Walkthrough: Basic patch remediation

This topic walks you through the process of automating the deployment of patches and updates for Microsoft Windows operating systems, using TrueSight Server Automation. 

This topic includes the following sections:

The video at right demonstrates the process of patch remediation.

Note

This video demonstrates the process in TrueSight Server Automation version 8.8. As of TrueSight Server Automation version 8.9, a single Deploy Job is created (by default) for the deployment of all BLPackages to target servers that require remediation.

icon-play2x.png  https://youtu.be/SXAhfQ_mYtM

Introduction

This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch remediation for Windows systems using TrueSight Server Automation. 

  • Patch analysis is the process of figuring out which systems need which patches, and is described in a different walkthrough
  • Patch remediation is delivering those fixes to the operating system or application. 

TrueSight Server Automation supports analysis, download, and deployment of patches for all of the major operating systems.

What is patch remediation?


Patch remediation is the process of packaging and deploying the required patches to targets requiring remediation. TrueSight Server Automation creates the necessary BLPackages and Deploy Job to remediate the targets identified in the patch analysis phase.

After reviewing the results of your Microsoft Windows Patching Job, the next step is to create and run Remediation Jobs. In a Remediation Job, you specify the servers that you want to update and the patches that you want to apply. 

 The Remediation Job downloads the patches if they are not already downloaded, creates packages, and creates the Deploy Job.


What does this walkthrough show?

This walkthrough continues the patching story developed in Walkthrough-Basic-Microsoft-Windows-patch-analysis, which identified missing critical patches on Windows 2008 servers. Using the results of that Patch Analysis Job, this walkthrough:

  • Demonstrates how you can set up a remediation job that patches all servers
  • Sets up notifications for the results of the job
  • Runs the remediation job immediately
  • Examines the results of the remediation job
  • Runs the original Patch Analysis Job again to show that all target servers are correctly patched

Although this walkthrough describes a Windows 2008 scenario, the same techniques can apply to patching other operating systems.

What do I need to do before I get started?

  • For this walkthrough, you need various authorizations. You can log in and perform these tasks as BLAdmin, the TrueSight Server Automation superuser, but BMC recommends a more restrictive approach to granting authorizations. Ideally, you should set up a role that is granted only the authorizations needed for patch management. To learn how to restrict access, see Walkthrough-Restricting-permissions-for-a-patching-administrator.
  • You must have also created a patch catalog (described in a separate walkthrough) and run the Patch Analysis Job (also described in a separate walkthrough).

How to deploy the required patches to targets

Wrapping it up

You have now seen how TrueSight Server Automation manages the collection, analysis, and deployment of patches and hotfixes for the Microsoft Windows operating systems. The process for Linux is very similar.

Where to go from here

Walkthrough-Basic-Red-Hat-Linux-patch-analysis

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*