HP Insight Vulnerability and Patch Manager Software User Manual
HP Insight Vulnerability and Patch Manager software 6.0 User Guide
HP Part Number: 579547-001
Published: January 2010, First Edition
© Copyright 2005, 2009 Hewlett-Packard Development Company, L.P.
Legal Notices
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Acknowledgments
Microsoft, Windows, Windows Vista, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation.
Intended audience
This document is for the person who installs and configures servers and storage systems. HP assumes you are qualified in the servicing of computer
equipment and trained in recognizing hazards in products with hazardous energy levels.
Table of Contents
1 Introduction...............................................................................................6
Vulnerability and Patch Manager features...................................................................................................6
Service name changes.............................................................................................................................7
2 Using Vulnerability and Patch Manager.........................................................9
Prerequisites...........................................................................................................................................9
Accessing Vulnerability and Patch Manager...............................................................................................9
Using the interface..................................................................................................................................9
Acquiring updates.................................................................................................................................10
Scanning for vulnerabilities....................................................................................................................11
Deploying patches................................................................................................................................12
Reviewing Vulnerability and Patch Manager events....................................................................................12
Scan events.....................................................................................................................................12
Patch events....................................................................................................................................13
Acquisition events............................................................................................................................14
Miscellaneous events........................................................................................................................14
Using the Change VPM Credentials Utility................................................................................................15
3 Backing up and restoring Vulnerability and Patch Manager............................16
Backing up components.........................................................................................................................16
Restoring components ...........................................................................................................................16
Reinstalling Vulnerability and Patch Manager to a new host........................................................................16
4 Uninstalling Vulnerability and Patch Manager..............................................17
Remaining Vulnerability and Patch Manager files......................................................................................17
Reinstalling Vulnerability and Patch Manager ...........................................................................................18
5 Troubleshooting........................................................................................19
Uninstalling Vulnerability and Patch Manager...........................................................................................19
Remaining Vulnerability and Patch Manager files.................................................................................20
Reinstalling Vulnerability and Patch Manager......................................................................................20
Vulnerability scans................................................................................................................................20
Vulnerability and Patch Manager cannot access target systems..............................................................20
Windows..................................................................................................................................20
Windows XP..............................................................................................................................20
Linux target systems.....................................................................................................................21
Scan reports cannot be viewed..........................................................................................................21
A scan was submitted but never started..............................................................................................21
Scan results are inaccurate because of overlapping tasks.................................................................21
Current patch information is not displayed in scan reports................................................................21
Patches................................................................................................................................................21
Patches fail to download with a timeout error ......................................................................................21
VPM Patch Agent installation fails.......................................................................................................22
A patch acquisition was started, but no patches are visible...................................................................22
HTTP 300 errors received during patch acquisition...............................................................................22
Patches appear in a scan report but are not successfully deployed..........................................................23
Check for missing patches.................................................................................................................23
Validating VPM Patch Agent installation..............................................................................................23
Patch installation status reports are not current or do not match information that appears in scan reports......23
Other tools report that a Windows system is patched, but Vulnerability and Patch Manager reports patches
needed..........................................................................................................................................23
Patch source for vendor patches is Microsoft or Red Hat...................................................................23
Multiple events listed in Systems Insight Manager for patch deployments............................................24
STAT Scanner update error listed in the Systems Insight Manager event log........................................24
Radia internal error listed in the Systems Insight Manager event log...................................................24
“Abuse of Service” error occurs when attempting to acquire Red Hat patches.....................................24
Validate Installed Patches event does not complete ..............................................................................24
Table of Contents 3
Systems Insight Manager integration........................................................................................................24
6 Support and other resources......................................................................25
Information to collect before contacting HP...............................................................................................25
How to contact HP................................................................................................................................25
Registering for software technical support and update service.....................................................................25
How to use your software technical support and update service.............................................................25
Warranty information.......................................................................................................................25
Typographic conventions........................................................................................................................25
Related documents................................................................................................................................26
Index.........................................................................................................27
4 Table of Contents
List of Tables
2-1 Interface access................................................................................................................................9
2-2 Vulnerability and Patch Manager icons..............................................................................................10
2-3 Provided scan definitions..................................................................................................................11
2-4 Vulnerability and Patch Manager scan events.....................................................................................13
2-5 VPM patch events............................................................................................................................13
2-6 VPM acquisition events....................................................................................................................14
2-7 Miscellaneous Vulnerability and Patch Manager events........................................................................14
5
1 Introduction
HP Insight Vulnerability and Patch Manager is an all-in-one vulnerability assessment and patch management
tool integrated into HP Insight Control, simplifying and consolidating the proactive identification and resolution
of issues that impact server availability into one central console.
IMPORTANT: HP is phasing out the HP Vulnerability and Patch Manager software (VPM) from Insight
Control. Technical support will be offered based on the Technical Support and Upgrade offerings for HP
Insight Control sold through November 2009. HP Insight Control licenses include 1 year of Technical Support
& Update, which you can upgrade to 3, 4, or 5 years. Depending on the purchase date of Insight Control
licenses and technical support extension, support for Vulnerability and Patch Manager functionality will end
no later than November 2012.
Starting with the Insight software 6.0 DVD, Vulnerability and Patch Manger will no longer be available.
However, existing users of the vulnerability and patch management capabilities can upgrade to Vulnerability
and Patch Manger 6.0 by downloading the software and manually installing it on the CMS. You can
download the software from Software depot.
Vulnerability and Patch Manager features
• Combined vulnerability assessment and patch management—A single tool seamlessly combines the
assessment and the remediation of vulnerabilities, reducing operational complexity.
• Integration into Systems Insight Manager—Integration enables you to use existing functionality such as
discovery, identification, scheduling, role-based security, notification, and group-based actions,
eliminating the need to recreate these tasks in multiple tools for vulnerability assessment and patch
management.
• Comprehensive vulnerability assessment—Coverage of vulnerabilities reported in all leading vulnerability
databases ensures comprehensive assessment. Vulnerability assessment identifies vulnerabilities reported
in the Common Vulnerabilities and Exposures (CVE) list, the Federal Computer Incident Response Center
(FedCIRC) vulnerability catalog, the SANS Top 20 Internet Security Vulnerabilities list, the Computer
Emergency Response Team (CERT) advisories list, and the U.S. Department of Energy Computer Incident
Advisories Center (CIAC) bulletins.
• Automated acquisition, scheduled deployment, and continuous enforcement of patches:
Automatically collects new vulnerability updates and patches directly from vendor sources, such
•
as a vendor’s web-based patch repository. Updates can be acquired outside the firewall and
imported into the patch repository in infrastructures where firewall policies prevent HTTP and FTP
downloads.
• Scheduled deployment, scheduled reboots after deployment, and checkpoint-restarts ensure that
patches are deployed with minimal impact on network resources and enable patches to be managed
from a central point.
• Unique desired-state management automatically and continuously ensures that patches remain
applied in their proper state. If patches are corrupt, they are automatically reinstalled to bring the
system to the desired level of patches.
The following figure illustrates the Vulnerability and Patch Manager operation model.
Vulnerability and Patch Manager features 6
Service name changes
The following table lists service name changes between Vulnerability and Patch Manager 3.x and 6.x.
Manager items
• ••STAT-SCANNER
version
• Acquisition utility
version
Radia services
Version 6.xVersion 3.xVulnerability and Patch
• 7.8• 7.2• RADIA version
6.4.66.4.5
• •3.0 6.0
• HP CA Configuration Server• HP CA Configuration Server
• •HP CA Messaging Server HP CA Messaging Server
•• HP CA Patch Manager ServerHP CA Patch Manager Server
• •HP Client Automation MSI Redirector HP Client Automation MSI Redirector
•• HP Client Notify DaemonHP Client Notify Daemon
• •HP Client Automation Scheduler Daemon HP Client Automation Scheduler Daemon
SQL Server (GUARDIAN), STATEngineSQL Server (GUARDIAN), STATEngineScanner Services
Service name changes 7
Manager items
Version 6.xVersion 3.xVulnerability and Patch
Stat Engine (for Scanner 6.x only)Stat Engine (for Scanner 6.x only)
• Install command for
Vulnerability and
Patch Manager
• Install Command for
Acquisition tool on
DVD
Other dependency
checks by Vulnerability
and Patch Manager
Vulnerability and Patch
Manager registry keys:
• Key
• Command
installer removed
• \\VPM\WIN_IA32\acquiretool\setup.exe
• •TCP/IP TCP/IP
HP SIM and Vulnerability and Patch Manager
versions, HP SIM 5.3 required
• HKEY_LOCAL_MACHINE\\
SOFTWARE\\Microsoft\\
• HKEY_LOCAL_MACHINE\\
SOFTWARE\\Microsoft\\ • HKEY_LOCAL_MACHINE\\
• Stand-alone GUI installer• Command line with /silent, but stand-alone GUI
• \\VPM\WIN_IA32\acquiretool\setup.exe
• Microsoft® SQL Server• Microsoft® SQL Server
•• HP SIM and Vulnerability and Patch Manager
versions, HP SIM 5.3 and above required,
HP SIM 6.0 recommended
• HKEY_LOCAL_MACHINE\\
SOFTWARE\\Microsoft\\
Windows\\CurrentVersion\\Uninstall\\Windows\\CurrentVersion\\Uninstall\\
Windows\\CurrentVersion\\Uninstall\\HP Vulnerability And Patch Management_is1
HP Insight Vulnerability And Patch Manager_is1
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\
Windows\\CurrentVersion\\Uninstall\\HP Vulnerability And Patch Management_is1
Windows\\CurrentVersion\\Uninstall\\
HP Insight Vulnerability And Patch Manager_is1
8 Introduction
2 Using Vulnerability and Patch Manager
Prerequisites
The following are the prerequisites for using the Vulnerability and Patch Manager software:
• VPM: Microsoft .NET Framework 3.0 is a requirement for accessing the VPM 6.0 functionalities (as a
requirement for the Radia 7.8 version).
• Acquire Tool: Microsoft .NET Framework 3.0 or later for installing the Acquire tool.
NOTE: If the prerequisites are not met, the Acquisition tool pops up a message to install the prerequisite
softwares before installing the Acquire tool.
Accessing Vulnerability and Patch Manager
To access Vulnerability and Patch Manager from the HP SIM toolbar menu, select Vulnerability and Patch
Manager from the HP SIM Deploy, Diagnose, or Options menus.
Table 2-1 Interface access
2
Using the interface
Vulnerability and Patch Manager vulnerability information appears in the VPM column of the HP SIM console,
shown circled in the following figure. Initially, the icon depicted in the column displays Vulnerability and
Patch Manager eligibility information for the target system in the specific row. After target servers are licensed
and a vulnerability scan is performed, the column displays the combined status of the last vulnerability scan
on the target system (patch status does not appear in the column). Click the icon to display detailed information
about the system status of the Vulnerability and Patch Manager.
ActionMenu
Configure settings and acquire updates.1
Perform or customize vulnerability scans, and view scan results, patch installation status, patches installed by
VPM, patch reboot status, and the patch repository.
Deploy patches, validate installed patches, and deploy the VPM Patch Agent.3
Prerequisites 9
Loading...