As our Centero Software Manager customers know, the applications included in the service are updated automatically. We release the applications’ new versions into CSM shortly after the application provider releases a new version. From our customers’ point of view, this is all of course very easy, and the cyber security is constantly at a high level. But what happens behind the scenes before a new version is installed on customer’s workstations? 

Our background processes can be roughly divided into these categories: 

Monitoring 

It all starts with monitoring the application versions. We monitor the application providers’ sources on a regular basis and are always on the know of any possible new versions released for the applications our service supports. We download the installation packages from the application provider’s official sources, as installation media from alternative sources can contain malware or other unpleasant surprises.  

When a new version is detected, we create a packaging job into our system, an ERP we’ve developed for packaging process management. The packaging job’s response time depends on whether we’re talking about a customer-specific package (APaaS, or Application Packaging as a Service) or a general CSM application (Supported App).  

  • For the supported applications, the response time is 5 working days, but in reality, the actual response time is just over 24 hours (see image below). 
  • For APaaS applications, the response time is always specified in the agreement, but it’s usually 7 to 15 working days from the moment the application provider releases a new version for the application. 

If the detected application version is a patch for a critical vulnerability, we give it the highest priority in the packaging queue. These versions are practically always released during the same day they are released. 

The past year, new application versions were released on average in 1.34 days after the application provider’s release. On average, 1.6 applications were released daily.

Packaging

When a member of the packaging team takes on a new packaging job, they download the media from the same, trusted location used during the monitoring.  

For most applications, the application provider offers an MSI installation package. We do not re-package the ready MSI installation packages but instead create a response file (an MST file) that includes any changes we want to include. We edit each application to best suit corporate use.  

Here we follow our best practices, based on our years of experience. Many of the changes made are based on the feedback we get from our customers. The most common changes include  

  • Blocking automatic updates
  • Removing shortcuts
  • Approving terms and conditions
  • Blocking any other notifications that disturb the end-user.

 In addition, we might remove the so-calledadware or other additional blocks that disturb the end-user and are not a part of the actual application. 

 If the application provider doesn’t offer an MSI package, we create a fully new MSI installation package from an EXE type installation package. Re-packaging is done with an application that is designed for this precise need. We use Flexera’s AdminStudio, for which we have a Service Provider license. This enables deploying the application packages all the way to the end customers. The applicationrecords any changes to the virtual device’s registers and files during the installation, and these changes are used to create the MSI installation package.  

For customer-specific packages, we go through the same steps but also include any changes the customer requests. Typical changes include adding a browser extension, setting a homepage into the browser’s installation package, and adding a license key to any application that requires one. Any change you can make in the application once it’s installed, we can make directly into the installation package. This means that when an application is installed with our installation package, it requires no actions after the installation.  

Customer-specific applications can be as exotic an industry-specific application as you can think of, and if need be, we can arm them with very complicated customer-specific configurations. For one customer, we managed an APaaS deployment of an application with an installation package of dozens of gigabytes. Manually, the application had to be installed from a DVD, and the installation took a significant amount of time for every user. On top of this, the application was updated several times a year. In this case, automatizing the update with our processes saved the customer a huge amount of time and money.  

After the packaging, the installation package is scanned for malware, and the scan report is released along the application package. 

From the customer’s point of view, the use of CSM is very simple, implementation included. However, the background process has several steps that the customer would have to take care of if it wasn’t for the automation.

Testing

Once the installation package is ready, it’s comprehensively tested in various environments. First a member of the packaging team tests the application’s installation with an empty virtual device, and then the testing moves on to the next phases.  

In the first phase we test the following: 

  • Installing the application to a clean virtual device 
  • Installing the application on top of a previous version 
  • Application’s functioning on new and updating installations 
  • Uninstalling the application 
  • Application’s functioning with different users. 

With the first tests passed, it is time to move on to the next phase, where the installation package is tested deployed from our CSM products. 

In the second phase we test the following: 

  • Deploying the application via CSM for WSUS, CSM for SCCM, and CSM for Intune
  • The application’s installation and functions in each mentioned environment
  • In WSUS and SCCM testing environments we test the application with up to six different virtual devices for each deploying channel
  • The installation on Windows 7, Windows 8.1, and Windows 10 operating systems, both 32 and 64 bit 
  • The deployment system’s deployment check 

Release

After all the previous phases are final and a member of the packaging team has confirmed the application’s functionality in CSM, the application is released to our customers. Typically, the application appears into the customers’ environment within an hour of our release.  

And then the application is deployed onto the customer’s workstations according to the deployment process configured in CSM. 

Summary

It takes a lot of time and effort to constantly monitor the application packages and to create the packages. You can use our calculator to get an estimate on how much time the packaging typically takes in a year. 

With Centero Software Manager, you can save your time and make sure the applications in your environment are always up to date. 

 

 

Read more on this topic:

The future of patch management webinar recording now available

Centero introduced CSM for SCCM in a webinar on Thursday, April 2nd. The webinar recording is now available!

Sign up for webinar series for IT service providers

Centero’s webinar series this fall covers Centero Software Manager, its benefits for IT service providers, and implementation and management of the CSM product.