We changed our name from IT Central Station: Here's why
Get our free report covering HCL, Microsoft, Ivanti, and other competitors of Microsoft Windows Server Update Services. Updated: January 2022.
563,148 professionals have used our research since 2012.

Read reviews of Microsoft Windows Server Update Services alternatives and competitors

Justin Hidalgo
Senior Project Manager at a government with 51-200 employees
Real User
Top 20
Monitors our devices irrespective of the location and the environment, allows us to exempt certain machines from certain patches, and has perfect patch management abilities
Pros and Cons
  • "They've been adding some new features lately, which I'm not nearly as familiar with, but the ability to just deploy patches and exempt certain machines from certain patches is helpful. For instance, for our servers, we may not want to roll out zero-day patches. We are able to exempt those and make sure that they don't get those policies. We've got certain servers that have to run a particular version of Java, and being able to exempt those servers from receiving Java updates is pretty fantastic."
  • "The only thing that we've ever truly wanted is an onsite repository. Currently, all updates are provided directly from the internet. So, if you have 1,000 devices, all 1,000 devices go directly out to the internet. We would love the option of being able to put the updates on local storage so that we're not consuming as much bandwidth. That is literally the only thing that we've ever wanted."

What is our primary use case?

We are a municipality, so we are not a traditional business. We've got it deployed throughout the city. We've got it on roughly 120 servers. We've also got about 1,400 other endpoints. So, there are roughly 1,300 computers, and those computers are also police vehicles, EMS vehicles, and fire vehicles. We are continuously monitoring them and patching them to make sure that they stay up to date and meet all the criteria for compliance. Obviously, EMS has to worry about HIPAA, and police have to worry about CJIS. So essentially, we're making sure that we stay within the guidelines of compliance.

It is web-based, so we are using the version that they're currently on.

How has it helped my organization?

Our previous solution of patching simply did not work. Even though it said machines were getting patched, we turned back and discovered that patches hadn't been deployed. Automox just works. We used to spend time running and circling back to see if machines were getting patched. We no longer have to do that. If Automox says they're patched, they're patched. It saves a tremendous amount of time. I don't really have anything in the way of metrics. Being in the Government world, we're not in the business of making money. We're in the business of spending money, so very rarely, we track those kinds of metrics.

It is fantastic that Automox is a cloud-native platform. Obviously, we don't have to worry about updates. We also don't have to worry about carving out any physical space. The one thing that is unique to us is that we're on the Gulf coast. We are in a hurricane-prone area, and in the event of a storm or anything else, we may lose power or internet at certain sites. So, having to be reliant on physical servers is sometimes a downfall. With Automox being a SaaS solution, it can monitor our devices no matter where they are in the country, which is a huge plus.

It provides 100% visibility for any laptop, desktop, or server in our environment, regardless of whether they're on-prem, in the cloud, or on the move. It doesn't matter where they're located. We're a municipality, and we are restrained to a pretty small geographic area. We do have a lot of machines that are not in traditional office spaces, such as police cars and vehicles. They are constantly on the move with unreliable internet and with being power cycled quite often. They're being touched no matter where they are or the kind of environment they're in, which is important for us. These police devices may not necessarily be in the office, but they have to be up-to-date by law. Being able to have a solution that's reliable enough and being able to make sure that everything happens in a timely and reliable manner is invaluable. 

It provides patch management from a single console across Windows, macOS, and Linux. We don't use the Linux side of it. We have very few Linux devices in our network, but we do have macOS, and obviously, Windows devices. This cross-platform patch management is not as important to us as it is for a lot of other places because we don't allow people to bring their own devices, but we do have a lot of macOS devices in our libraries, and we obviously want to keep those updated. Them not being up-to-date obviously still puts us at a security risk. It is obviously important to any IT environment. 

Its console is fantastic. It can be accessed from anywhere, such as from your cell phone, tablet, or PC. From that single and very nice UI window, you can deploy patches across your entire environment. It has a great UI, and it is easy to look at and easy to navigate. We've enrolled the rest of our IT department, and we've not had a single training class. It is easy to figure out and intuitive. For the most part, it is dumb proof.

We use it for the automation of patching. It is very hands-off. We have it set on a schedule. We've got a number of different schedules based on the type of device and geographic location. We do have different sites within the city. For instance, we've got around 10 buildings downtown that belong to the city and that have devices on them. While they are different sites, they're all on the same fiber. So, we space them out time-wise and day-wise to make sure that we're not essentially blowing our pipe and using too much bandwidth. Everything is scheduled and automated, and we don't touch it. We get a weekly report that tells us about the devices that need attention, if there are any, and whether they require a follow-up. 

Patch automation has affected our operations. Previously, we used to rely on our guys to follow back up and continuously check our servers to make sure they're patched. We no longer have to do that. So, we've freed up a lot of manhours to actually do the work that we're supposed to be doing, not just chasing a bad product. It has given us a lot more time and a lot more freedom to do the work that we're supposed to do.

We have started to use Automox Worklets to create and automate customized tasks across endpoints. They've introduced community Worklets directly into Automox, where you can very quickly see Worklets that have already been built by other users and deploy them. We've started using them a lot more recently. We've mainly used the ones that are available for the community. Worklets make it convenient to enforce tasks across any managed endpoints. There are a lot of smart people using Automox, and there are so many Worklets. In fact, the last time I looked, there were a little over a hundred. So, you don't have to reinvent the wheel. There are already solutions out there to uninstall software, install software, or change software without you having to know PowerShell or figure it out. You can simply click on it, run it, and it is done. So, it is very convenient. We use PDQ deploy a lot as well.

It has saved us an untold amount of time. I wish I could put a figure on it, but I know that I used to spend hours a week making sure that everything is being patched, and everything is being updated. That number is virtually zero these days. I simply look at the report, and I know I can trust it.

What is most valuable?

The fact that it is pretty much hands-off is most valuable. Basically, you set up your policies and give it free rein, and it just does its thing. 

They've been adding some new features lately, which I'm not nearly as familiar with, but the ability to just deploy patches and exempt certain machines from certain patches is helpful. For instance, for our servers, we may not want to roll out zero-day patches. We are able to exempt those and make sure that they don't get those policies. We've got certain servers that have to run a particular version of Java, and being able to exempt those servers from receiving Java updates is pretty fantastic.

Its patch management abilities are perfect. We've gone through probably five different solutions in the past 10 years. Automox is the only one that we've found that we can just set and then forget. It simply works. It is the best.

Its speed in carrying out functions is good. We've never experienced any performance issues. We've never noticed any delays. If we have to do a manual update, when we click update, within moments, we can tell that our computers are being updated. The actual UI is quick. Navigating between menus is seamless, and the actual communication between the console and the clients is seemingly instant as well. So, everything is as fast and quick as it can be.

It doesn't require much brainpower to navigate the UI and to figure out how to update. Building schedules and different groups is very intuitive. It is just a matter of a few checkboxes, and they've got great examples already in the software when you first get hold of it. Their support staff is fantastic in helping you get those configured if you do have any questions, but the likelihood of you needing that is pretty minimal. It is built to make sense.

It is very simple to set up policies using Automox. They've got several sample policies that are actually out there when you get access to the portal. The process is very simple. They've already got the samples out there, and it is so easy to duplicate them and modify them the way you want. It is just a matter of clicking a few checkboxes. It does not take much at all.

What needs improvement?

The only thing that we've ever truly wanted is an onsite repository. Currently, all updates are provided directly from the internet. So, if you have 1,000 devices, all 1,000 devices go directly out to the internet. We would love the option of being able to put the updates on local storage so that we're not consuming as much bandwidth. That is literally the only thing that we've ever wanted.

For how long have I used the solution?

My company and I've been using it for about a year. We signed it about a year ago.

What do I think about the stability of the solution?

I have never noticed it go down for anything, and I have never been made aware of a maintenance window. Every time I've tried to access it, it is online and working. It is pretty stable.

What do I think about the scalability of the solution?

We have a little over 1,400 devices, and we've not noticed any slowness or any issues. I know there are much larger environments out there, but for us, it is pretty scalable. We've had no concerns about deploying it even further, and we've had no qualms about adding more devices.

We have about 18 people in the console. They range from our network admins and server admins to our help desk technicians, and then, of course, there is our actual IT admin as well.

It is on every single device in the city with the exception of devices it can't be installed on, such as iOS devices like iPads or phones. We've got around 600 phones in our environment and a couple of hundred iPads. Obviously, we can't patch those, but they're being managed through another solution. 

It is as extensive as it could get. The client is on every single PC in the city. There are no intentions of expanding its usage unless we just buy new PCs because it is already on everything.

How are customer service and technical support?

Every time I've dealt with them, they respond almost instantly. They've always been a breeze to work with. I would rate them a 10 out of 10.

Which solution did I use previously and why did I switch?

We've been trying to use SysAid's patch management, and the reason we switched from it is that it simply did not work. Genuinely, we were never able to get it to actually patch. It would tell us that the machines are patched, and when we looked at the machines, it had failed to do so.

Before that, we used a combination of WSUS and a lot of the stuff that Microsoft provides natively. While it actually worked, it was just very time-consuming. It took hours upon hours to manage it, and it just simply wasn't the right solution for us. It also struggled with a lot of our remote machines such as the computers in the police vehicles and so forth and so on. Those are the two main reasons that I can recall. There are probably a few more.

SysAid is technically on-prem, and so is WSUS. WSUS is kind of cheating because Microsoft provides a lot of those tools for free. Outside of just the cost there, we were spending an incredible amount of manhour time, which obviously adds up. With Automox, we pay the fee, and we don't have any in-house bare metal costs. We are just paying their annual fee, and we are spending almost no manpower on it. In the end, even if it were to cost a little more than Microsoft's native solution, the time-saving ability to potentially recover almost an entire person's salary is a pretty big deal.

How was the initial setup?

I could have slept through it. It was very simple. It took minutes when we first set it up. The console was already configured. We installed a couple of agents, and within minutes, they showed me how to use it. There were very few questions after that. They give you kind of a rundown of standard practice about how they recommend setting up servers versus just traditional clients. It was painless and very easy. It was the least time-consuming thing I've ever done.

Deployment took a long time just from our side because we had other things going on. It took no time at all in terms of Automox giving us full reigns over the software. The day after signing the contract, we were on the phone with their engineers. We already had the environment set up, and everything was kosher. So, it took just a day. They had offered to help us with the deployment to all of our clients, but we just politely declined because we knew we wouldn't be able to focus on it.

In terms of the implementation strategy, because we are a government organization and we have a lot of projects going on, our main focus was ensuring that our whole critical infrastructure has the clients so that we can make sure all critical systems are getting patched and are up to date. So, our main focus was getting our servers updated to the front line, and then from there, we started updating all the core infrastructure that is actually attached to our network. We have a lot of satellite sites and places like landfills and water reclamation that aren't directly connected to us. They're just connected via VPN. So, our main focus was getting all of our core infrastructure updated, which was a pretty quick process.

We made use of Automox's free trial before deciding to go with it. It was very important in our decision to go with Automox. Being able to put your hands on it and actually use it in a live environment has a huge benefit. During our trial, we probably got about a hundred devices on it and made sure it worked. We were able to show it off to the other folks in IT and let them drive in it for a little bit to see if they saw any big red flags as to why we shouldn't purchase it. Once we made sure everybody was on board, we pulled the trigger, but it was a great experience. The free trial was very important.

For deployment, we had three people involved, but they really weren't required. We had our two network admins and me. Essentially, that was just so that we could get familiarity with the product and how it worked, and then from there, we began deploying the clients automatically, and they automatically enroll in Automox. So, when you're doing the install, you have silent install options that allow you to put them in groups and assign them to different policies and things of that nature. So, literally, you can do it hands-off and never even touch it. It doesn't require any maintenance.

What about the implementation team?

We didn't take Automox's help for deployment. We ended up signing directly with Automox. We didn't go through a reseller at all. So, everything was directly through Automox.

What was our ROI?

We have not calculated ROI. We're happy with it. It works, and there is no reason to try to justify it.

What's my experience with pricing, setup cost, and licensing?

We're doing it annually directly through Automox. It is per endpoint. It is $2 and some change per endpoint, but I believe the cost is right around $28,000. Everything is covered in this fee.

Which other solutions did I evaluate?

We looked at Tanium and one more solution. With Tanium, we didn't have any problems with the patching itself, but patching is a second thought to them. It is not their product. It is just an add-on to their product. Their portal was very cluttered and convoluted, and it had a lot more stuff that we would never have needed. The other one was strictly cost. Automox was very affordable for us, and for the options it gave us and for its reliability, it just made sense.

What other advice do I have?

I would advise others to just try it. The demo is free. There is no risk. They don't ask for any information. You can just install the clients on some of your endpoints, and you'll be able to see very quickly that Automox works. Given the pricing, it is just a no-brainer to go with. The biggest lesson that I have learned from using Automox is that there is actually a patch manager that works. We had started to doubt that there was anything out there.

I would rate Automox a 10 out of 10. It has been a very pleasant experience.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Information Security Manager at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Robust, excellent patch deployment, and overall good stability
Pros and Cons
  • "The ability to deploy patches seamlessly is the solution's most valuable aspect. It allows us to not only deploy patches but to monitor the deployment of those patches."
  • "The agent can be a bit more intelligent."

What is our primary use case?

The solution is basically for patching systems. Instead of patching using SCCM, that's Microsoft's System Center Configuration Manager, we used ManageEngine. The product has agents installed on workstations. Those agents communicate within a central server and pull patches and installs them on the workstations. It's pretty straightforward.

How has it helped my organization?

It's easier for us to measure patch compliance now than it was before. That saves us time and guesswork.

What is most valuable?

The ability to deploy patches seamlessly is the solution's most valuable aspect. It allows us to not only deploy patches but to monitor the deployment of those patches.

It eases the process of patch deployment, and it allows us to easily know what patches are available. We're able to manage our path cycles properly to let us know which systems require a reboot. In some instances, we will know if there is enough storage on the system. The solution also does patching for third-party applications, like an Apache Server. It picks it up and lets you know if there is a patch available for the Apache Server or SQL Server. It's not just OS packages. It also does application packages as well. It's very robust.

What needs improvement?

The ability to do out of network patching needs to be added to the solution. For example, a lot of people are working from home now. It will take a lot of strength to make sure the patches are applied since the machines aren't technically within our network. If there's a way one can ensure that endpoints outside the corporate environment can be reached and accessed for patching, that would be ideal.

The agent can be a bit more intelligent.

For how long have I used the solution?

I've been working with the solution for just over a year now.

What do I think about the stability of the solution?

It's very stable. We have no issue with the cost to build it or to install it and start using it. We have more servers than workstations. 

What do I think about the scalability of the solution?

The solution scales fine. However, it's license based, so once you reach your limit, it will prompt you to procure an extra license for more endpoints. Apart from that, it's pretty scalable.

You also need to have some storage to temporarily hold the downloaded patches, maybe about 500GB depending on the size of the organization. Apart from that, resource utilization isn't so intensive.

We have about seven people using the solution in our company. They are from the security team and from the server admin.

How are customer service and technical support?

Technical support, so far, has been very responsive. We had an issue once related to adding indexes to patch agents outside of the organization's network. That was the last discussion we had with them. We Just needed some clarifications on how the head server works and what we needed to do to set it up. They were great. We were satisfied with their level of service.

Which solution did I use previously and why did I switch?

We were previously using Microsoft System Center Configuration Manager, SCCM. It wasn't giving us the kind of reporting we needed. Then the deployment of patches weren't very effective. We needed something else that we could rely on.

How was the initial setup?

The initial setup was not complex at all. It was very straightforward. 

Deployment took just over a week. Within three or four days we were up and running. The server itself took about two or three days to implement. Two days were spent actually setting up the server. After that, we just had to install and configure everything. Then we deployed agents to workstations and that took about three, four days. It was a week or so in total, from beginning to end.

About five people were involved in the deployment process, including support from the local team. Three people, who were server administrators, from my organization and two people from the local support team were involved.

What's my experience with pricing, setup cost, and licensing?

There aren't really extra costs involved beyond licensing. 

What other advice do I have?

We're just customers. We aren't resellers or consultants.

I don't know what the exact version of the solution we are using is, however it is the latest one.

The solution is definitely something a company should try. It's a better alternative to the traditional SCCM. Compared to other security products, it's not expensive.

It's a great solution. It works quite well.

I would give it a rating of eight out of ten. It does what it mentions it will do and it does very well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering HCL, Microsoft, Ivanti, and other competitors of Microsoft Windows Server Update Services. Updated: January 2022.
563,148 professionals have used our research since 2012.