One of the banes of the modern enterprise is software upgrades. Because we are saddled with different makes of software at various release levels in a plethora of configurations, distributing updates across a large organization can take months. But there are tools that can help.One of the banes of the modern enterprise is software upgrades. Because we are saddled with different makes of software at various release levels in a plethora of configurations, distributing updates across a large organization can take months.But there are tools that can help.\u00a0BladeLogic, for example, is focusing on change management in the data center. The company's mission: to enable any change, across any platform, with any skill from any location. While that might be a stretch, the direction is compelling.BladeLogic agents are installed on Windows, Unix and Linux data center boxes, and access to these systems is normalized into a top-line view. "We abstract the complexity so you can have generalists where you once needed specialists," says Vijay Manwani, co-founder and CTO.The system supports multiple views - by geography, data center, server type, etc. - and role-based access so low-level employees can't cause catastrophic failures. While these capabilities alone might result in manpower savings, the company also has an interesting way of dealing with software updates.When patches or other changes are required, the fix is configured, then run on the target machine in what BladeLogic calls a sandbox to safeguard against unforeseen problems, and finally shifted into production. However, if glitches occur the change can be rolled back, leaving the machine none the worse for the experience. "That's huge," says Dev Ittycheria, co-founder, CEO and president, "because it takes you right back to where you were, not your last system image."If you're looking for enterprisewide patch management there is\u00a0BigFix.A single BigFix server can support up to 15,000 devices, all of which run BigFix agents. FixLets, small pieces of code designed to address specific Microsoft security and other patches, are downloaded on an hourly subscription basis from BigFix.While the company has no way of trialing patches on target machines before deployment, CEO Steve Larsen says customers get around that by using tiered distribution.A bank customer with 155,000 nodes tests all patches in a lab with about 10 computers. Then it rolls out the patch to 80 nonbusiness-essential machines and watches them for a few weeks. If everything is OK, it distributes to Group A machines, then Group B, and so on.There are other vendor solutions out there, but what all these young companies need is time to establish user trust for this most sensitive of tasks.