Patch catalog - Windows Catalog

The Windows Catalog tab determines whether the catalog operates in Online or Offline Mode and defines a number of options.

Defined options include locations (such as location of the source files, the repository, the signature file, and so on) as well as filters and whether local copies of the files are created on the target server or downloaded directly during deployment.

Note

After a catalog option update, ensure you update the patch catalog for the catalog option update to take effect.

The following sections provide more information about the Windows Catalog tab:

Before you begin

  • Depending on whether you are creating an online or offline patch catalog, perform the following prerequisites steps to download and use the patch metadata files:

    Unsupported parameter for macro: nextAfter, id, tags, effectType Due of this, the macro might have some unexpected results.

  • If your Windows operating system uses the windows update service (Windows 2008 and later versions), ensure that the windows update service is enabled and set to automatic. You must also ensure that the Never check for updates option is selected in the Windows Update settings so that there is no conflict with patching in BMC Server Automation.
  • For a Windows patch catalog, you need to define a Windows Helper Server location. It can be a temporary directory on any Windows server. BMC Server Automation uses the Windows Helper server to decrypt shavlik files that are downloaded from the vendor site. For a basic architecture diagram of the Windows Helper Server, see Storage locations.

Catalog Mode

Select one of two options:

  • Source from Vendor (Online Mode): Use this mode if the BMC Server Automation Application Server is installed on a server with Internet access.
  • Source from Disk Repository (Offline Mode): Use this mode in a secured environment where download occurs on a server, with Internet access, outside of the environment.

Repository Options

Enter the following information:

Field

Description

Windows Helper Server Location (NSH Path)

(Mandatory) NSH path to a user-defined, temporary directory on a Microsoft Windows server

The temporary directory is used by BMC Server Automation to extract metadata. BMC Server Automation must have write access to this location.

Payload Source Location (NSH Path)

(Offline only) Location of existing metadata and payload files
Metadata files stored in this location are copied to the catalog automatically. Payload files are not copied to the catalog.
Note: Payload files are not required to create the patch catalog.

Repository Location (NSH Path)

NSH path to the location of the patch repository
BMC recommends that this location have ample free space. Repositories typically contain many files, usually totaling gigabytes of data. The repository can be on either a Linux or Windows host computer.

Patch Signature File (hfnetchk)

(Offline only) Depot location of the signature file, either hf7b.cab or hf7b.xml, originally downloaded from Shavlik Technologies
Note: For the offline mode, you must add the hf7b.cab or hf7b.xml file to the depot workspace.

For offline mode, the Patch Signature File needs to be added to the Depot after each execution of the offline downloader utility and the Patch Catalog definition needs to be modified to point to the newly added Depot Objects.

Package Info File (pd5)

(Offline only) Depot location of the Information File, either pd5.cab or pd5.xml, originally downloaded from Shavlik Technologies
Note: For the offline mode, you must add the pd5.cab or pd5.xml file to the depot workspace.

For offline mode, the Package Info File needs to be added to the Depot after each execution of the offline downloader utility and the Patch Catalog definition needs to be modified to point to the newly added Depot Objects.

Depot Object Options

Enter the following information:

Field

Description

Network URL type for payload deployment

  • (default) Copy to agent at staging: The BMC Server Automation Application Server copies patch payloads to a staging directory on the target server during the Deploy Job staging phase.
  • Agent mounts source for direct use at deployment (no local copy): A Deploy Job instructs the agent on a target server to:
    • mount the device specified in the URL
    • deploy patch payloads directly to the agent
      If you select this option, the Deploy Job does not copy patch payloads to a staging area on the agent, so the job does not create any local copies of the patches on target servers.

Note

(Only for Windows 2012 targets) Before you enable the Agent mounts source for direct use at deployment (no local copy) option, you need to add the mounted device in the security zone of the target. This can be done by making the following changes to the registry of the target.

  1.  Under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscRanges\, create a key with the name Range1. If key Range1 already exists, create a key with the next available number (for example Range2, Range3, Range4 and so on).

  2. Create the following values under the Range1 key:

    Value Name

    Value Data

    :Range

    <mountedDeviceIPAddress>

    file
    1 hexadecimal

Network URL for payload deployment

The value entered here depends on your selection in the Network URL type for payload deployment box.

  • If you chose Copy to agent at staging, do not enter a value here. The value is populated based on the repository location.
  • If you chose Agent mounts source for direct use at deployment (no local copy), enter the SMB URL. For more information on the URL syntax, see URL syntax for network data transmission.

RBAC Policy

Browse to and select a predefined ACL Policy. Permissions defined by the ACL Policy are assigned to all Depot Objects created in the catalog.

Download from Vendor

(Online Only) To download the payload (executables) at the same time as the metadata, select the Download from Vendor check box.
Tip: You can also download the payload by right-clicking the catalog and selecting Download.

Filters

Filters limit the amount of information brought into the catalog. You define a combination of product and language (such as Microsoft Windows 2008 — English). There is no limit on the number of filters you can create but you must have at least one. Only those hotfixes and bulletins that match the combinations you define are added to the catalog.

If you are working in Offline Mode, the product/language combinations you define must match those defined in the configuration file used by the download utility.

You can define filters during catalog creation or later, when editing the catalog. Click Add Filter and enter the following:

Field

Description

Product

Select a product from the list provided.

Language

Select the appropriate language for the product.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*