Managing Enterprise Releases
A software vendor ships a desktop application to enterprise customers. The vendor wants to deliver updates frequently, fixing bugs and adding features. Enterprise IT departments want control over when updates happen, approval workflows, and the ability to test before deployment.
This tension creates friction. Vendors push updates that IT blocks. IT departments disable auto-updates entirely, leaving customers on outdated versions. Manual coordination between vendors and IT becomes a bottleneck.
Big Picture resolves this by making policy explicit and enforceable. The vendor publishes releases with policy decisions. Enterprise customers configure their tenant policies to match their IT requirements. The system enforces these policies automatically, creating a predictable flow that both parties can trust.
The Problem
Section titled “The Problem”Enterprise IT departments have legitimate requirements: they need to test updates, coordinate with change management processes, and ensure compatibility with internal systems. At the same time, vendors need to ship security patches and improvements without waiting weeks for approval cycles.
Traditional approaches create problems:
- Vendors ship updates that bypass IT controls, creating security and compliance risks
- IT disables auto-updates entirely, leaving customers vulnerable to security issues
- Manual coordination between vendors and IT becomes unsustainable at scale
- Different customers have different requirements, making one-size-fits-all solutions inadequate
When This Use Case Applies
Section titled “When This Use Case Applies”This use case applies when:
- You are a software vendor selling to enterprise customers
- Your customers require IT approval before software updates
- You need to support different update policies for different customers
- You want to maintain control over release decisions while respecting customer requirements
- You need to coordinate staged rollouts across customer environments
How Big Picture Addresses This
Section titled “How Big Picture Addresses This”Big Picture provides a policy-driven control plane that separates release decisions from deployment actions. The vendor publishes releases and sets default policies. Enterprise customers configure tenant-specific policies that match their IT requirements.
When a client application checks for updates, Big Picture evaluates:
- What versions are available
- What channel the client is on
- Tenant-specific policy settings
- Staged rollout eligibility
Big Picture returns a signed decision that specifies the allowed action: install automatically, notify only, defer to IT-managed deployment, or take no action. The client verifies the signature and acts accordingly.
This creates a predictable flow. Vendors can ship updates knowing that enterprise customers will receive them according to their configured policies. IT departments can enforce their requirements without blocking vendor releases. Both parties operate within a shared, auditable system.
High-Level Flow
Section titled “High-Level Flow”- Vendor publishes a release through Big Picture, specifying channels and default policies
- Enterprise customer configures tenant policy to match IT requirements (e.g., MANAGED_BY_IT mode)
- Client applications check for updates and receive signed policy decisions
- Clients act according to policy: auto-install, notify, or defer to IT tools
- IT departments deploy updates through their existing tools when policy requires it
- Both vendor and customer have visibility into deployment status and compliance
Next Steps
Section titled “Next Steps”To implement this use case:
- See Creating a Release for how vendors publish releases
- See Approving a Release for how enterprise customers configure approval workflows
- See Distributing Artifacts for how artifacts are made available to IT deployment tools
- Review Role-Based Access Control for how to configure permissions for release management