Getting Started with Patching (Patching 101)
-
Upload
dell-world -
Category
Software
-
view
80 -
download
1
Transcript of Getting Started with Patching (Patching 101)
Dell World User Forum
UFIL518: Getting Started with Patching
Veryl White, Senior Trainer
Peter Doerfer, Senior Trainer
Dell WorldUser Forum
Dell World User Forum
Agenda
• Patching Overview
• Glossary of Terms
• Subscribing & Downloading
• Detecting & Deploying Patches
• Now what?
Dell World User Forum
Patching Overview – Plan of Action
Subscription Settings
• Select OSes, SP-levels, Architectures
• Select Languages
• Select Patch Types
Get (thousands of ) Patch Signature Files
DetectAll
Patches
• Detect All Patches on All Machines
Build List of All Patches Needed by Each Machine
Download Packages
• Set K1000 to Download Patches Detected As Missing
(Very few ) Packages Get Downloaded
SchedulePatch
Deployments
• Deploy *All Patches* to Test Machines
• Label +30 Day Old Patches / Unwanted Patches (JRE, iTunes, etc.)
• Deploy *Labeled Patches* to Production Environment
Your Machines Get Patched!
Verification & Clean-Up
• Follow-Up Investigation of Selected Machines / Bulk Reporting
K1000 Cleans-Up Unused Patches
Dell World User Forum
Glossary
Dell World User Forum
Importance of Patches
Security – A really important patchNon-Security – A really important patchOS Patch – A really important patchApp Patch – A really important patchCritical – A really important patchRecommended – A really important patch
Defining Terms – What are patches?
Patch Signature
A small ‘’pattern-matching’’ file, necessary for detecting whether a specific patch is needed by a machine.
Patch Package
A larger file containing the actual payload, necessary for deploying the patch to a machine.
Quite often these are meaningless distinctions. For instance Microsoft considers Operating System Service Packs as Application Patches! They also frequently mark Security fixes as non-Security patches!
Dell World User Forum
Demo: Patch ListingPatch Listing Demonstration Guided Walk-Through
Active, Inactive
Downloaded, Not-Downloaded
Patched, Not Patched, Error
Impact, Severity
Patch Detail
Dell World User Forum
Subscribing to andDownloading Patches
Dell World User Forum
Getting Patches
Subscribe to Signatures
OS, Architecture, Service Pack levelsPatch TypesExclusions
Signature Download
Delayed – on purposeGet them (at least) daily
Package Download
Only “Needed” PatchesGet them often
Dell World User Forum
Subscribe to the OS, Architectures, and Service Pack levels you have
Subscription Settings
Use the Software Inventory!
• Saved queries will be useful for now…and later!
Advanced Search
Smart Label
Security, OS/APP, Severity, etc.
• Remember the caveats we already mentioned:
Will you always agree with the patch vendor on the “importance” of a patch?
Software Installers?
Use Patch Labels to exclude patches you want ignored in your environment.
Select the Patch Types you want
Dell World User Forum
Signature Files
Downloading Patches
• Patches may come out at any time during the month, due to our patch-provider testing the Patches prior to releasing them! This is a good thing!
• Be sure to download at least once a day, to ensure you always have the latest patches for detections.
Package Files• Once the K1000 has detected which of the patches are needed by your
machines, it can then download only those packages.• The more often your K1000 downloads the needed patches, the sooner they
are available for deployment.
Dell World User Forum
Detecting & Deploying Patches
Dell World User Forum
Detections and Deployments
Detect
Compatible Patches DetectedSilent, Non-invasive
Deploy
Only “Needed” PatchesInstalled in batchesSilent or Interactive
Discuss
What works?
Dell World User Forum
Detect Schedule
• Schedule a regular Detect on all of your machines to keep the K1000 updated on which patches are needed by which machines.
• The K1000 will use the Patch Signature, to detect which patches are needed on each machine you target.
• It will only detect the need for those patches that are compatible with the OS (etc.) on that machine. This will build a list of needed patches for each individual machine.
• The combined lists of these needed patches make up the Package Download manifest, minus packages that have already been downloaded.
Dell World User Forum
Deploy Schedule
Deploy Patches
Reboot
Dell World User Forum
Deploy Schedule
Most Important Settings:• Patch Action:
Deploy
• Machine Selection:
Machine Smart Label
Chassis Type contains Laptop AND
Label Names does not contain Test Machines
• Detect Patch Label Selection
• Deploy Patch Label Selection
• Reboot Options Prompt User
• Run On Next Connection if Offline
Dell World User Forum
Detect and Deploy Schedule
NO
Dell World User Forum
Detect and Deploy Schedule
Most Important Settings:• Patch Action:
Detect and Deploy
• Machine Selection:
Machine Smart Label
Chassis Type contains Desktop AND
Label Names does not contain Test Machines
• Detect Patch Label Selection
• Deploy Patch Label Selection
• Reboot Options Force Reboot
• Suspend Tasks After X Minutes From Scheduled Start
Dell World User Forum
Demo: Detect & Deploy Patches
• Patch SchedulingGuided Walk-Through
– Alerts
– Reboot Options
– Patch Schedule Scenarios
Dell World User Forum
Now what?
Dell World User Forum
Things to attend to
Verification
Entire ScheduleIndividual Machine
Reporting
Lots of new reports in 6.0ITNinja.com!
Clean-Up
Automatic
Dell World User Forum
Let’s Take a Look…
• Entire Schedule
Dell World User Forum
Let’s Take a Look…
• Single Machine
Dell World User Forum
Let’s Take a Look…
• Patch Reports
Dell World User Forum
Clean Up Unused Patches
• Eventually many of the currently downloaded patch packages will get deployed to all machines that need them. The K1000 can be configured to delete these “no longer needed” packages.
Delete Unused Patches After X Days:
Deletes Patch Package Files
Keeps Patch Signature Files
Patches Will Continue to be Detected
If Ever Needed Again, Will Be Downloaded Again
Dell World User Forum
Review
Patching Success
OS
Office
Adobe
JAVA
Subscription Settings
• Select OSes, SP-levels, Architectures
• Select Languages
• Select Patch Types
Get (thousands of ) Patch Signature Files
DetectAll
Patches
• Detect All Patches on All Machines
Build List of All Patches Needed by Each Machine
Download Packages
• Set K1000 to Download Patches Detected As Missing
(Very few ) Packages Get Downloaded
SchedulePatch
Deployments
• Deploy *All Patches* to Test Machines
• Label +30 Day Old Patches / Unwanted Patches (JRE,iTunes, etc.)
• Deploy *Labeled Patches* to Production Environment
Your Machines Get Patched!
Verification & Clean-Up
• Follow-Up Investigation of Selected Machines / Bulk Reporting
K1000 Cleans-Up Unused Patches
Dell World User Forum
Round-Table Discussion
Topics for discussion:
• Scenarios Not Discussed
– Example: Urgent Patch Deployment (zero day)
• ITNinja Patch Reports
• KACE KB Patch Reports
Dell World User Forum
Thank you.
Dell World User Forum
KACE Support Portal Migrating to Dell Software Support Portal
• Starting in November, all KACE Support Portal material will be migrated to the Dell Software Support Portal
• All service requests will be submitted online or by phone
• Same great content
– Knowledge base articles
– Video tutorials
– Product documentation
– JumpStart training
• Check out the Support Portal Getting Started videos