Patch Settings
Here, you will be able to make various configurations related to Patch. Patch Settings comes within the domain of Endpoint System Management. It is the process of the acquiring, testing, and deploying patches across the administered IT Assets (generally workstations and servers) in a systematic way. It also includes the administrative decision of deciding which patches are appropriate for deployment and documenting procedures like required configurations.
To view the Patch Settings page, navigate to Admin > Patch Management > Patch Settings.
Update Patch Database
This tab allows you to synchronize the local patch database with the central patch repository. You can update the patch database either manually or based on a schedule. It also displays the date and time when the patch was last updated at the top-right corner of the page.
You can update the patch database manually using the Update Now button. Once clicked, a message 'Process is running' appears. Once completed, a confirmation message is displayed.
Enable Schedule to update the patch database at a particular time. The following parameters appear.
Parameter | Description |
---|---|
Schedule Type | The schedule runs on a daily basis. |
Time | Select the time at which the schedule should run and start the update process. It is a mandatory field. |
Notify To | Select the technicians to whom an email notification should be sent once the update process is completed. Moreover, a daily patch sync summary report for all OS schedules will be delivered every 24 hours. |
Proxy Server | Select the required proxy server to use for updating the patch database. |
Patch Categories | Select the categories to which a patch belongs. Multiple patch categories can be selected. It is a mandatory field. Note: While performing the Patch Scan, the server will first display patches related to Definition Updates and the rest only after completing the scan process. |
Patch Sync for OS | Select the OS for which the patch is to be synchronized. The OS supported are: - Mac (Supported for Mac OS version 10 and above) - Windows - Linux Ubuntu - Linux Mint - Linux CentOS - Linux Redhat - Linux openSUSE - Linux Suse - Linux Debian - Linux Oracle Note: To sync the Ubuntu and Mint OS Patches with the Central Repository, kindly upgrade the server to the latest ServiceOps v8.5.0. Backward compatibility is not supported. |
Third Party Patch Enable | Enable to apply patches to the third party applications of Windows OS only. By default, it is disabled. Once enabled, the Third Party Patch Application dropdown will be available for selection. The supported applications are: - Google Chrome - Firefox - Adobe Acrobat DC - Adobe Acrobat Reader DC - Adobe Acrobat Reader DC MUI Note: For Adobe Acrobat patches, only Continuous Track versions are supported. |
Click Update and the process begins. Once completed a confirmation message is displayed.
At a time you can run only one instance of the update patch database process.
RedHat Patch Management Configuration
Prerequisites
- At least one machine must have Internet connection and license subscription should be activated in all the machines.
- ServiceOps supports RedHat Linux Servers V7 and V8 only.
Configuration
- Add device in Endpoint Scope which would act as an agent in Settings > Patch Management > Endpoints Scope.
- Under Settings > Patch Management > Agent Nomination, add the device which will be connected to the Internet. This device now acts as an agent.
- While operating systems like Windows and other Linux OSs communicate with Central Repository, the agent installed downloads the data from the RedHat Repository and pushes it into the ServiceOps Patch server deployed on the client site.
- When the Repository finishes its sync process, the status gets changed to 'Success'.
Patch Storage Configuration
The current architecture allows a file server to act as a central storage for the deployment of patches. A file server is the backbone of the desktop automation features, which is why it becomes important for an admin to make sure there is sufficient space in the file server. The Patch Storage Configuration performs two functions:
- Clean the file server.
- Generate a notification when the file server reaches a certain storage limit.
Here, you can perform three functions. The URL of the file server is auto-filled as per the configuration settings of the ServiceOps policy.
- Remove Superseded Patches: If a vendor releases a patch that replaces an earlier patch, the new patch is called a superseding patch. Enabling this option allows you to delete the replaced patches over earlier patch. By default, disabled.
- Remove Older Patches: Enabling this option allows you to delete patches older than a specified number of months considering only the release date of a patch. If enabled, set the number of months in the Older Releases (Months) field. By default, disabled.
- Notify on Space Over Utilization: Enabling this option allows you to set the system to generate a notification when the storage in the file server reaches a certain limit. By default, disabled. If enabled specify the following parameters:
Threshold Size(GB): Specify the storage limit in terms of GB.
Notify To: Select the recipients to whom the notification is to be sent. Multiple recipients can be selected. The recipient can be a Requester Group, All Requester Groups, and individual emails.
- When you are done with the above settings click Update to save the changes. Also, at the end you can check your connection with the file server by clicking on the Test Connection button, and here the inaccessible URLs will get listed as shown below:
Patch Approval Policy
This tab enables you to set the approval policy for patch deployment.
Pre-Approved: As the name suggests, all the incoming patches (both new and missing) are Pre-Approved by default. A user can manually change the Approval status of a patch to Reject or Approved. The Automatic Patch Test fails to function with this selection. This selection comes into effect for incoming future patches, while it remains ineffective on the already existing patches in the product.
noteBy default, the Definition Updates Patches will always be pre-approved.
Manually Approve: All new incoming patches have the Approval status Not Approved by default. A user has to change the status manually to either Approved or Reject.
Test and Approve: All new incoming patches have the status Not Approved by default. You can manually set the status. Also, you can create a Test Task. Once enabled, select the Time when the patch is to be tested and approved. A Test Task, also known as Automatic Patch Test, deploys a selected set of patches to a specific set of computers. If deployment is successful in all the computers, the patches are auto-approved after a set number of days. Test Task only works in this setting.
Select an approval policy type and click Update.
Deployment Notification
The page allows you to configure the notification frequency of the patches. The notification can be set to hourly interval. Click Update once done.
For precise information, the system also displays the Next Execution Time after you update the hour interval.
Patch Audit
The user can monitor the patch database synchronization status with the central database. This tab displays the patch database sync history and the details. If the synchronization process fails, an email notification will be sent to the user added in the "Notify To" field of the "Update Patch Database" tab.