Hi PeerSpot Community,
In a legacy data center/branch network with over 1500+ network devices by Cisco/PA/FTG, what solution should be used for upgrading and patching OS to remediate vulnerabilities? Even patching one device on a daily basis does not suffice the requirement and even businesses do not bear an impact more than this if we go for automation tools.
Can we patch multiple devices without impacting the legacy network? Or do we need to consider infrastructure architecture migration to some other solution like cloud, or virtualization?
Thanks
Hi, you can also try Tanium Patch/EDR/XDR for your critical patch and vulnerability scanning and applying patches on priority. We evaluated this software recently for an enterprise customer and implementation is going on. The main criteria for choosing this is for NON-windows OS / Applications patching can be scheduled as per office locations and time zones and on a priority basis. The only disadvantage we found was the patches authenticity checking mechanism inbuilt which is very much available in BIGFIX only, because of the costing the client went for Tanium.
Hi @Vijay Mohan Thanks for your response. i have gone through these tools but unfortunately it doesn't help much what i am looking for though its informative stuff.
Hi,
You need to split your data center PATCHING requirements into separate sections. Endpoints & Network devices need to be accorded different treatments for Patch management or OS updates/upgrades. Typically, patch management solutions for servers, desktops, and laptops will have agents and these can be addressed by solutions like BigFix. For Network devices, Security devices, etc., patch management is most of the time an OS upgrade itself. The appliances typically get the OS updates/upgrades done using TFTP solutions that are typically agentless. Yes, multiple devices can be updated/upgraded at the same time using solutions like SolarWinds Network Configuration Manager. A word of caution though, in both solutions, OS updates/upgrades (also referred to as Patching) will require system restarts. Hope this helps.
Hello @Ravi Khanchandani you are right about Endpoints & network devices split which is already in place. Problem here is network devices upgrades without giving any impact but in any case we have to reboot our device that eventually require downtime which we need to eliminate along with the multi fixes in one day.i also have tried SolarWinds NCM feature but couldn't get desired results. What i understand is even automation tool cannot help much in this case