Walkthrough: Basic patch remediation
This topic walks you through the process of automating the deployment of patches and updates for Microsoft Windows operating systems, using TrueSight Server Automation.
This topic includes the following sections:
The video at right demonstrates the process of patch remediation.
This video demonstrates the process in TrueSight Server Automation version 8.8. As of TrueSight Server Automation version 8.9, a single Deploy Job is created (by default) for the deployment of all BLPackages to target servers that require remediation.
This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch remediation for Windows systems using TrueSight Server Automation.
- Patch analysis is the process of figuring out which systems need which patches, and is described in a different walkthrough.
- Patch remediation is delivering those fixes to the operating system or application.
TrueSight Server Automation supports analysis, download, and deployment of patches for all of the major operating systems.
What is patch remediation?
Patch remediation is the process of packaging and deploying the required patches to targets requiring remediation. TrueSight Server Automation creates the necessary BLPackages and Deploy Job to remediate the targets identified in the patch analysis phase.
After reviewing the results of your Microsoft Windows Patching Job, the next step is to create and run Remediation Jobs. In a Remediation Job, you specify the servers that you want to update and the patches that you want to apply.
The Remediation Job downloads the patches if they are not already downloaded, creates packages, and creates the Deploy Job.
What does this walkthrough show?
This walkthrough continues the patching story developed in Walkthrough: Basic Microsoft Windows patch analysis, which identified missing critical patches on Windows 2008 servers. Using the results of that Patch Analysis Job, this walkthrough:
- Demonstrates how you can set up a remediation job that patches all servers
- Sets up notifications for the results of the job
- Runs the remediation job immediately
- Examines the results of the remediation job
- Runs the original Patch Analysis Job again to show that all target servers are correctly patched
Although this walkthrough describes a Windows 2008 scenario, the same techniques can apply to patching other operating systems.
What do I need to do before I get started?
- For this walkthrough, you need various authorizations. You can log in and perform these tasks as BLAdmin, the TrueSight Server Automation superuser, but BMC recommends a more restrictive approach to granting authorizations. Ideally, you should set up a role that is granted only the authorizations needed for patch management. To learn how to restrict access, see Walkthrough: Restricting permissions for a patching administrator.
- You must have also created a patch catalog (described in a separate walkthrough) and run the Patch Analysis Job (also described in a separate walkthrough).
How to deploy the required patches to targets
This process follows directly from the procedure described in Walkthrough: Basic Microsoft Windows patch analysis.
The New Patch Remediation Job wizard opens. The Remediation Job creates the following items:
If you want a separate Deploy Job created for each BLPackage specified in the Remediation Job (as was the standard behavior in TrueSight Server Automation versions earlier than 8.9), set the Use Single Deploy Job parameter to NO in the Patch Global Configuration dialog box.
On the General panel:
On the Remediation Options panel:
On the Deploy Job Options panel, on the Job Options tab:
|This example uses the default settings for the Deploy phases tab. For information about these options, see Deploy Job - Phase Options.|
Select the Phases and Schedules Tab.
We want the Remediation Job to execute immediately after the creation of the Remediation artifacts.
On the Job Run Notifications, click Next.
Bypassing this panel will use the default notifications that were set up in the Patch Analysis Job in the previous walkthrough.
The executing job appears in the Tasks in Progress view on the console. After the Remediation Job executes, you can view its results under the original Patching Job with which it is associated.
You will see multiple jobs being executed, as the Remediation Job spawns a Deploy Job and a Batch Job.
As you can see, all three phases were successful.
To verify that the patch has been installed successfully, let's run the original Patch Analysis Job again.
Switch to the Patch Analysis Job Results tab in the Object View and wait for the job to finish.
Refresh if needed.
As you can see, the patch was successfully installed on both servers.
Wrapping it up
You have now seen how TrueSight Server Automation manages the collection, analysis, and deployment of patches and hotfixes for the Microsoft Windows operating systems. The process for Linux is very similar.