Walkthrough: Basic patch remediation


This topic walks you through the process of automating the deployment of patches and updates for Microsoft Windows operating systems, using BMC BladeLogic Server Automation (BSA). 

This topic includes the following sections:

The video at right demonstrates the process of patch remediation.

Introduction

This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch remediation for Windows systems using BSA. 

  • Patch analysis is the process of figuring out which systems need which patches, and is described in a different walkthrough
  • Patch remediation is delivering those fixes to the operating system or application. 

BSA supports analysis, download, and deployment of patches for all of the major operating systems. See "Patch management support" under Supported-platforms-for-version-8-7.

What is patch remediation?

Patch remediation is the process of packaging and deploying the required patches to targets requiring remediation. BSA creates the necessary BLPackages and Deploy Jobs to remediate the targets identified in the patch analysis phase. 

After reviewing the results of your Microsoft Windows Patching Job, the next step is to create and run Remediation Jobs. In a Remediation Job, you specify the servers that you want to update and the patches that you want to apply. 
The Remediation Job downloads the patches if they are not already downloaded, creates packages, and creates the Deploy Jobs. 

What does this walkthrough show?

This walkthrough continues the patching story developed in Walkthrough-Basic-Microsoft-Windows-patch-analysis, which identified missing critical patches on Windows 2008 servers. Using the results of that Patch Analysis Job, this walkthrough:

  • Demonstrates how you can set up a remediation job that patches all servers
  • Sets up notifications for the results of the job
  • Runs the remediation job immediately
  • Examines the results of the remediation job
  • Runs the original Patch Analysis Job again to show that all target servers are correctly patched

Although this walkthrough describes a Windows 2008 scenario, the same techniques can apply to patching other operating systems.

What do I need to do before I get started?

  • For this walkthrough, you need various authorizations. You can log in and perform these tasks as BLAdmin, the BSA superuser, but BMC recommends a more restrictive approach to granting authorizations. Ideally, you should set up a role that is granted only the authorizations needed for patch management. To learn how to restrict access, see Walkthrough-Restricting-permissions-for-a-patching-administrator.
  • You must have also created a patch catalog (described in a separate walkthrough) and run the Patch Analysis Job (also described in a separate walkthrough).

How to deploy the required patches to targets

Wrapping it up

You have now seen how BSA manages the collection, analysis, and deployment of patches and hotfixes for the Microsoft Windows operating systems. The process for Linux is very similar.

Where to go from here

Walkthrough-Basic-Red-Hat-Linux-patch-analysis

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*