Automatic System Update Software

The main idea of the product is:

  • Automate process of network scanning and analysis on demand or on scheduled basis.
  • Automate process of editing knowledge base and filling it with new patches.
  • Automate process of pushing patches (system update process).

Scanning of the network

A system engineer determines a policy, rules and schedules to scan, analyze and update (if necessary) systems in the network. The primary purpose of the task is to determine new machines in the network, applications installed on them and critical software updates missing from the identified applications. If a new machine is discovered, the system engineer will be notified by email about it; if a machine that is at risk is found, the module will deploy critical software updates according to the policy defined by the system administrator and notify a system engineer about deployed updates via email.

Knowledge base update

After a big talk with DB support team it turned out that knowledge base update may be automated. The application was slightly modified to perform this task and update knowledge base automatically.
After a new update is found, it is downloaded to the repository and all the information about this update is written down into knowledge base. A system engineer receives a notification about contents of new updates and update logs by email to make sure everything was updated correctly.

Pushing patches

All the systems in the network are divided onto groups. For each system as well as for each group of systems administrator can create a policy that describes how to scan, investigate and update certain machine or group of machines (if default rules do not match system engineers needs of course). If a policy is defined for a system or for a group of systems, all affected systems will be analyzed and updated according to this policy.

Product’s Architecture

To make the product easy to support, robust and extensible it must be separated into several independent modules shipped in one installation package. It will allow the product to continue working even if one of its parts cannot work in certain environment or is not necessary for a certain user. So removing one or more modules will simply make some product features unavailable, but the entire product will remain fully operable. Besides, the application split into several modules is much easier to update. Certain modules can be updated without updating the entire application.
The product is divided into several parts:

  • Management console. The application that allows a system administrator (SA) to control the application, monitor it, write rules, create new schedules, force scanning of the network or machine and so on.
  • Automatic Processor. Module that processes all the operations mentioned above in background.
  • Knowledge Base Processor. The application that keeps knowledge base up to date and allows other parts of the product to access information about patches, system updates, operating systems and products supported and so on.
  • Data Base Processor. The application that keeps the data base of the product up to date and allows other parts of the product to access data stored in data base.
  • System Agent. The optional application that works on a client computer and provides the information about machine, operating system; installs patches, software and OS updates.

Management Console

Microsoft Windows (Linux, Unix, MacOS) user interface application that allows SA to perform the following activities:

  • control work of the product;
  • create and manage tasks;
  • schedule new tasks;
  • create and manage rules;
  • create and manage policies;
  • store, manage and display history and results of previously executed tasks and jobs;
  • audit state of a specified system, group of systems and entire network;
  • perform diagnostics of knowledgebase;
  • perform diagnostics of database;
  • etc.

Management Console is the only application that SA uses to work with the product; the rest of applications are the internal part and do not have UI. Activities of these parts are seamless to the end user.
Knowledgebase and data base are separated, since they keep completely different information and belong to different parts of the product. Knowledge base can be placed even on a separate server.

Automatic Processor

It is the biggest part and one of the main parts of the product. It performs all the operations, starts new scans, pushes, reports about problems, new systems and so on. The heart of the application is a script engine that executes scripts generated from SA actions to perform the requested tasks. Scripts are stored in the knowledge base and used for installing all patches, system updates, and supported application’s updates and so on.

Knowledgebase Processor

Monitors new updates and, if one is found, it adds the update information to the knowledge base, and notifies SA about new update availability. SA then can handle new updates and check if they are added to knowledge base properly and can be used.

Database Processor

Just an API that provides high level access to data, making the structure of database invisible for all the product’s modules.