Share This Post

OPINION: Software Updates or Software Deployments

Under SCCM (and SMS), there are two different methods for the deployment of software "bits" to an end-user’s system. These two different methods have clear distinctions in how they operate and what they should be used for, but there is a gray area between them that can be a bit muddled to deal with.

Software Updates

The Software Update system in SCCM is designed, primarily, for the distribution of binary patches to existing software. The most obvious example are Microsoft security updates. These updates are installed in, essentially, a non-interactive mode and return a simple numeric exit code to determine success, reboot needed, or failure. SCCM has a built in detection mechanism and uses state messages to track the progress of deployment.

Software Deployments

The Software Deployment subsystem, however, is designed to distribute full software packages – especially new installations. Software is expected to return either an exit code or a MIF file to determine status. Deployments are targeted to collections of computers that must use membership queries (based on inventory) to determine applicability of the package. For instance, if the primary console user of a machine is in a particular user group, deploy (or offer to deploy) the ACME Widget software.

The gray area starts to show up when a software update is provided as a full software package. Think of Apple QuickTime Player or Adobe Reader as examples. Although IT staff wish to deploy the updated version due to security vulnerabilities, they are faced with deploying a full product.

Most of these products come as a collection of files, which Software Deployments are good at delivering. However, in many cases, those files can be collected into a self-extracting executable (such as one created by the SMS Installer), which is what is required by Software Updates.

Since it is an update, it is tempting to use Software Updates to determine its applicability and handle the deployment. The rules provided by Software Updates, however, are essentially the same as what is available to collections for Software Deployments (registry keys, file information, WMI lookups).

What doesn’t help the matter is when vendors provide what are essentially full software installs as Software Updates. Dell does this. Even Microsoft does this (such as Windows Live branded products).

For items that do not come in a catalog (where we would have to use the Custom Updates Publisher), we have chosen to stay faithful (if that is the right term here) to the original purpose of Software Deployments vs Software Updates.

If the software is a single-file binary patch, it goes through Software Updates. If it is a full version of the software, it goes through Software Deployments.

Hopefully this advise helps some out there.

Share This Post

Leave a Reply