There is an identified need to be able to have a near immediate delivery of patches to freshly deployed Operating Systems.
How do I expedite the distribution of patches to these machines?
It is recommended to use a Staging Symantec Management Platform server to perform the initial deployment of new client machines where a high frequency Patch Management Vulnerability scan is required.
Machines can be built against the staging server, patched quickly using high frequency refresh cycles and then moved to the production Symantec Management Platform server for on-going management.
It is not possible on a single server managing a medium to large number of end points to increase the frequency of the Patch Management Vulnerability scans and the Altiris Agent policy refresh intervals due to the amount of data which is processed against all resources.
Details for each configuration item which needs to be modified on the Staging Server and the reasons for using a Staging Server are below.
Altiris Agent Download new configuration interval.
- This is located within Settings > Agents/Plug-ins > Altiris Agent > Settings > Altiris Agent Settings - Targeted.
- This interval is recommended to be scaled up to several hours for larger implementations.
- This setting affects how often an agent requests a policy update from the server. It is dependent upon the Policy Update Schedule.
Vulnerability Analysis scans.
- There are four is located within
- Settings > Software > Patch Management > Microsoft Settings > Microsoft Vulnerability Analysis.
- Settings > Software > Patch Management > Adobe Settings > Adobe Vulnerability Analysis
- Settings > Software > Patch Management > Novell Settings > Default Novell Inventory Policy
- Settings > Software > Patch Management > Red Hat Settings > Default red Hat Inventory Policy
- These have a default 4 hour interval.
- This setting affects how often a client machine will perform a vulnerability scan and send the results to the server.
- This setting affects all resources and cannot be partitioned to a subset of resources.
- These policies cannot be disabled. This is by design.
These schedules perform a refresh on specific data for all resources and cannot be partitioned to refresh the data for a subset of resources.
Patch Filter Update Interval.
- This is located within Settings > Software > Patch Management > Microsoft Settings > Microsoft.
- This defaults to a 10 minute schedule interval and is recommended to be scaled up to several hours for larger implementations.
- This settings affects how often the client Vulnerability Analysis results are processed.
- This processing needs to be completed prior to a Policy Update Shcedule to allow software update agent policies to be merged into the Altiris Agent configuration.
Policy Update Schedule.
- This is located within Settings > Notification Server > Resource and Data Class Settings > Resource Membership Update.
- This defaults to a 10 minute schedule and is recommended to be scaled up to several hours for larger implementations.
- This setting affects how often the server refreshes client policy configuration settings for delivery to clients.
Also see KB Article ID: 48264 - Creating a Staging NS for Patch Management