Typically, large multinational corporations have a distributed computing environment with distributed systems containing a large number of computing resources, for example computers, PDA's etc., spread across wide geographical areas that are networked together. This type of environment makes it difficult and expensive to manage such computing resources in terms of providing software installation, support and maintenance across the corporation. That is, an administrator of such a distributed system has to visit each computing resource in order to manage the resource, with a significant cost being attached to managing the resources in this type of environment stemming from software installation, support, and maintenance. In fact, the initial purchase price of software may be only a small portion of the total cost associated with managing the computing resources.
Systems have been developed that, upon user initiation, install software from a master computer (herein after also referred to as a server) to one or more slave computers (hereinafter also referred to as a client) over a network. For example, an IBM™ product for performing such a remote automatic software installation and cleanup is EZUpdate®, which is used to keep clients up to date with the latest level of critical applications and updates. Such systems configured for automatic software installation and cleanup conventionally include an event monitor (also sometimes referred to an agent) installed on the client and/or on the server, and configured to monitor the clients within a given network to help manage software updates on the clients.
For example, in some typical cases, the agent is configured to wake up at fixed intervals to check for updates on a server and/or whenever an update is made on the server, the agent becomes active and alerts the client regarding the availability of the new application and/or update. When the agent detects that a new application or update is available, which needs to be installed on the client, the agent typically performs a client authentication and runs a script which is configured to fetch the application and/or update over a secure channel from the server and install the application and/or update on the client. During the installation process, temporary files are created on the client, and the temporary files are erased, cleaning up the resources of the client after the installation is completed.
The applications and/or updates are typically classified into different categories, such as critical, recommended, optional, etc., allowing the client user to make a selection as to when the installation can be accomplished on the client. Typically when applications and/or updates are critical, the applications and/or updates must be installed on the client instantaneously, whereas recommended applications and/or updates may be installed at a later time or may not be installed. If the applications and/or updates are critical and need to be installed instantaneously, i.e., within a given timeframe, the client system/device needs a reboot for the critical application and/or update to be effective, and in such cases, once the installation process is started, the agent controls the installation and the reboot of the client, typically via a script. A disadvantage with the present process is that even if a critical application and/or update is to be installed on the client, the users on the client typically will not perform such an installation, thereby making the client vulnerable to malicious attacks. A further disadvantage is that if the system is not rebooted after the installation of such a critical application and/or update, the system is still vulnerable to malicious attacks. A further disadvantage is that the user on the client needs to save a number of applications that he is working on before performing such an update, and this interferes with the user's work schedule.
For example, a client has installed Microsoft Windows® XP operating system. A critical security patch has been released by Microsoft® to plug a vulnerability that has been detected without which the client will be vulnerable to any malicious attacks. This means that the security patch needs to be installed on the client immediately, and for the security patch to be effective after installation in the client, the client will have to be rebooted. The agent on the client and/or the server detects that a new application/update is available and intimates the client by prompting the client to install the new application and/or update by means of an indicator. The installation of the new application/update is required and critical for the client. The client is then prompted for authentication such that the process of installation may begin. Before beginning the installation process, if the channel to install the product is not secure, then either the client may be prompted to terminate the installation or create a secure channel for installation. The agent is configured to run a script on the client, which will fetch the security patch from the server and then subsequently perform installation of the security patch on the client. During the installation process temporary files are created on the client, which are removed once the installation is completed and/or the client is rebooted, thereby releasing the resources used on the client, and a report is generated indicating that the installation is successful or not successful and any other related information. Once the security patch is installed to plug the vulnerability, the security patch (also referred to as a software update) must become active, and for this, the client system needs to be rebooted. In many instances, a user of the client would typically like to defer the reboot because many other critical applications may be in use by the client, leading to loss of information or making the user backup several of these applications, thereby making the process not user friendly. Typically, such deferred reboot of the client delays the implementation of the security patch, and thereby causes the client to malfunction or become vulnerable to malicious attacks.
Without a way for improving the method for automatically installing new software applications and/or software updates on a client the promise of this technology may never be fully achieved.