Patching Your First Device
The following topics guide you through the four steps required to patch your first device. You get to know the quickest way to ensure that your device is protected from attacks. After successfully patching your first device you have a basic idea of the general process and you can find out how to make patching even more efficient.
Scanning a device for missing patches
Before you can start deploying patches, you must find out which patches and service packs are missing on the respective devices. To do so, proceed as follows:
- Click the Patch Management view in the left window pane.
All elements of Patch Management are displayed.
- Click Patch Detection.
- Click the Edit > Scan Device menu item.
The Assign to Device dialog appears.
- Click Scan Device .
- Click All in the left window bar.
All available devices are now displayed in the right window pane.
- Select the desired target.
- Click OK.
The window is closed and the Scheduler window appears.
- Click OK to to confirm the default schedule and scan immediately and only once for missing patches.
The device is scanned for missing patches and added to the Scanned Devices under the Patch Detection.
- Click Patch Detection > Scanned Devices.
In the right window pane you can follow the progress of the scan via the Status column.
- Wait until the status
Scan completedis displayed.
The missing patch inventory is now generated.
You successfully scanned a device for missing patches. An overview of the missing patches was created and can be used to fix security problems.
Assessing missing patches
The scan of a device has determined all:
- Missing patches,
- Missing service packs,
- Installed patches and
- Installed service packs.
In this step you check the installed and missing patches to get an idea which patches you want to deploy first. To do so, proceed as follows:
- Go to Patch Management> Patch Detection> Scanned Devices> Your Scanned Device> Installed Patches to check which patches already been installed.
All installed patches for this device are listed in the right window pane. They are ordered by severity and you find further information such as name, product and language.
Click Missing Patches in the left window pane to check which patches are missing.
Missing patches with the status
Criticalshould be fixed immediately, whereas
Lowindicates the lowest severity.
You got an overview of all installed patches as well as missing patches which pose a threat to the security of the device in your network.
After you have scanned a device for patches and got an overview of the current situation, your next task is to fix the most urgent ones. All you have to do, is to select the patches that must be deployed and the Patch Manager will automatically download and apply the patches on the device. To do so proceed as follows:
- Ensure that Patch Management> Patch Detection> Scanned Devices> Your Scanned Device> Missing Patches is selected.
Select the patches you want to deploy for the device.
You can select multiple patches at the same time. BMC recommends you deploy patches with the highest severity first.
- Click Fix.
The Patch/Service Pack Distribution Wizard dialog appears.
- Ensure that the Select the type of deployment you would like to perform. radio button is selected and click Finish.The wizard closes and under Patch Management> Patch Deployment a new patch group is listed.
You created a new patch group which immediately downloads and deploys the selected patches to the target device.
If you install a patch without rebooting the device, the patch management module is suspended on your device. You cannot perform any actions like scanning and patching on such device. The device uploads the suspend information on the master. This information is available on the Status tab of the Inventory node to query and resolve. This information is updated every time there is a change in the suspend status.
Patch management automatically undertakes all steps from downloading, assigning to installing patches. You can monitor the deployment process in real-time to follow its progress. To do so, proceed as follows:
Go to Patch Management> Patch Deployment> Your Patch Group and select the Patches tab to follow the download progress.
Before being deployed to a device, patches must be downloaded first.
When all patches have the status
Availablego to Your Patch Group> Assigned Objects> Devices in the left window pane to follow the progress of the patch deployment.
In this table you can follow the actual patching progress for the device via the Details column. The final status is either
Reboot may be necessaryif all patches were installed but a restart of at least one device is required before proceeding,
Some patches failedif at least one patch could not be installed on at least one device or
- an empty field for a successful installation.
- Wait until the device has the status
Patch group successfully installed, that is, that the Details box becomes empty.
After the installation the device is immediately scanned for patches again and the list of Missing Patches and Installed Patches is updated.
- To verify the successful installation go to Missing Patches and Installed Patches of Patch Detection> Scanned Devices> Your Scanned Device.
Notice that the deployed patches have disappeared from the Missing Patches view and moved to the Installed Patches.
You installed patches on a particular device and thereby made the device more secure. To further improve security install other missing patches that affect your device.