getting started with patching (patching 101)

28
Dell World User Forum UFIL518: Getting Started with Patching Veryl White, Senior Trainer Peter Doerfer, Senior Trainer Dell World User Forum

Upload: dell-world

Post on 17-Jul-2015

85 views

Category:

Software


1 download

TRANSCRIPT

Page 1: Getting Started with Patching (Patching 101)

Dell World User Forum

UFIL518: Getting Started with Patching

Veryl White, Senior Trainer

Peter Doerfer, Senior Trainer

Dell WorldUser Forum

Page 2: Getting Started with Patching (Patching 101)

Dell World User Forum

Agenda

• Patching Overview

• Glossary of Terms

• Subscribing & Downloading

• Detecting & Deploying Patches

• Now what?

Page 3: Getting Started with Patching (Patching 101)

Dell World User Forum

Patching Overview – Plan of Action

Subscription Settings

• Select OSes, SP-levels, Architectures

• Select Languages

• Select Patch Types

Get (thousands of ) Patch Signature Files

DetectAll

Patches

• Detect All Patches on All Machines

Build List of All Patches Needed by Each Machine

Download Packages

• Set K1000 to Download Patches Detected As Missing

(Very few ) Packages Get Downloaded

SchedulePatch

Deployments

• Deploy *All Patches* to Test Machines

• Label +30 Day Old Patches / Unwanted Patches (JRE, iTunes, etc.)

• Deploy *Labeled Patches* to Production Environment

Your Machines Get Patched!

Verification & Clean-Up

• Follow-Up Investigation of Selected Machines / Bulk Reporting

K1000 Cleans-Up Unused Patches

Page 4: Getting Started with Patching (Patching 101)

Dell World User Forum

Glossary

Page 5: Getting Started with Patching (Patching 101)

Dell World User Forum

Importance of Patches

Security – A really important patchNon-Security – A really important patchOS Patch – A really important patchApp Patch – A really important patchCritical – A really important patchRecommended – A really important patch

Defining Terms – What are patches?

Patch Signature

A small ‘’pattern-matching’’ file, necessary for detecting whether a specific patch is needed by a machine.

Patch Package

A larger file containing the actual payload, necessary for deploying the patch to a machine.

Quite often these are meaningless distinctions. For instance Microsoft considers Operating System Service Packs as Application Patches! They also frequently mark Security fixes as non-Security patches!

Page 6: Getting Started with Patching (Patching 101)

Dell World User Forum

Demo: Patch ListingPatch Listing Demonstration Guided Walk-Through

Active, Inactive

Downloaded, Not-Downloaded

Patched, Not Patched, Error

Impact, Severity

Patch Detail

Page 7: Getting Started with Patching (Patching 101)

Dell World User Forum

Subscribing to andDownloading Patches

Page 8: Getting Started with Patching (Patching 101)

Dell World User Forum

Getting Patches

Subscribe to Signatures

OS, Architecture, Service Pack levelsPatch TypesExclusions

Signature Download

Delayed – on purposeGet them (at least) daily

Package Download

Only “Needed” PatchesGet them often

Page 9: Getting Started with Patching (Patching 101)

Dell World User Forum

Subscribe to the OS, Architectures, and Service Pack levels you have

Subscription Settings

Use the Software Inventory!

• Saved queries will be useful for now…and later!

Advanced Search

Smart Label

Security, OS/APP, Severity, etc.

• Remember the caveats we already mentioned:

Will you always agree with the patch vendor on the “importance” of a patch?

Software Installers?

Use Patch Labels to exclude patches you want ignored in your environment.

Select the Patch Types you want

Page 10: Getting Started with Patching (Patching 101)

Dell World User Forum

Signature Files

Downloading Patches

• Patches may come out at any time during the month, due to our patch-provider testing the Patches prior to releasing them! This is a good thing!

• Be sure to download at least once a day, to ensure you always have the latest patches for detections.

Package Files• Once the K1000 has detected which of the patches are needed by your

machines, it can then download only those packages.• The more often your K1000 downloads the needed patches, the sooner they

are available for deployment.

Page 11: Getting Started with Patching (Patching 101)

Dell World User Forum

Detecting & Deploying Patches

Page 12: Getting Started with Patching (Patching 101)

Dell World User Forum

Detections and Deployments

Detect

Compatible Patches DetectedSilent, Non-invasive

Deploy

Only “Needed” PatchesInstalled in batchesSilent or Interactive

Discuss

What works?

Page 13: Getting Started with Patching (Patching 101)

Dell World User Forum

Detect Schedule

• Schedule a regular Detect on all of your machines to keep the K1000 updated on which patches are needed by which machines.

• The K1000 will use the Patch Signature, to detect which patches are needed on each machine you target.

• It will only detect the need for those patches that are compatible with the OS (etc.) on that machine. This will build a list of needed patches for each individual machine.

• The combined lists of these needed patches make up the Package Download manifest, minus packages that have already been downloaded.

Page 14: Getting Started with Patching (Patching 101)

Dell World User Forum

Deploy Schedule

Deploy Patches

Reboot

Page 15: Getting Started with Patching (Patching 101)

Dell World User Forum

Deploy Schedule

Most Important Settings:• Patch Action:

Deploy

• Machine Selection:

Machine Smart Label

Chassis Type contains Laptop AND

Label Names does not contain Test Machines

• Detect Patch Label Selection

• Deploy Patch Label Selection

• Reboot Options Prompt User

• Run On Next Connection if Offline

Page 16: Getting Started with Patching (Patching 101)

Dell World User Forum

Detect and Deploy Schedule

NO

Page 17: Getting Started with Patching (Patching 101)

Dell World User Forum

Detect and Deploy Schedule

Most Important Settings:• Patch Action:

Detect and Deploy

• Machine Selection:

Machine Smart Label

Chassis Type contains Desktop AND

Label Names does not contain Test Machines

• Detect Patch Label Selection

• Deploy Patch Label Selection

• Reboot Options Force Reboot

• Suspend Tasks After X Minutes From Scheduled Start

Page 18: Getting Started with Patching (Patching 101)

Dell World User Forum

Demo: Detect & Deploy Patches

• Patch SchedulingGuided Walk-Through

– Alerts

– Reboot Options

– Patch Schedule Scenarios

Page 19: Getting Started with Patching (Patching 101)

Dell World User Forum

Now what?

Page 20: Getting Started with Patching (Patching 101)

Dell World User Forum

Things to attend to

Verification

Entire ScheduleIndividual Machine

Reporting

Lots of new reports in 6.0ITNinja.com!

Clean-Up

Automatic

Page 21: Getting Started with Patching (Patching 101)

Dell World User Forum

Let’s Take a Look…

• Entire Schedule

Page 22: Getting Started with Patching (Patching 101)

Dell World User Forum

Let’s Take a Look…

• Single Machine

Page 23: Getting Started with Patching (Patching 101)

Dell World User Forum

Let’s Take a Look…

• Patch Reports

Page 24: Getting Started with Patching (Patching 101)

Dell World User Forum

Clean Up Unused Patches

• Eventually many of the currently downloaded patch packages will get deployed to all machines that need them. The K1000 can be configured to delete these “no longer needed” packages.

Delete Unused Patches After X Days:

Deletes Patch Package Files

Keeps Patch Signature Files

Patches Will Continue to be Detected

If Ever Needed Again, Will Be Downloaded Again

Page 25: Getting Started with Patching (Patching 101)

Dell World User Forum

Review

Patching Success

OS

Office

Adobe

JAVA

Subscription Settings

• Select OSes, SP-levels, Architectures

• Select Languages

• Select Patch Types

Get (thousands of ) Patch Signature Files

DetectAll

Patches

• Detect All Patches on All Machines

Build List of All Patches Needed by Each Machine

Download Packages

• Set K1000 to Download Patches Detected As Missing

(Very few ) Packages Get Downloaded

SchedulePatch

Deployments

• Deploy *All Patches* to Test Machines

• Label +30 Day Old Patches / Unwanted Patches (JRE,iTunes, etc.)

• Deploy *Labeled Patches* to Production Environment

Your Machines Get Patched!

Verification & Clean-Up

• Follow-Up Investigation of Selected Machines / Bulk Reporting

K1000 Cleans-Up Unused Patches

Page 26: Getting Started with Patching (Patching 101)

Dell World User Forum

Round-Table Discussion

Topics for discussion:

• Scenarios Not Discussed

– Example: Urgent Patch Deployment (zero day)

• ITNinja Patch Reports

• KACE KB Patch Reports

Page 27: Getting Started with Patching (Patching 101)

Dell World User Forum

Thank you.

Page 28: Getting Started with Patching (Patching 101)

Dell World User Forum

KACE Support Portal Migrating to Dell Software Support Portal

• Starting in November, all KACE Support Portal material will be migrated to the Dell Software Support Portal

• All service requests will be submitted online or by phone

• Same great content

– Knowledge base articles

– Video tutorials

– Product documentation

– JumpStart training

• Check out the Support Portal Getting Started videos