate.
Windows Server 2003 SP1 or superior.
Windows Server 2008.
WSUS MMC 3.0 installed. If you are not deploying EminentWare on the WSUS server, the machine must have the WSUS console.
.Net Framework 3.5 and Visual C++ Runtime library. If it’s not present, the EminentWare will automatically install them.
Local SQL Server 2005 instances. If it’s not present, a SQL Server 2005 SP2 Express (free product) will be installed.
Note: 64bits operating systems are not supported (even though the product can be installed).
The installation process it is quite straight forward and you should not have any problem. Here are some of the important steps:
1. SQL Server Instance: The product does not support installing the EminentWare database on a remote SQL Server, that’s why will try to find a SQL Server 2005 instance locally or you can install directly a SQL Server 2005 Express to store the database.
2. EminentWare Server Configuration: If this is your first server, the “Primary Application Server” must be the option for selection.
The other options available, when there’s an existing Primary Application Server, are “Application Server” (for load balancing), “Management Server” (different Management Group) and “Automation Server” (in charge of executing only tasks for a dedicated Management Group).
For more information check the EminentWare WSUS Extension Pack Deployment Guide.
EminentWare Initial Configurations
After completing the installation and registering your trial version, once your run the EminentWare WSUS extension, the first thing to do is to select the domains and/or workgroups to manage.
1. Environment: In my case I’m only adding AALVAREZ domain and after that selecting my WSUS existing server.
2. Credential Ring: Here’s where you select the users that will be in charge of connecting to the machines and servers to retrieve information, execute tasks, etc.
An important note is that you can select multiple type of users and define which one applies for what: Different domain users and even local users for special cases, like a workgroup (for local users use the format “.\Administrator”).
EminentWare Publishing 3rd Party Applications
Possibly the hottest feature in the product is the possibility to distribute and update third party applications, which WSUS treats them as any other update. Let’s take a closer look.
You can find and interact with the third party packages (as for any package you want to create) in “Administration and Reporting” > “Software Publishing” > “Packages”.
You can directly download from EminentWare a sample catalog for 3rd party software and updates that you can easily import and have a bunch of the most commonly used software ready to go. Some of the included are: Adobe Reader, Mozilla Firefox, QuickTime, Adobe Flash Player and Java Runtime.
Let’s take a quick look about the process of creating your own customized application to be distributed:
1. I’m going to create a package for WinRAR application, selecting “New Package”, the wizard will appear requesting information about the application.
2. You can add some Pre-Requisites rules before applying the application. You can create or use some the existing rules like “Windows Version”, “Windows Language” that the target machine must fulfill before receiving the package.
3. Select Package. Here you’ll complete the information about the package type and location. In my case I’m using an .EXE file and I have the content locally and on a share folder. Also you can set the EXE file parameters, like “/quiet” for a silent installation.
4. Applicability Rules. Are similar than the pre-requisites, you can add some more granular options for targeted machines, like applying the package just if a registry key exists. In my case, none in particular.
5. Installed Rules. This will be the “exceptions” values. Whenever the following rules apply, the package will not be installed.
For WinRAR, I’m using if the registry value “HKEY_LOCAL_MACHINE\SOFTWARE\WinRAR” does exist, do not install the package.
6. All done; now you can select the package from the list and publish it.
EminentWare Inventory and Reporting
Reporting capabilities represent a big feature in most products. Having a strong and scalable solution to sort and describe the information within a platform makes products far more close to the persons that are managing it.
WSUS reporting capabilities are significantly high, but EminentWare takes that and goes a little further integrating with great inventory features.
For example, taking a look to the Updates section you can retrieve some nice granular information about the updates. Selecting an update, you can quickly verify which computers have it installed or on which the update failed.
Take a look to the drag-n-drop section, where you can add the filters you want to sort all the information in the way you need it.
Combining the reporting options with the inventory information you can get some amazing results, and using just some out of the box reports. Here are few samples:
Retrieving machines Firewall status
Hardware: Memory information
This is a nice troubleshooting tool: Available computers that were not successfully connecting to using WMI.
And if you want to see some really detailed inventory information, you get the chance from each computer to receive the information about:
Installed software: Where you can also uninstall programs.
Windows updates log: Remotely check the updates logging and looking for errors directly on the machines.
Services console and processes running. And of course disabling or stopping any of them.
And even more, some interesting endpoint tasks:
Shutdown or reboot the remote computer.
Wake on Lan.
Windows Update Agent Maintenance and Repair. One of my favorites, you can run some of the most used tasks regarding WSUS with just one click: Reset authorization (regenerating the WSUS cookie), flush BITS cache, reset SUS Client ID (for duplicate clients, which BTW can easily find using a report), delete software update folders, and more.
As you can see, this extension pack it is a big one. We just had the chance to name some of the most important features and options available, but there are many more to observe. Let’s wrap it up with some of what we’ve discovered:
The 3rd party updates and distribution has been some of the most wanted WSUS features, that’s a fact.
Talking about easy-to-work-with products, the 3rd party updates catalog which you can import simplifies a lot of work.
The inventory features could provide you some information and control over your environment that you possibly are not handling right now.
Incredible scalability with the tasks features. Direct actions can take place with remote computers. Or you can schedule any task to run on daily, weekly or monthly basis; including some an important one like the “WSUS Clean Up Wizard”. Also you can easily monitor the tasks status and behavior.
The out-of-the-box reporting: Nice embedded reports ready to use and export them or send it over e-mail directly.
Big and robust product. Even though this is what we look for in scalable platforms, one thing that would increase the usability of this product is to have the possibility to only use some of the features available. Small or mid-sized companies with no big requirements, would not take advantage of some of the important features presented here because it could be too expensive to maintain it.
Hope that you found this information useful, that’s pretty much for now.