VMware vCenter Protect Essentials Plus (formerly known as Shavlik NetChk Protect) is primarily an update compliance tool that lets you determine whether the Windows computers in your organization are up-to-date with patches. Its capabilities go beyond what's available in tools such as the Microsoft Baseline Security Analyzer (MBSA). For example, with vCenter Protect Essentials Plus, you can determine whether updates are missing from not only Microsoft applications but also third-party and custom applications. Detecting missing updates for third-party applications is very important because third-party applications rather than Microsoft applications are now the dominant malware vector.
Besides detecting missing patches, you can do the following with vCenter Protect Essentials Plus:
- Perform scans and deploy updates with or without an agent. Almost all the important update management functionality works without the agent.
- Deploy updates to computers for Microsoft, third-party, and custom applications.
- Roll back the deployment of updates for Microsoft, third-party, and custom applications.
- Deploy and monitor an anti-malware agent. This agent includes central reporting functionality, which lets you monitor malware across managed computers. (The anti-malware feature is included with the Plus edition and is available as a separately licensed add-on for the standard edition.)
- Reduce power consumption, shut down, restart, or wake managed computers on a scheduled basis. (The power management feature is included with the Plus edition and is available as a separately licensed add-on for the standard edition.)
- Determine what hardware and software has been installed on physical and virtual clients. (This feature isn't available in the standard edition.)
- Scan by domain, organizational unit (OU), computer name, and IP address range.
- Easily execute Windows PowerShell scripts on remote machines with the ITScripts feature. (This feature isn't available in the standard edition.)
- Quickly connect to target machines. This is made possible through RDP integration and the storage of credentials.
- Create custom reports that let you analyze data on missing updates, update deployments, and malware threats.
- Scan and update offline virtual machines (VMs), provided that vCenter Protect Essentials Plus has access to the VM host.
As Figure 1 shows, the product's console has an interface that will be familiar to users of Microsoft's System Center suite. The console's layout lets you quickly discover functionality without having to dig through an arcane menu structure.
As I mentioned previously, one of the product's most important features is the ability to scan for missing updates to custom and third-party applications. You use the Custom Patch File Editor to assist with this functionality. It helps you use patch files to generate an XML file that allows you to find unpatched machines and deploy the needed updates to them.
To use vCenter Protect Essentials Plus, you need a SQL Server 2005 Express Edition or later database. The installation routine will connect to the Internet and automatically download SQL Server 2008 R2 Express if you don't have an available SQL Server instance. When installing my review copy, I had some problems with this aspect of the installation. The routine didn't detect the SQL Server Express instance on my machine. I ended up deploying a separate SQL Server 2008 R2 instance, at which point everything worked.
This product supports client computers running Windows 2000 and later. Scanning offline VMs requires that you're using VMware virtualization software.
VMware vCenter Protect Essentials Plus allows a substantial amount of customization in how you scan for and deploy updates. For example, you can use machine groups for differentiated missing update detection and deployment. You can also configure Patch Scan templates, which let you be selective about looking for specific missing updates. So, if you're in the market for a versatile tool that can manage update compliance for Windows OSs as well as Microsoft, third-party, and custom applications but you don't want the expense of deploying a product such as Microsoft System Center Configuration Manager (SCCM) 2012, check out vCenter Protect Essentials Plus.
VMware vCenter Protect Essentials Plus