CA Client Automation - IT Client ManagerCA Client AutomationCA Client Automation - Patch Manager
Issue/Introduction
This documentation outlines the steps for downloading a Patch Management patch and the creation of a DSM Policy for automatic deployment of the patch to 'All computers'.
Environment
Client Automation - All versions
Resolution
Steps:
In the UPM console, click on the 'Patches' tab and look for the desired patch ("CA - Windows 2003 Post SP2 EN 32Bit x86 - FULL Security Rollup v0909.00" in this example). The status of the patch is "Pending User Acceptance".
Fig. 1
Select the patch and choose 'Accept' in the list box. Click GO.
Fig. 2
The status of the patch is set to 'Accepted' and then 'Packaging'. The patch is then downloaded, which could take several minutes depending on the size of the patch. For a patch like ? Full Security Rollup ?, the download time is quite long since multiple patches are downloaded.
Fig. 3
Once the patch download completes, the status is set to ? Testing ?.
Fig. 4
In the DSM Explorer, the package appears under "Software/Software Package Library/Unicenter Patch Management Packages".
Fig. 5
Under ? All Computers and Users/Unicenter Patch Management Groups ? 3 dynamic groups are created:
UPM Patch Found - CA - Windows 2003 Post SP2 EN 32Bit x86 - FULL Security Rollup v0909.00 - ...UPM Patch Not Found - CA - Windows 2003 Post SP2 EN 32Bit x86 - FULL Security Rollup v0909.00 - ...UPM Patch Pending Requirements - CA - Windows 2003 Post SP2 EN 32Bit x86 - FULL Security Rollup v0909.00 ...
Fig. 6
UPM Patch Found: contains all machines which are the patch already installed.UPM Patch Not Found: contains all machines which have not the patch installed.UPM Patch Pending Requirements: contains all machines which have not yet the prerequisites of the patch.
You could "drag & drop" the package on the group ? UPM Patch Not Found ? in order to install the patch on all machines which need it. This is a manual operation and is necessary if new machines come up in the group ? UPM Patch Not Found... ? This can be automated using a ? Patch Policy ?.
For a patch policy, the patch should be in status ? Approved ? in the UPM console:
Fig. 7
In the UPM console, go to the 'Policies' tab and click on the 'ADD' button. Enter the desired name for the policy (Ex : Security Rollup Sep 2009 - W2K3) and click on the 'Select' button.
Fig. 8
Click on the GO button. The list of patches in status ? Approved? is displayed.
Fig. 9
Select the software linked to the patch and click OK. The ? Policy Detail ? windows appears:
Fig. 10
Click on the link ? Patches ? in the left pane and click on the 'ADD' button. The list of patches with status ? Approved ? is displayed. Select the patch and click OK (? Add and select more ? button could also be clicked if others patches need to be added).
Fig. 11
Click OK. The page ? Policy Detail ? appears with the selected patch.
Fig. 12
Select the ? Targets ? link in the left pane. Select ? All Targets ? and click on the arrow icon in order to move ? All Targets ? group to the right list box.
Fig. 13
Under the ? Deployment Options ? link in the left pane, it is possible to modify the default parameters for the policy. Click OK.
Fig. 14
The status of the patch is set to ? Building ?. After some time, the policy is created and evaluated.
Fig. 15
In the DSM Explorer, under ? Policies/Software Based ? the new policy appears: UPM - Security Rollup Sep 2009 - W2K3 -... ? This policy contains a job corresponding to the patch.
Fig. 16
By default the policy is evaluated every 24 hours and a job container is automatically created and evaluated with all the violating machines. After every 24 hours a SD job will be sent to all machines which do not have patch installed.