Creating or modifying a Patch Analysis operation

A Patch Analysis operation allows you to check the patching configuration of servers and deploy required patched to correct deficiencies.

For target servers running all supported operating systems, you can create a Patch Analysis operation based on an existing Patching job created in BMC Server Automation. For target servers running Microsoft Windows or Red Hat Linux, you can define a Patch Analysis operation based on a customized list of patches that you define.

After you run a Patch Analysis operation, you can view results to identify servers where patches are missing. Using those results, you can run remediation operations to deploy any missing patches. Then, you can run your original Patch Analysis operation again to determine if all target servers are now correctly patched.

This topic describes the full capabilities available when you create a Patch Analysis operation. It includes the sections listed below:

To create or modify a Patch Analysis operation

To create or modify a Patch Analysis operation, do one of the following actions from the operations list page:
- Click the Create Operation drop-down list and select a type of operation.
- Position your cursor over an existing operation and click Edit.
  
  The Create Operation page opens. It presents the steps you must follow to create or modify an operation. Headings in a ribbon of chevrons at the top of the page identify each step. After you provide all required information, proceed to the next page by clicking Next (at bottom left) or clicking the next chevron.
  
  At any time you can click Back (at bottom left, not the browser's Back button) to display the previous page in the process.
  
  The blue boxes at right summarize the information provided for each step in the process.

Complete the options on the Definition page.
The Definition page includes the following options:

Option	Description
Name	Name of the operation
Operating System	Patch Analysis operations only: Select the operating system for which you want to define a Patch Analysis operation. Choose from the following operating systems: IBM AIX (only applicable to operations based on Patch Analysis Jobs already created in BMC Server Automation) Red Hat Linux Oracle Solaris SUSE Microsoft Windows
Use Existing Analysis JoborCreate Analysis Job from Catalog	Patch Analysis operations only; not applicable for the AIX operating system: Select Use Existing Analysis Job to base an operation on a Patch Analysis Job already created in BMC Server Automation. Select Create Analysis Job from Catalog to base an operation on a patch catalog. This option lets you choose the patches that the operation analyzes.
Description	Descriptive text for the operation
Security Group	The Security Group option specifies your current role in BSA or realm in BNA. If you are assigned to more than one role or realm, this option is available. If you are assigned to only one role or realm, this option defaults to that role or realm and you cannot edit this option.
Advanced Settings	(Provisioning operations only): Select to use advanced options when defining a VMware Provisioning operation.By default, the wizard for defining a VMware operation requires three simple steps. If you select the Advanced Settings option, the wizard requires additional information, but you have more flexibility when configuring compute, storage, and network resources and additional choices for post-provisioning, job scheduling and notifications.

Note

If you are creating a Patch Analysis operation for Red Hat targets, by default the operation only examines existing patches on targets and compares them to the patches you want to analyze. If an outdated version of the patch exists, the operation flags it.

You can adjust this behavior so the operation looks for both missing and outdated patches. To do so, use BMC Server Automation to modify the definition of the Patching Job created by this operation. On the Analysis Options page, select Install Mode rather than Update Mode.

This limitation does not apply to patch analysis for Microsoft Windows servers.

Depending on whether you chose to create a Patch Analysis operation from an existing Patching job or a patch catalog, complete the wizard pages listed below:

If you are using an existing Patching job, select:	If you are using a patch catalog, select:
a.Content	Not applicable
b. Patches(view only)	a.Patches
c. Targets(view only)	b. Targets
d. Notifications (view only)	c. Notifications (optional)
e. Schedule and Run (view only)	d. Schedule and Run (optional)

When you have finished defining the operation, take any of the following actions:
- Click Execute Now to save the operation and run it immediately.
- Click Finish to save a new operation or Update to save a modified operation.

Notes

After you complete the Content or the Patches page, you can click Finish to save the operation even if some pages are incomplete.

The following sections describe in detail each step in the Operation wizard.

Content

The Content page specifies the Patching job that becomes the basis of the Patch Analysis operation.

The Content page is only available when you use the Definition page to specify that the Patch Analysis operation is based on an existing job.

Important

If you use the Content page to select a BMC Server Automation job, you cannot modify other options in the Operations wizard. All steps are complete, denoted by green checks in the ribbon at the top of the page. You can optionally view the other steps in the wizard.

Find content (in this case a Patching job) by using any of the procedures described below:

Use the Preferred Content tab to select content that an administrator has chosen for you.

Administrators populate the Preferred Content tab by using BMC Server Automation and setting the IS_HIGHLIGHTED property for certain jobs to True.

Select the Preferred Content tab.
Using search or browse, find the preferred content you want to use. To show all applicable preferred content, click load all.
Select an item to use in this operation.
When you make a selection, you are prompted to select a job group unless you have selected a job. Navigate to the job group where this operation can be stored in BMC Server Automation. Select it and click OK.
If you selected a job in the previous step, a job group is already assigned and you cannot modify it.
A default job group may already be assigned for all users at your site or for your portal security group. If a default job group is already assigned, you are not prompted to choose one.
Deploy Operations only: If you are defining a Deploy operation and the content you select is not an existing BMC Server Automation job, you can optionally specify a deploy template, which encapsulates the deploy settings to be used for the new operation.
Click here for the steps to specify a deploy template.
1. Next to the Deploy Template field, click Browse.
  
  A window shows possible deploy templates. (The list of possible deploy templates can be assigned for a portal security group or the entire site.)
2. Select a Deploy job in the list of templates.
  The Deploy job appears in the Selected Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs.
3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.
  
  NoteMany options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.
4. If you have selected a Deploy template that is defined as an Advanced Deploy job in BMC Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:
  Click the Phase Schedules and Execution tab.
  
  Take any of the following actions:
  
  If you do not want to schedule the phases of the remediation action, select Do not execute.
  If you want to schedule all phases to run sequentially, select Execute sequentially and then specify a time zone and a start time for when execution begins.
  If you want to schedule each phase individually, select Execute selected phases. Select a time zone. Then specify a start time for each phase that you want to schedule. Instead of setting a start time, you can click After Previous Phase to indicate that the phase should begin after the previous phase completes. You can also click Not Scheduled to specify that a particular phase is not scheduled.
5. Click OK. The settings in the Deploy job that the template identifies are used to define the Deploy operation you are creating.

Perform a text search to identify the job or other material that forms the basis of an operation.

Select Search content, enter a text string in the text box at right, and then click Search . You can click without entering any text to show all possible content.
The results of the search appear in a list. For each item in the list, the portal provides the BMC Server Automation folder where the item is stored.
Results of a search return the first 100 items found.
Optionally, use the filters at left to refine your search.

When performing a search, you can limit results to certain types of content. For example, if you are defining a Compliance operation and you want to limit content to templates, select Template. Search results then display only templates.If you do not choose to limit search results, the portal displays all types of content.To clear all filtering choices, click clear all.
In the list, select an item to use in this operation.
When you make a selection, you are prompted to select a job group unless you have selected a job. Navigate to the job group where this operation can be stored in BMC Server Automation. Select it and click OK.
If you selected a job in the previous step, a job group is already assigned and you cannot modify it.
A default job group may already be assigned for all users at your site or for your portal security group. If a default job group is already assigned, you are not prompted to choose one.
Deploy Operations only: If you are defining a Deploy operation and the content you select is not an existing BMC Server Automation job, you can optionally specify a deploy template, which encapsulates the deploy settings to be used for the new operation.
Click here for the steps to specify a deploy template.
1. Next to the Deploy Template field, click Browse.
  
  A window shows possible deploy templates. (The list of possible deploy templates can be assigned for a portal security group or the entire site.)
2. Select a Deploy job in the list of templates.
  The Deploy job appears in the Selected Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs.
3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.
  
  NoteMany options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.
4. If you have selected a Deploy template that is defined as an Advanced Deploy job in BMC Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:
  Click the Phase Schedules and Execution tab.
  
  Take any of the following actions:
  
  If you do not want to schedule the phases of the remediation action, select Do not execute.
  If you want to schedule all phases to run sequentially, select Execute sequentially and then specify a time zone and a start time for when execution begins.
  If you want to schedule each phase individually, select Execute selected phases. Select a time zone. Then specify a start time for each phase that you want to schedule. Instead of setting a start time, you can click After Previous Phase to indicate that the phase should begin after the previous phase completes. You can also click Not Scheduled to specify that a particular phase is not scheduled.
5. Click OK. The settings in the Deploy job that the template identifies are used to define the Deploy operation you are creating.

Navigate to a job or other material that forms the basis of an operation.

Select the Browse tab. A list of folders appears at left.
Navigate to the folder containing the content you want to use. If the folder holds content that is appropriate for this type of operation, the content appears in the list at right.
Select an item from the list to use in this operation.

To find content, you may need to navigate through a folder structure. As you traverse folders, a trail of "bread crumbs" appears above the Folder list. You can select any name in the bread crumbs to display the contents of that folder.
When you make a selection, you are prompted to select a job group unless you have selected a job. Navigate to the job group where this operation can be stored in BMC Server Automation. Select it and click OK.
If you selected a job in the previous step, a job group is already assigned and you cannot modify it.
A default job group may already be assigned for all users at your site or for your portal security group. If a default job group is already assigned, you are not prompted to choose one.
Deploy Operations only: If you are defining a Deploy operation and the content you select is not an existing BMC Server Automation job, you can optionally specify a deploy template, which encapsulates the deploy settings to be used for the new operation.
Click here for the steps to specify a deploy template.
1. Next to the Deploy Template field, click Browse.
  
  A window shows possible deploy templates. (The list of possible deploy templates can be assigned for a portal security group or the entire site.)
2. Select a Deploy job in the list of templates.
  The Deploy job appears in the Selected Deploy Template field. To remove a Deploy template, select the Deploy job again from the list of possible Deploy jobs.
3. Optionally, inspect the settings of the template by clicking Details. The portal lists settings for the selected job, such as its logging level and reboot settings. To return to the list of template jobs, click Templates.
  
  NoteMany options are available for controlling the behavior of a Deploy Job (that is, a deploy template) used for remediation purposes. See here for a complete list. For instructions on using BMC Server Automation to implement those options, see Setting deploy options for remediation jobs.
4. If you have selected a Deploy template that is defined as an Advanced Deploy job in BMC Server Automation, you can schedule the individual phases of the remediation operation (that is, simulate, stage, and commit). Take the following steps:
  Click the Phase Schedules and Execution tab.
  
  Take any of the following actions:
  
  If you do not want to schedule the phases of the remediation action, select Do not execute.
  If you want to schedule all phases to run sequentially, select Execute sequentially and then specify a time zone and a start time for when execution begins.
  If you want to schedule each phase individually, select Execute selected phases. Select a time zone. Then specify a start time for each phase that you want to schedule. Instead of setting a start time, you can click After Previous Phase to indicate that the phase should begin after the previous phase completes. You can also click Not Scheduled to specify that a particular phase is not scheduled.
5. Click OK. The settings in the Deploy job that the template identifies are used to define the Deploy operation you are creating.

_{Back to list of steps}

Patches

From the Patches page, you select the patches you want to analyze.

The Patches page is only editable when you use the Definition page to specify that the operation is based on a patch catalog.

To identify the patches used in a Patch Analysis operation, you specify patches to include and exclude. You can specify individual patches, patch groups, and patch smart groups that are based on patch characteristics. The Patch Analysis operation compiles an "include" list and an "exclude" list and removes any patch from the include list if it also appears in the exclude list. Some organizations call the include list a "white list" and the exclude list a "black list."

This approach lets you use smart groups, which can be powerful tools for collecting patches. (Patch smart groups are defined in BMC Server Automation.) However, because smart group content is generated dynamically, multiple groups can potentially include the same patch. If the same patch appears in both an include and an exclude list, the patch is not included in the Patch Analysis operation. Remember, the include list minus the exclude list determines the list of patches to analyze.

Note

If you base a Patch Analysis operation on an existing Patching job, you can use the Patches window to view patches that have been selected for the operation, but you cannot modify the choice of patches.

To select patches for analysis

The behavior of the Patches page changed in version 2.2.00.002. The following sections describe the current behavior and the behavior in older releases.

Version 2.2.00.002 and later

In the drop-down list at top left, select the patch catalog that contains the patches you want to analyze.
Patch catalogs must be created in BMC Server Automation.
When you make a patch catalog selection, you are prompted to select a job group. Navigate to the job group in BMC Server Automation where you want to store this operation. Select it and click OK.
The window displays all patch groups, including custom groups, that are included in the patch catalog.
If necessary, you can run a patch analysis against the entire patch catalog. The Finish and Next buttons become enabled when you select a catalog.
To select particular patch groups for the operation (and not individual patches, as described in the next step), include or exclude patch groups. For each group, click the slider to the right to include it or to the left to exclude it .
The Selected Patches list shows the groups you have chosen to include or exclude.
Note
If you exclude a patch group, you must also include one or more patch groups or patches.
If you include patch smart groups, be aware that the patches evaluated are those included in the smart group at the time the operation executes rather than the time you define the operation. In some situations, patches could be added to or removed from a smart group between the time the operation is defined and the time it actually runs.
To include or exclude individual patches, take the following actions:
1. Select a patch group. A blank list and a search box appear below the selected group.
2. Find patches to include or exclude by entering text in the search box and clicking Search. To show all patches in the selected patch group, leave the search box empty and click Search .
3. Select Include , Exclude , or Cancel for the patches you want to include.
  When you exclude one or more patches, all other patches in the patch group are included.
Optionally, you can modify the Selected Patches list by clicking the the row for that item, which removes the item from the list.
You can also cancel an exclude or include of a patch group by clicking the slider in the center to set the status of that group back to neutral. You can cancel an include or exclude for a particular patch by clicking Cancel on the row for that patch.

Version 2.2.00

In the drop-down list at top left, select the patch catalog that contains the patches you want to analyze.
Patch catalogs must be created in BMC Server Automation.
When you make a patch catalog selection, you are prompted to select a job group. Navigate to the job group in BMC Server Automation where you want to store this operation. Select it and click OK.
The window displays the patches, organized by patch group, that are included in the patch catalog.
Select the patches and patch groups you want to include or exclude. If necessary expand a patch group to see the patches it contains. For each item you want to include or exclude, click the slider to the right to include it and click the slider to the left to exclude it.
The Selected Patches list shows the patches you have chosen.
If necessary, click in the Search box and enter a text string to show only patches with names that contain that text string.
Note
If you select patch smart groups, be aware that the patches evaluated are those included in the smart group at the time the operation executes rather than the time you define the operation. In some situations, patches could be added to or removed from a smart group between the time the operation is defined and the time it actually runs.
Optionally, you can modify the Selected Patches list by clicking the row for that item, which removes the item from the list.
You can also click the slider in the center to remove an include or exclude selection and return it to a neutral status.

_{Back to list of steps}

Targets

The Targets page specifies the targets that an operation acts on when it executes. For targets, you can choose servers, server groups, components, or component groups.

The Targets page is only editable when you use the Definition page to specify that the operation is based on a patch catalog.

Note

You cannot modify targets when the operation you are creating is based on a job that was defined in BMC Server Automation. In that case, you must use the targets defined in the job.

To specify targets

To specify targets, do one of the following:
- If you selected a job on the Content page of the operation wizard and targets were already defined for the job, you do not have to specify additional targets. The procedure is complete.
- If you selected a job as content and targets are already defined for that job but you want to modify the list of existing targets, proceed to the next step.
- If you are modifying an existing operation and targets are already defined, you may want to show those targets. If so, click Load selected targets in the blue information box for the Targets section at right. Then proceed to the next step.
- If you selected something other than a job on the Content page of the operation wizard, you must specify targets. Proceed to the next step.
Find targets by following either of the procedures described below:

Search for targets
Browse for targets

1. Select the Search tab
2. Enter a text string in the Search text box.
  Your text is matched against any text visible on screen, such as part of a server name or description.
  Search strings cannot include spaces or hyphens.
  Note that for server searches, you enter data into an elliptical text field. The elliptical shape distinguishes server searches from other types of search.
3. Optionally, use the filters at left to refine your search.
4. In the list, select one or more targets to use in this operation. If a target has already been selected (denoted by a green check), you can remove it from the list by selecting it again.

1. Select the Browse tab. A list of folders appears at left.
2. Navigate to the folder containing the target you want to use and select it. If a selected folder contains targets, they appear in the list of potential targets.
3. Optionally, you can inspect the properties of potential targets by clicking and selecting Show properties. A dialog box shows the properties of the target, as defined in BMC Server Automation.
  Inspecting properties allows you to learn more about a target before you take any action on it. You can inspect the properties of groups and folders as well as individual targets.
4. Select one or more targets to use in this operation. If a target has already been selected (denoted by a green check), click the target to remove it from the list of selected targets. In addition to selecting individual targets, you can also select groups and folders as targets.

_{Back to list of steps}

Notifications

The Notifications page defines notifications that are generated based on conditions you specify. For example, you can instruct the portal to send an email when an operation fails or aborts.

The Notifications page is only editable when you use the Definition page to specify that the operation is based on a patch catalog.

_{Back to list of steps}

Schedule and Run

The Schedule & Run page is where you schedule the execution of an operation. From this page, you can also run an operation immediately.

The Schedule & Run page is only editable when you use the Definition page to specify that the operation is based on a patch catalog.

Note

If an operation uses a deploy template based on an Advanced Deploy Job in BMC Server Automation, you cannot set a schedule using the Schedule & Run page. Instead, the operation uses the schedule defined in the deploy template.

To run an operation immediately

At the bottom, click Execute Now. The operation is saved and runs immediately.

After you have defined content for an operation, the Execute Now option is always available.

To schedule an operation

Specify a time for the operation to run by clicking the clock icon beside Start At.
An interface similar to a digital clock appears.
Set the hour and time. Then click AM or PM to toggle between those choices.
At right of the clock icon, select a time zone.
Set the interval at which the operation runs:
- Run Once
- Daily
- Weekly—If you select this option, you must also select the day of the week and specify the weekly interval, such as every 2 weeks.
- Monthly—If you select this option, you must also select one of the following options for when the operation runs:
  - A date, such as Day 15.
  - A weekday, such as Second Monday,.
  - The last day of the month.
- Interval—If you select this option, you must also select the first date for running the operation and the interval at which it runs afterwards, such as every 8 hours.
Click .
The operation appears in the list of scheduled operations.

To delete a scheduled operations

Select the operation and click Remove .

Requesting job approvals

If you integrate BladeLogic Portal with BMC Atrium Orchestrator, you can request a job approval through BMC Remedy ITSM Change Management for any BladeLogic Portal operation.

If the content of an operation is a job already defined in BMC Server Automation and that job is defined to require job approval, the portal shows that job approval information in a read-only format. If the BMC Server Automation job does not include job approval, the portal does provide any options for job approval.

BAOApproval Information.gif

To request job approval

For Approval Type, select one of the following options:
- Manual Approval—Use this option for jobs that require a BMC Remedy ITSM administrator to review the job details and impact level prior to approving execution. By default, this option generates a change request with a Change Timing value of Normal.
- No Approval Required—Use this option if you are not required to enter the additional BMC Remedy ITSM parameters. If a job type requires approval and you select No approval, the approval mechanism is bypassed and the job executes either immediately or as scheduled.
- Emergency Approval—Use this option for jobs that need immediate attention and must be run immediately. By default, this option generates a change request with a Change Timing value of Emergency and an Urgency value of High.
- Automatic Approval—Use this option for change requests that use an Approval Process Configuration form to automatically approve the request. By default, this option generates a change request with a Change Timing value of No impact.
If you want to customize the approval request, click Show Advanced Options and provide the information for any of the following options:
- Change Type—Enter the type of change being requested.
- Impact—Select the scope of the change being requested. For example, is the job targeted for one server or a large number of servers? The default value is Minor/Localized.
- Risk Level—Select the severity of the change being requested.

_{Back to list of steps}

Creating or modifying a Patch Analysis operation

To create or modify a Patch Analysis operation

Content

Patches

To select patches for analysis

Version 2.2.00.002 and later

Version 2.2.00

Targets

To specify targets

Notifications

Schedule and Run

To run an operation immediately

To schedule an operation

To delete a scheduled operations

Requesting job approvals

On this page