This topic walks you through the process of using BMC BladeLogic Server Automation (BSA) to analyze the Microsoft Windows systems in your environment to see if there are systems that require patches and updates.
This topic includes the following sections:
This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch analysis for Windows systems using BSA.
BSA supports analysis, download, and deployment of patches for all of the major operating systems. See "Patch management support" under Supported platforms for version 8.7.
Patch management refers to the acquisition, testing, and installation of patches to ensure that servers are always in compliance with organizational policies.
Due to the number of servers being managed, multiplied by the vast amount of patches released by the software and OS vendors, patch management has become one of the most time consuming tasks for many IT organizations. BSA automates the process of building and maintaining a patch repository, analyzing target servers, and, if necessary, packaging and deploying patches. At the end of the process, reports are available to show compliance.
This walkthrough shows how to use a Patch Analysis Job to identify missing critical patches on Windows 2008 servers. The Patch Analysis Job created in the walkthrough:
The walkthrough also shows how to view Patch Analysis results for Windows 2008 systems and to determine which critical patches need to be applied.
Step | Example screen |
---|---|
Create the Patching Job.
| |
Define the general settings on the New Windows Patching Job General panel.
| |
Define the analysis options for the job. In this panel, you specify a group of patches and/or hotfixes to be included in the job, or a list of your own. This example creates a Windows Patching Job uses two previously created smart groups that look for Windows Bulletins and hotfixes newer than 10 days and with a vendor impact of critical.
|
|
On the Remediation Options Tab, you define what to do when we find our target out of compliance with the Patch Catalog. BSA can create the BLPackages and Deploy Jobs automatically as part of the Patching Job, if needed.
| |
On the Targets panel, select the servers that are the targets of this Windows Patching Job.
| |
On the Default Notifications panel, configure the default notification settings. The defaults are used for all runs of this job unless you override them with notification settings for a scheduled job. This example sends an email to the patch administrator for any targets that have failed analysis, and appends detailed patch analysis results with the e-mail. Click Next. The Schedules page appears. | |
On this page we set up the job to run immediately and then to run on Wednesday every week afterwards, during the maintenance window. (The patch catalog used by the job is updated every Tuesday)
This example uses the defaults for the remaining two wizard panels, Properties and Permissions. | |
Once the job starts to execute, the Tasks in Progress pane appears and shows you which tasks are running at this moment on this BSA application server. In a typical BSA production environment you will see many jobs running at the same time performing many different tasks. Tip To show the Tasks in Progress pane in full screen mode, double-click the Tasks in Progress tab. This gives you more room to expand the columns in the pane. To return the view to its original size, double-click the tab again. Wait for the job to finish and click Refresh if needed. | |
To view the results of the Patching Job:
| |
Identify the servers with missing patches or hotfixes.
The right panel shows a summary of the job results, including the numbers of missing patches and hotfixes for each server. | |
Identify the missing patches or hotfixes.
In our example, there are a number of critical hotfixes that have been identified for the server.
| |
Optionally, you may want to examine the properties of a patch or a hotfix before choosing to apply it to your servers.
As this patch fixes a potential security vulnerability, and is missing on both servers, we will apply this patch to remediate the servers in the next walkthrough (Basic patch remediation). |
|
Click Close. |
We have seen how BSA manages the analysis of patches for the Microsoft Windows operating system. Now that you have all information regarding the patch level of the servers, you can decide to remediate them by packaging and deploying the missing patches and hotfixes to the servers.
Walkthrough: Basic patch remediation
The following BladeLogic ZipKit provides a pre-configured component template that performs a number of actions to determine patch readiness on Windows systems:
Blade ZipKit - Component Template with Remediation - Patch Readiness for Windows