This topic walks you through the process of automating the deployment of patches and updates for Microsoft Windows operating systems, using BMC BladeLogic Server Automation (BSA).
This topic includes the following sections:
The video at right demonstrates the process of patch remediation.
This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch remediation for Windows systems using BSA.
- Patch analysis is the process of figuring out which systems need which patches, and is described in a different walkthrough.
- Patch remediation is delivering those fixes to the operating system or application.
BSA supports analysis, download, and deployment of patches for all of the major operating systems.
What is patch remediation?
Patch remediation is the process of packaging and deploying the required patches to targets requiring remediation. BSA creates the necessary BLPackages and Deploy Jobs to remediate the targets identified in the patch analysis phase.
After reviewing the results of your Microsoft Windows Patching Job, the next step is to create and run Remediation Jobs. In a Remediation Job, you specify the servers that you want to update and the patches that you want to apply.
The Remediation Job downloads the patches if they are not already downloaded, creates packages, and creates the Deploy Jobs.
What does this walkthrough show?
This walkthrough continues the patching story developed in Walkthrough: Basic Microsoft Windows patch analysis, which identified missing critical patches on Windows 2008 servers. Using the results of that Patch Analysis Job, this walkthrough:
- Demonstrates how you can set up a remediation job that patches all servers
- Sets up notifications for the results of the job
- Runs the remediation job immediately
- Examines the results of the remediation job
- Runs the original Patch Analysis Job again to show that all target servers are correctly patched
Although this walkthrough describes a Windows 2008 scenario, the same techniques can apply to patching other operating systems.
What do I need to do before I get started?
- For this walkthrough, you need various authorizations. You can log in and perform these tasks as BLAdmin, the BSA superuser, but BMC recommends a more restrictive approach to granting authorizations. Ideally, you should set up a role that is granted only the authorizations needed for patch management. To learn how to restrict access, see Walkthrough: Restricting permissions for a patching administrator.
- You must have also created a patch catalog (described in a separate walkthrough) and run the Patch Analysis Job (also described in a separate walkthrough).
How to deploy the required patches to targets
This process follows directly from the procedure described in Walkthrough: Basic Microsoft Windows patch analysis.
The New Patch Remediation Job wizard opens. The Remediation Job creates the following items:
On the General panel:
On the Remediation Options panel:
On the Deploy Job Options panel, on the Job Options tab:
|This example uses the default settings for the Deploy phases tab. For information about these options, see Deploy Job - Phase Options.|
Select the Phases and Schedules Tab.
We want the Remediation Job to execute immediately after the creation of the Remediation artifacts.
On the Job Run Notifications, click Next.
Bypassing this panel will use the default notifications that were set up in the Patch Analysis Job in the previous walkthrough.
The executing job appears in the Tasks in Progress view on the console. After the Remediation Job executes, you can view its results under the original Patching Job with which it is associated.
You will see multiple jobs being executed, as the Remediation Job spawns a Deploy Job and a Batch Job.
As you can see, all three phases were successful.
To verify that the patch has been installed successfully, let's run the original Patch Analysis Job again.
Switch to the Patch Analysis Job Results tab in the Object View and wait for the job to finish.
Refresh if needed.
As you can see, the patch was successfully installed on both servers.
Wrapping it up
You have now seen how BSA manages the collection, analysis, and deployment of patches and hotfixes for the Microsoft Windows operating systems. The process for Linux is very similar.