Product Review: VMware Protect Essentials Plus
The capabilities of VMware vCenter Protect Essentials Plus go well beyond what's available in tools such as the Microsoft Baseline Security Analyzer (MBSA).
February 22, 2012
VMware vCenter Protect Essentials Plus (formerly known as Shavlik NetChk Protect) is primarily an update compliance tool that lets you determinewhether the Windows computers in your organization are up-to-date with patches. Its capabilities go beyond what's available in tools such as theMicrosoft Baseline Security Analyzer (MBSA). For example, with vCenter Protect Essentials Plus, you can determine whether updates are missing from notonly Microsoft applications but also third-party and custom applications. Detecting missing updates for third-party applications is very importantbecause third-party applications rather than Microsoft applications are now the dominant malware vector.
Besides detecting missing patches, you can do the following with vCenter Protect Essentials Plus:
Perform scans and deploy updates with or without an agent. Almost all the important update management functionality works without the agent.
Deploy updates to computers for Microsoft, third-party, and custom applications.
Roll back the deployment of updates for Microsoft, third-party, and custom applications.
Deploy and monitor an anti-malware agent. This agent includes central reporting functionality, which lets you monitor malware across managedcomputers. (The anti-malware feature is included with the Plus edition and is available as a separately licensed add-on for the standard edition.)
Reduce power consumption, shut down, restart, or wake managed computers on a scheduled basis. (The power management feature is included with thePlus edition and is available as a separately licensed add-on for the standard edition.)
Determine what hardware and software has been installed on physical and virtual clients. (This feature isn't available in the standard edition.)
Scan by domain, organizational unit (OU), computer name, and IP address range.
Easily execute Windows PowerShell scripts on remote machines with the ITScripts feature. (This feature isn't available in the standard edition.)
Quickly connect to target machines. This is made possible through RDP integration and the storage of credentials.
Create custom reports that let you analyze data on missing updates, update deployments, and malware threats.
Scan and update offline virtual machines (VMs), provided that vCenter Protect Essentials Plus has access to the VM host.
As Figure 1 shows, the product's console has an interface that will be familiar to users of Microsoft's System Center suite. The console's layout letsyou quickly discover functionality without having to dig through an arcane menu structure.
Figure 1: The vCenter Protect Essentials Plus console
As I mentioned previously, one of the product's most important features is the ability to scan for missing updates to custom and third-partyapplications. You use the Custom Patch File Editor to assist with this functionality. It helps you use patch files to generate an XML file that allowsyou to find unpatched machines and deploy the needed updates to them.
To use vCenter Protect Essentials Plus, you need a SQL Server 2005 Express Edition or later database. The installation routine will connect to theInternet and automatically download SQL Server 2008 R2 Express if you don't have an available SQL Server instance. When installing my review copy, Ihad some problems with this aspect of the installation. The routine didn't detect the SQL Server Express instance on my machine. I ended up deploying aseparate SQL Server 2008 R2 instance, at which point everything worked.
This product supports client computers running Windows 2000 and later. Scanning offline VMs requires that you're using VMware virtualization software.
VMware vCenter Protect Essentials Plus allows a substantial amount of customization in how you scan for and deploy updates. For example, you can usemachine groups for differentiated missing update detection and deployment. You can also configure Patch Scan templates, which let you be selectiveabout looking for specific missing updates. So, if you're in the market for a versatile tool that can manage update compliance for Windows OSs as wellas Microsoft, third-party, and custom applications but you don't want the expense of deploying a product such as Microsoft System Center ConfigurationManager (SCCM) 2012, check out vCenter Protect Essentials Plus.
About the Author
You May Also Like