What is the Update Compatibility Evaluator?
The Update Compatibility Evaluator (UCE) consists of three components: a compatibility evaluator, a set of profiles, and a set of report views. You configure the compatibility evaluator, defining when and how it runs, in the Application Compatibility Manager.
After deployment, UCE examines your organization's computers, identifying the installed applications and system information, matches that information against the profile set for the Microsoft Windows update, and looks for potential conflicts due to changes in the registry, application files, or application file properties. You can view your potential compatibility issues on the Analyze screen of the Application Compatibility Manager.
Update Compatibility Evaluator System
The UCE system consists of the following:
Update Compatibility Evaluator update profiles
Update Compatibility Evaluator reports
The compatibility evaluator consists of the UCE Data Collector and the UCE Post-Processor. The UCE Data Collector logs the application file and registry dependencies to the Event Tracing Log (ETL). The UCE Post-Processor converts the ETL files into XML evidence files. After conversion, the Bucketizer processes the XML evidence files and uploads the information to your ACT database.
The UCE Data Collector can run for weeks at a time; however, the Application Compatibility Data Collector (ACT-DC) periodically invokes the UCE Post-Processor so that you can view data at any time, not just when the UCE Data Collector stops.
Update Compatibility Evaluator Update Profiles
UCE update profiles are XML files that describe a Windows update. These files include the following information:
The operating system and service pack level to which the update applies
The files included in the update
The registry keys and values that the update created or changed
Update Compatibility Evaluator Reports
Comparing the dependencies reported by the compatibility evaluator with the files and registry entries listed in the UCE update profile generates UCE reports. You can view the report details on the Analyze screen of the Application Compatibility Manager.
Benefits of the Update Compatibility Evaluator
UCE provides the following benefits:
It reduces your uncertainty about the deployment of Windows updates. UCE provides compatibility information, enabling you to successfully test your high-risk applications and to fix any issues before deploying the update within your organization.
It increases the adoption rate of Windows updates. Because you do not have to worry about potential compatibility issues, you can deploy the updates more quickly, providing greater security to your organization.
It reduces your workload and cost. After you determine which applications are at risk, you can organize and focus your testing, making sure the applications are stable upon deployment of the update.
Common Update Compatibility Evaluator Scenarios
The following sections describe common UCE scenarios.
Prioritizing Testing for a Windows Security Update
When Microsoft releases a critical Windows security update, you must determine which of your computers require the update as well as the risks and benefits of the update's deployment.
You will need to determine the answers to the following questions:
What security issue does the update fix?
How risky is it to apply the update?
Which computers need the update and why?
What changes will occur due to the update?
What applications could be affected by the update and how?
Where should you focus your testing efforts?
After deployment, UCE provides application-specific evidence, suggesting which applications the update might impact. By viewing the UCE reports, you can determine which applications will be impacted the most and focus your testing on those applications.
Specifying Applications and Computers to Monitor
You can define a subset of your computers, based on what best represents your organization as a whole, that you monitor. After determining which computers to monitor, you can deploy UCE to those computers and collect all of the application-related information that is required to build an application profile.
After you have the application profile, you can review the compatibility data in the UCE reports to determine the following:
Whether your application profile properly represents your organization
Whether UCE is running on the right schedule
How to begin testing your applications and creating your mitigations for deployment
Determining Windows Updates Test Pass Bundles
When Microsoft releases a critical update, you must determine how and when to deploy the update to your organization. You install the most urgent updates immediately; however, you typically defer less critical updates or updates deemed too risky for deployment for later testing and deployment. By using UCE, you can determine how the system state will change based on the update profile, and you can bundle your testing into cogent groups, testing all of your high-priority applications at the same time for the same types of changes.
Update Compatibility Evaluator Dependencies and Related Technologies
The following sections describe the UCE dependencies and related technologies.
Application Compatibility Manager
The Application Compatibility Manager works with the UCE to:
Configure the compatibility evaluator. The configuration process enables you to select when and for how long UCE will run, where to log issues, and so on.
Indicate which applications require testing before deployment of a Windows update.
Provide reports, based on your application profiles and the update profile, about your client computers. You can filter your reports by application or update.
Application Compatibility Toolkit Data Collector
The Application Compatibility Toolkit Data Collector (ACT-DC) packages, installs, and deploys UCE to your organization's client computers for assessing and mitigating compatibility issues with operating system updates and service packs. After installation, the ACT-DC schedules the compatibility evaluator to run, and then it collects information, such as evidences, indicators, applications, and system properties. ACT-DC sends this information to your ACT database. UCE uses the evidence to determine what applications are installed on each client computer, and it uses the application properties to determine the potential compatibility issues for a Windows update.
Compatibility Evaluator Installation Packages
UCE produces a compatibility evaluator installation package, which is included in the compatibility evaluator definition package. After creating the compatibility evaluator installation package, ACT-DC deploys and installs UCE.
The configuration manifest contains all of the configurable settings used by UCE. These settings include when and for how long the compatibility evaluator runs, where to store the logs, and so on.
Bucketizer (Bucketizer.exe) is a post-processor that processes the raw XML evidence collected by UCE. Bucketizer consolidates the data from other compatibility evaluators and sends the data to a centralized location. Consolidation of the data reduces the frequency of data transmissions and potentially reduces repetitive data transfers.