ConnectSecure, a vulnerability management and compliance management vendor that serves MSPs, recently added new cross-platform Linux operating system patching capabilities to its ConnectSecure MSP platform, offering busy service providers a more efficient way to provide diverse operating system patching for customer IT infrastructures.
The cross-platform Linux patching capabilities mean that
MSPs can now manage and deploy critical updates for the four most popular Linux operating system distributions—Red Hat, Ubuntu, Debian, and CentOS—all from one unified interface within the ConnectSecure management platform.
By using a unified interface, MSPs and administrators will no longer need to use separate distribution-specific tooling and procedures to deploy kernel and OS patches to update each of the Linux operating systems separately, reducing complexity and saving labor time, according to the company. The new built-in capabilities aim to reduce manual patching efforts by up to 80% while helping to provide continuous protection against security vulnerabilities.
"Several of our larger MSPs have been asking for this feature, and with this new update, ConnectSecure supports the MSP business model, which relies on automation to maintain reasonable margins,"
Srikant Sreenivasan, president of
ConnectSecure, told ChannelE2E.
With Linux leading in server deployment usage with more than 60% market share, public clouds such as Microsoft Azure and Amazon Web Services (AWS) have reported that the vast majority of their cloud servers are running Linux, said Sreenivasan. "So MSPs are increasingly having to deal with Linux, and they can now confidently bid on larger contracts in healthcare, FinTech, and development shops that rely heavily on Linux, knowing they have the right tool to support them profitably."
MSPs and other channel partners stand to gain significantly from this update because it removes the "Linux tax" from such services, which Sreenivasan described as the "disproportionate amount of manual labor usually required to manage non-Windows systems."
Providing these services for Linux distributions "is a significant value-add for MSPs because it allows them to unify their service offerings across heterogeneous environments," without requiring fragmented tools or specialized Linux-only technicians, he added.
For ConnectSecure, the new capabilities show that the company "is fundamentally changing our market position from a security utility tool to a strategic platform," said Sreenivasan. "MSPs can now include Linux in their security reports. Previously, an MSP might have 'clean' Windows reports but a 'black box' of unpatched Linux servers that represented a massive liability."
New Centralized Patch Repository Now Included
In addition to the unified Linux patching capabilities, the new ConnectSecure updates also introduce a built-in local, centralized patch repository feature to help MSPs with security updates. The new repository allows a probe agent to download all scheduled Linux operating system updates once before securely distributing them to other systems on the network.
The repository allows all patch traffic to remain inside the firewall while eliminating redundant internet downloads, which helps low-bandwidth or restricted environments and enables faster and more reliable patching at scale, according to the company.
A Beneficial Service Addition for MSPs, Analysts Say
Bill Weinberg, senior partner and principal consultant for Open Source Sense LLC, told ChannelE2E that the new ConnectSecure features will be helpful for MSPs.
"MSPs struggle with securing the diverse and version-divergent Linux distributions deployed across their customer bases," said Weinberg. "Even if these service providers only support deployment of a single type of Linux platform, the ConnectSecure offering will help unify the fleets they support, lowering time to patch, decreasing risk, and improving margins."
Weinberg said he has often thought that companies would be smart to offer services like this to help customers with Linux and other open source applications.
"It is very challenging to build a business around full-stack open source support," he said. "Even large, leading players like Red Hat need to narrow their support portfolios or charge per-project fees to remain profitable. Smaller players, even national-level MSPs, benefit from well-defined, constrained OSS support rosters."
But that changes in the segment as you approach the mid-section of the very long tail of open source software, said Weinberg. "You find smaller support and product companies camped out on the edge of a single project or a small cluster of projects. If I were running an MSP, I would partner with companies like ConnectSecure."
Many MSP services focus nowadays on SMB endpoints, which are dominated by Windows and macOS, said Weinberg.
"[But] for the portion of MSP business around servers, the stacks they help customers deploy almost all include open source software," he said. "MSPs and MSSPs are closer to end users than direct participants in open source project development. That focus notwithstanding, MSPs can and do make contributions with bug reports, feature requests, and even documentation."
Those contributions occur either directly to projects or via open source vendors like Red Hat, Canonical, Mirantis, et al.
At the same time, MSPs tend to follow the market, said Weinberg. "The good ones listen carefully to their existing customers. The great ones find ways to anticipate the next waves of SMB customer requirements in a very noisy marketplace."
Another analyst,
Jim Mercer, program vice president for software development, DevOps and DevSecOps at IDC, told ChannelE2E that MSPs that work with customers on server-side and cloud infrastructure needs find that Linux is the dominant OS for those users.
"As they move from on-premises servers to the cloud, they are moving from Windows Server to Linux-based Docker and Kubernetes containers and microservices," said Mercer. "By providing a single, unified interface for Red Hat, Ubuntu, Debian, and CentOS, ConnectSecure mitigates the need for technicians to be experts in multiple Linux distributions, also known as the 'fragmentation tax,' enabling them to manage diverse environments from a single central dashboard."
"This automation of kernel and OS patching can reduce time spent at the command line, enabling teams to shift their focus from manual maintenance to billable projects and be more proactive about security."
By "streamlining patching across a traditionally fragmented Linux landscape, [it] transforms it into a much more 'MSP-friendly' operating system that supports and scales," he said.
Other vendors also offer similar Linux patch management services, including SUSE Multi-Linux Manager, he said.
"One distinction is that the ConnectSecure offering is focused squarely on ease of use and MSPs, while SUSE Multi-Linux Manager is an enterprise solution for full infrastructure lifecycle management that supports a broader set of Linux distributions," said Mercer.
