How it Works
Novell
Loading...
ZENworks 10 Patch Management SP3
Installation Guide
102 pgs2.87 Mb0
Table of contents
Loading...

Novell ZENworks 10 Patch Management SP3 Installation Guide

Novell®
www.novell.com
Reference
ZENworks® 10 Patch Management SP3
novdocx (en) 16 April 2010
AUTHORIZED DOCUMENTATION
10.3
August 26, 2010

ZENworks 10 Patch Management Reference

Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
novdocx (en) 16 April 2010
Copyright © 2007-2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 16 April 2010
novdocx (en) 16 April 2010
4 ZENworks 10 Patch Management Reference
Contents
About This Guide 7
1 Getting Started with ZENworks 10 Patch Management 9
1.1 Downloading Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Deploying a Patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3 Setting a Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5 Patch Download Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 Patch Management Overview 13
2.1 Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Patch Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3 Features of Patch Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
novdocx (en) 16 April 2010
3 Using Patch Management 17
3.1 Viewing Subscription Service Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2 Configuring HTTP Proxy Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.3 Configuring Subscription Download Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.4 Configuring Mandatory Baseline Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.5 Patch Management Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4 Using the Patch Management Tab 31
4.1 Viewing Patches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.2 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3 Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.3.1 Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3.2 Cache Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.4 Using the Patches Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.4.1 Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.4.2 Patch Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.4.3 Searching for a Patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.4.4 Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.5 Patch Management BOE Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5 Using the Deploy Remediation Wizard 49
5.1 Creating a Deployment Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2 Confirm Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.2.1 Confirm Devices: All Non-patched Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.2.2 Confirm Devices: Select Applicable Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.2.3 Confirm Devices: Select Devices, Folders, and Groups . . . . . . . . . . . . . . . . . . . . . . 52
5.3 License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.4 Remediation Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
5.4.1 Remediation Schedule: Now . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.4.2 Remediation Schedule: Date Specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Contents 5
5.4.3 Remediation Schedule: Recurring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.5 Deployment Order and Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
5.6 Remediation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
5.7 Advanced Remediation Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5.8 Pre Install Notification Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
5.9 Notification and Reboot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5.10 Deployment Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6 Using Mandatory Baselines 71
6.1 About Mandatory Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.1.1 Viewing Mandatory Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.1.2 Using the Mandatory Baseline Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.2 Working with Mandatory Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
6.2.1 Assigning or Managing a Mandatory Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.2.2 Removing a Mandatory Baseline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.2.3 Using Update Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
7 Patch Management for a Device 79
novdocx (en) 16 April 2010
7.1 Accessing the Patches Tab for a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
7.2 Using the Patches Tab for a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
7.2.1 Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.2.2 Patch Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.2.3 Total Number of Patches Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
7.2.4 Patch Impacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
7.2.5 Patch Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
7.2.6 Action Menu Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
7.2.7 Searching Patches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
7.2.8 Patch Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.2.9 Workstation Device Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
8 Patch Management for a Device Group 91
8.1 Using the Patches Tab within a Server Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
8.2 Using the Patches Tab within a Workstation Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
A Troubleshooting Patch Management 95
A.1 Patch Management Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
A.2 Configuration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
B Documentation Updates 101
B.1 August 26, 2010: SP3 (10.3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
B.2 March 30, 2010: SP3 (10.3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
6 ZENworks 10 Patch Management Reference

About This Guide

This Patch Management Reference includes information to help you successfully install a Novell ZENworks 10 Patch Management system. The information in this guide is organized as follows:
Chapter 1, “Getting Started with ZENworks 10 Patch Management,” on page 9
Chapter 2, “Patch Management Overview,” on page 13
Chapter 3, “Using Patch Management,” on page 17
Chapter 4, “Using the Patch Management Tab,” on page 31
Chapter 5, “Using the Deploy Remediation Wizard,” on page 49
Chapter 6, “Using Mandatory Baselines,” on page 71
Chapter 7, “Patch Management for a Device,” on page 79
Chapter 8, “Patch Management for a Device Group,” on page 91
Appendix A, “Troubleshooting Patch Management,” on page 95
Appendix B, “Documentation Updates,” on page 101
novdocx (en) 16 April 2010
Audience
This guide is intended for ZENworks administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to the Novell Documentation Feedback site (http://www.novell.com/
documentation/feedback.html) and enter your comments there.
Additional Documentation
ZENworks 10 Configuration Management is supported by other documentation (in both PDF and HTML formats) that you can use to learn about and implement the product. See the ZENworks 10
Configuration Management SP3 documentation Web site (http://www.novell.com/documentation/ beta/zcm10).
About This Guide 7
novdocx (en) 16 April 2010
8 ZENworks 10 Patch Management Reference
1
Getting Started with ZENworks 10
novdocx (en) 16 April 2010
Patch Management
Patch Management is a fully integrated feature of Novell ZENworks 10 that provides the same agent-based patch, vulnerability patch, and compliance management solution that was used in prior versions.
The ZENworks Server schedules a Discover Applicable Updates (DAU) task for all ZENworks managed devices (servers and workstations) and compiles information on the operating system, hardware, and software.
The results of the scan are sent to the ZENworks Server and can be viewed anytime in the Patches section under the Patch Management tab or in the Devices tab even if a workstation is disconnected from your network.
Based on the above information, it is determined whether the patches are applicable for each device. If applicable, the ZENworks Adaptive Agent performs another scan by using the patch fingerprints incorporated into each patch to determine the device’s patch status (Patched or Not Patched) in relation to that patch. The results of the scan are posted under the Patch Management tab of the ZENworks Control Center, for review by an administrator.
After patch status is established, the ZENworks administrator can deploy the desired patch to each applicable device on the network.
1
The following features are included in ZENworks 10 Patch Management SP3:
Section 1.1, “Downloading Patches,” on page 9
Section 1.2, “Deploying a Patch,” on page 9
Section 1.3, “Setting a Baseline,” on page 9
Section 1.4, “Dashboard,” on page 10
Section 1.5, “Patch Download Status,” on page 11

1.1 Downloading Patches

Before you start downloading a patch, configure the downloading options in the Configuration tab. For more information, see Section 3.3, “Configuring Subscription Download Details,” on page 22.

1.2 Deploying a Patch

To deploy a patch, you can use the Deploy Remediation Wizard. For more information, see
Chapter 5, “Using the Deploy Remediation Wizard,” on page 49.

1.3 Setting a Baseline

To set a baseline, you must ensure that a group of devices is protected and that all the devices in the group are patched consistently. For more information, see Chapter 6, “Using Mandatory Baselines,”
on page 71.

Getting Started with ZENworks 10 Patch Management

9

1.4 Dashboard

The Dashboard tab contains graphs that allow users a direct overview of the devices in the network. For more information, see Section 4.2, “Dashboard,” on page 32.
Figure 1-1 Dashboard Page
novdocx (en) 16 April 2010
10 ZENworks 10 Patch Management Reference

1.5 Patch Download Status

The Status page consists of the system and cache statuses, which show the overall patch information. For more information, see Section 4.3, “Status,” on page 34.
Figure 1-2 Status Page
novdocx (en) 16 April 2010
Getting Started with ZENworks 10 Patch Management 11
novdocx (en) 16 April 2010
12 ZENworks 10 Patch Management Reference
2

Patch Management Overview

Novell ZENworks 10 Patch Management is a part of the ZENworks 10 product line that provides a fully integrated version of leading patch and patch management solutions for medium and large enterprise networks. Patch Management enables customers to easily translate their organizational security patch policies into automated and continuous protection against more than 90% of vulnerabilities that threaten today’s enterprise networks. By providing the most accurate and timely vulnerability assessment and patch management available, Patch Management ensures that policy measurement and security audits are a true representation of network security status.
Section 2.1, “Product Overview,” on page 13
Section 2.2, “Patch Management Process,” on page 14
Section 2.3, “Features of Patch Management,” on page 15

2.1 Product Overview

novdocx (en) 16 April 2010
2
Patch Management is a fully integrated feature of the configuration management suite that provides the same agent-based patch, vulnerability patch, and compliance management solution that was used in prior stand-alone versions such as ZENworks Patch Management 6.4.
Patch Management provides rapid patch remediation, allowing you to proactively manage threats by automating the collection, analysis, and delivery of patches throughout your heterogeneous enterprise to secure end points.
The ZENworks Server has a Web-based management user interface known as ZENworks Control Center. Its Patch Management feature allows you to monitor and maintain patch compliance throughout the entire enterprise. The ZENworks 10 Configuration Management Primary Server can deploy a ZENworks Adaptive Agent on every client system in the target network, ensuring that all systems are protected with the latest security patches, software updates, and service packs.
The Patch Management feature stays current with the latest patches and fixes by regular communication with the ZENworks Patch Subscription Network through a secure connection. After the initial 60-day free trial period, the Patch Management feature requires a paid subscription to continue its daily download of the latest patch and vulnerability information.
When a new patch is released into the ZENworks Patch Subscription Network, it is downloaded automatically to the ZENworks Server and an e-mail is sent to the administrator. When the administrator logs in to the ZENworks Control Center, the list of devices and the new patches that require deployment can easily be viewed along with the description and business impact. At this time, the administrator can choose to deploy the patch to a device or disregard the patch.
Patch Management Overview
13

2.2 Patch Management Process

The following process map demonstrates how patch information is communicated between the ZENworks Server and the ZENworks Adaptive Agent:
Figure 2-1 Process Map
novdocx (en) 16 April 2010
The patch detection cycle begins each day at the ZENworks Server where a Discover Applicable Updates (DAU) task is scheduled for all ZENworks managed devices (servers and workstations).
For all patches in the DAU task, the ZENworks Adaptive Agent performs patch detection by using the patch fingerprints incorporated into each individual patch, which determines the status (Patched, Not Patched, or Not Applicable) of that patch.
14 ZENworks 10 Patch Management Reference
The results of the patch detection scan are sent to the ZENworks Server and can be viewed anytime in the Patches section under the Patch Management tab or in the Devices tab, even if a workstation is disconnected from your network.
After completion of the patch detection cycle, the ZENworks administrator can deploy the desired patches to each applicable device on the network.

2.3 Features of Patch Management

Patch Management has the world's largest repository of automated patches, including patches for all major operating systems and various third-party applications. Patch Management features an agent­based architecture, patch package pre-testing, highly scalable software, and easy-to-use features that allow customers to patch 13 times faster than the industry average.
Its patented Digital Fingerprinting Technology provides a highly accurate process for patch and vulnerability assessment, remediation and monitoring—leaving no systems open to attack. Remediation is fast and accurate with wizard-based patch deployments, support for phased rollouts, rapid verification of patch installations, and more. Patch Management continuously monitors end points to ensure that they achieve patch compliance quickly and then stay patched over time.
novdocx (en) 16 April 2010
With Patch Management, you can be sure that your systems are effectively patched and compliant for successful IT and regulatory audits. Patch Management creates a Patch Fingerprint Profile that includes all missing patches for that machine, ensuring the continued compliance of each end point. Each end point is then continually monitored to make sure it stays patched. Administrators can also establish a mandatory baseline to automatically remediate end points that do not meet defined patch levels, which is a key aspect of regulatory compliance. In addition, because many organizations need to demonstrate patch compliance, Patch Management provides standard reports that document changes and demonstrate progress toward internal and external audit and compliance requirements.
The following table describes the important features of Patch Management:
Table 2-1 Patch Management Features
Feature Description
Patented multi-platform patch management Enables security of all operating systems and
applications within heterogeneous networks, including Windows (32-bit and 64-bit) and Linux distributions. US Pat #6999660.
World's largest automated patch repository Provides the largest repository of tested patches to
support all major operating systems and applications used in the enterprise.
Extensive pre-testing Reduces the amount of development and testing
required prior to patch deployment.
Agent-based architecture Protects laptop and mobile devices that are often
disconnected from the network, and reduces network bandwidth usage.
Automatic notifications Distributes e-mail alerts directly to administrators
for proactive security and administrative management.
Patch Management Overview 15
Feature Description
Patch fingerprint accuracy Ensures the highest level of accuracy in the
detection of security patches.
Multi-patch deployments Delivers multiple patches to multiple computers in
one distribution to increase IT productivity.
Flexible application reporting Audits and reports on the status of the
organization's security.
Policy-based administration Ensures that all systems meet a mandatory
baseline policy, which is a key aspect of regulatory compliance.
novdocx (en) 16 April 2010
16 ZENworks 10 Patch Management Reference
3

Using Patch Management

Novell ZENworks 10 Patch Management provides current information about your subscription status and allows you to activate and configure your subscription.
The following sections further introduce you to the capabilities of Patch Management:
Section 3.1, “Viewing Subscription Service Information,” on page 17
Section 3.2, “Configuring HTTP Proxy Details,” on page 20
Section 3.3, “Configuring Subscription Download Details,” on page 22
Section 3.4, “Configuring Mandatory Baseline Settings,” on page 25
Section 3.5, “Patch Management Licensing,” on page 27

3.1 Viewing Subscription Service Information

novdocx (en) 16 April 2010
3
1 Click the Configuration tab in the left panel.
The Configuration page appears as shown in the following figure:
2 Click Patch Management.
Using Patch Management
17
Four links—Subscription Service Information, Configure HTTP Proxy, Subscription Download and Mandatory Baseline Settings—are displayed:
novdocx (en) 16 April 2010
3 Click the Subscription Service Information link.
The Subscription Service Information page appears, as shown in the following figure:
The Subscription Service Information page displays all the information about your subscription, including the status. You can also update your subscription settings on this page.
You can refresh the subscription information by clicking the Action drop-down list on the Subscription Information page and selecting the Refresh option, as shown in the following figure:
18 ZENworks 10 Patch Management Reference
The following table describes each status item featured on the Subscription Service Information page:
Status Item Definition
Start the Subscription Service Enables you to select a server from multiple servers in your
management zone. You select a server from the drop-down list and click the Start button to start the subscription service.
After the subscription service starts running, the Start
button reads Service Running.
If there are multiple ZENworks Servers in your
management zone, you can select any one of them to be the Patch Management Server.
The Patch Management Server selected will download new patches and updates daily, so it should have good connectivity to the Internet.
NOTE: Selecting the Patch Management Server can be done only once per zone in this release.
novdocx (en) 16 April 2010
Last Subscription Poll The date and time of the last successful update.
Subscription Replication Status The latest status of the process of patch subscription
replication.
Subscription Host The DNS name of the Patch Management licensing server
(http://novell.patchlink.com).
Subscription Communication Interval (Every Day at)
Reset ZENworks Patch Management Settings
The time at which the ZENworks Server will communicate with the ZENworks Patch Subscription Network to retrieve new patches and updates.
Enables you to set all Patch Management settings, including deployments, back to the default state.
The following table describes the action of each button on the page:
Button Action
OK Enables you to go back to the Configuration page.
Apply Enables you to save the changes made to the Subscription Communication
Interval.
Reset Enables you to reset the replication status and initiate a complete replication
with the ZENworks Patch Subscription Network.
Update Now Initiates replication of the ZENworks Server with the ZENworks Patch
Subscription Network and forces an immediate download of the patch subscription.
Cancel Enables you to cancel the last action performed.
Using Patch Management 19
The Subscription Service History section displays the activity log of the subscription activities. The following table describes each item featured in this section.
Item Definition
Type Subscription type defined for your account: Patches (Subscription
Replication), Bundles (Subscription Replication), and Licenses.
Status Status of the replication. When replication begins, the status reads In
Progress. When replication ends, the status reads Complete.
NOTE: If the replication process is interrupted, the status reads
Resetting. This indicates that the replication process has continued from the point where it was interrupted.
Start Date The date and time when replication started.
End Date The date and time when replication ended.
Duration The length of time the replication has been going on.
Successful Indicates whether the replication was successful or not. True indicates
successful replication and False indicates incomplete or failed replication.
novdocx (en) 16 April 2010
Error Detail (if any) Details of any error encountered during the patch download process.

3.2 Configuring HTTP Proxy Details

1 Click the Configuration tab in the left panel to display the Configuration page:
20 ZENworks 10 Patch Management Reference
2 Click Patch Management to display the four links (Subscription Service Information,
Configure HTTP Proxy, Subscription Download and Mandatory Baseline Settings):
novdocx (en) 16 April 2010
3 Click the Configure HTTP Proxy link. The Proxy Server Details page appears:
The Proxy Server Details page enables you to configure an HTTP proxy for access to Internet patch subscriptions. The HTTP proxy server allows Patch Management to download the subscription service over the Internet.
The following table describes each field on the Proxy Server Details page:
Item Description
Proxy Host The proxy address used to connect to the ZENworks Patch
Subscription Network.
Port The proxy port used to connect to ZENworks Patch
Subscription Network.
Requires Authentication Selecting this check box ensures that the Proxy server can
be used only after user authentication. If you select the check box, the User Name and Password fields are enabled.
Using Patch Management 21
Item Description
User Name User’s name used for authentication.
Password User’s password used for authentication.
Confirm Password User’s password for confirmation.
The following table describes the action of each button on the page:
Button Action
OK Enables you to go back to the Configuration page.
Apply Enables you to save the data entered in the text fields.
Reset Enables you to reset the data entered in the text fields.
Cancel Enables you to cancel the last action performed.

3.3 Configuring Subscription Download Details

novdocx (en) 16 April 2010
1 Click the Configuration tab in the left panel to display the Configuration page:
22 ZENworks 10 Patch Management Reference
2 Click Patch Management to display the four links (Subscription Service Information,
Configure HTTP Proxy, Subscription Download and Mandatory Baseline Settings):
novdocx (en) 16 April 2010
3 Click the Subscription Download link to display the Subscription Download Options page:
The Subscription Download Options page allows you to configure the subscription download options for the Patch Management Server. You can select the languages that are used within your network to ensure that you only download the patches that are most applicable for your organization. The next time patch replication occurs, only those patches specific to the selected languages are downloaded, thereby saving download time and disk space on your Patch Management Server.
NOTE: Novell does not recommend selecting all languages because each language can represent hundreds of patches. Downloading unnecessary languages can result in thousands of unused patch definitions within your ZENworks Primary Server database that would then need to be disabled in the Patch Management tab.
Using Patch Management 23
The following table describes each option on the Subscription Download Options page:
Item Description
Choose your language options Enables you to select the language of patches you
want to download. For example, if you select the French check box, only French language patches are downloaded.
Mix Multiple Languages Enables you to combine all languages into each
Discover Applicable Updates Assignment (not recommended).
SSL Enables you to turn secured downloading of patch list
information on or off. The recommended setting is On.
Cache patch bundles to satellites Enables you to cache patch bundles to the servers or
workstations that are managed by Primary Servers.
Cache patch bundles to primary servers Enables you to cache patch bundles to Primary
Servers only.
novdocx (en) 16 April 2010
IMPORTANT: Customers with larger network environments should select both Cache Patch Bundles to Satellites and Cache Patch Bundles to Primary Servers for optimal distribution of
patches and the daily Discover Applicable Updates task within their environment. Not selecting these options could cause very slow and inefficient delivery of these patch bundles within a highly distributed WAN environment.
Within an enterprise network environment, the customer usually installs more than one ZENworks 10 Configuration Management Primary Server. Although only one of these servers can be used to download patches, every Primary Server has a cache of patch bundle content for distribution to the agents that are closest to it within the zone. Thus, when an agent wants to get a bundle, it can get the bundle directly from its closest Primary Server rather than the Primary Server where the patches were downloaded.
In addition, the satellites that are installed within the customer network can also serve as a cache for bundle content. If an agent is at a remote branch office with a satellite, it can get its content directly from the satellite rather than the Primary Server where patches were downloaded.
The following table describes the action of each button on the page:
Button Action
OK Enables you to go back to the Configuration page.
Apply Enables you to save the changes made to the page.
Reset Enables you to reset the selected options.
Cancel Enables you to cancel the last action performed.
24 ZENworks 10 Patch Management Reference
Best practices recommendations for using the patch subscription:
Customers should always disable patches that they no longer require, because this minimizes
the volume of patch scan data stored each day, as well as the time taken to scan each of the endpoint devices.
We highly recommend that customers cache only the patches they need. When a patch is
cached to the Primary Server where patches are downloaded, it needs to be copied to all Primary Servers and satellites within the zone. Downloading all patches wastes space and bandwidth within the ZENworks 10 Configuration Management content distribution network.

3.4 Configuring Mandatory Baseline Settings

1 Click the Configuration tab in the left panel to display the Configuration page:
novdocx (en) 16 April 2010
2 Click Patch Management to display the four links (Subscription Service Information,
Configure HTTP Proxy, Subscription Download, and Mandatory Baseline Settings):
Using Patch Management 25
3 Click the Mandatory Baseline Settings link to open the Mandatory Baseline Settings page.
novdocx (en) 16 April 2010
The Mandatory Baseline Settings page allows you to completely control deployment of mandatory baseline patches. For example, you can decide whether or not to automatically reboot the machine when a baseline patch is applied. The page also enables you to set global options for installation of mandatory baseline patches.
The page displays the following options:
Enable auto reboot of mandatory baseline: Select this option to enable an automatic reboot
of the machine when a mandatory baseline patch is applied.
NOTE: The auto reboot option is not applied to patches that do not require rebooting after installation.
Message Box: The text of the notification message.
Options: When you define auto reboot options, you can specify whether to use the values in
the default settings or the custom settings. There are four options:
Suppress Reboot: Allows the user to prevent rebooting after installation of a patch.
Allow User to cancel: Allows the user to cancel the reboot process.
Time to show dialog before reboot: The time in seconds for users to choose whether to
reboot the machine after installation of a patch.
Allow User to snooze: This option allows the user to snooze the reboot.
The page also contains the following buttons:
Button Action
OK Takes you back to the Configuration page.
26 ZENworks 10 Patch Management Reference
Button Action
Apply Saves the changes made to the page.
Reset Resets the selected options.
Cancel Cancels the last action.

3.5 Patch Management Licensing

1 Click the Configuration tab in the left panel to display the Configuration page:
novdocx (en) 16 April 2010
2 If necessary, expand the Licenses section:
3 Click ZENworks 10 Patch Management.
Using Patch Management 27
The Patch Management License page allows you to view and verify the patch management subscription for the ZENworks Primary Server. The page also allows you to activate or renew your paid subscription if it has expired, and provides a summary of all subscription elements that are part of your patch management activities. This information is updated after each replication with the Patch Management Subscription Service.
IMPORTANT: If you are upgrading from a prior version of Patch Management, you can use your existing Patch Management subscription serial number after your Patch Management 10.1 server has been uninstalled.
Patch Management provides a 60-day free trial period. You do not need to enter a serial number unless you have purchased the product or the 60-day free trial has expired.
To continue using the patch management features of the ZENworks Control Center after your 60­day free trial has ended:
1 Enter a valid subscription serial number for Patch Management along with the company name
and e-mail address.
2 Revalidate the subscription serial number.
novdocx (en) 16 April 2010
The license record is now valid, and displays its description, purchase date, vendor, effective date, and expiration date.
To validate the serial number and obtain the authorization to download patches, the Primary Server on which patch subscription is being downloaded must have port 443 (HTTPS) access to https:// novell.patchlink.com/update.
The Patch Management content distribution network is a global cache infrastructure with many servers. Downloading patches from this network requires port 80 (HTTP) access to http:// novell.cdn.lumension.com/novell/baretta.xml. For security reasons, it is also recommended that SSL access to the internet should be allowed. The SSL option is enabled by default and downloads the lists of patches from a secure and trusted site.
You should use nslookup to discover the local IP address for your nearest content distribution node. The content distribution network has over 40,000 cache distribution servers worldwide, plus multiple redundant cache servers in each geographic location. It is important to allow access to a range of addresses through the firewall.
The following table describes each field on the Subscription Serial Number page:
Table 3-1 Patch Management License Items
Item Definition
Activate product Activates the patch management service. The Patch Management
tab is restored in the main panel and the Patch Management section is restored in the Configuration panel.
Deactivate product Deactivates the patch management service. The Patch
Management tab is removed from the main panel and the Patch Management section is removed from the Configuration page.
Product Subscription Serial Number Patch Management license number (serial number).
28 ZENworks 10 Patch Management Reference
Item Definition
Company Name Name of the company that Patch Management Service is
registered to.
Email Address E-mail address that you can use for receiving alerts and for future
communications.
Account ID Key created by the ZENworks Server, which is passed to the Patch
Management Subscription Service and used to validate the update request.
Total Non-Expired Licenses Total number of active licenses. Each registered device requires
one license.
Description The description of the license or the name of the license.
Status Status of license verification. When verification begins, the status
reads Initializing Verification. When replication ends, the status reads Completed.
Vendor The source where the license was purchased.
novdocx (en) 16 April 2010
Expiration The date the licenses expire. Typically, licenses expire one
calendar year from the date of purchase.
Purchased The total number of licenses purchased with the product.
The Patch Management serial number can be entered only once. When you have entered the serial number, you can verify the license by clicking the Action drop-down list on the Patch Management License page and selecting Verify License. To start the license verification process, click Apply. Automatic verification of the license happens every day with the replication process.
Figure 3-1 Verify License option
To start the license verification process, click Apply.
Figure 3-2 Verify License message box
The Veri f y Li ce nse message box indicates that the verification of the subscription license is complete or the license has expired.
NOTE: You can check the resultant license verification status under the Subscription Service History panel on the Subscription Service Information page. When verification begins, the status
column reads Initializing Verification. When verification ends, the status column reads Completed. The Successful column indicates whether the verification was successful or not. True indicates successful verification and False indicates incomplete or failed verification.
Using Patch Management 29
The following table describes the action of each button on the Patch Management License page:
Table 3-2 Buttons on the Patch Management License Page
Button Action
OK Enables you to go back to the Configuration page.
Apply Enables you to start the license verification process.
Reset Enables you to reset the data entered in the text fields.
Cancel Enables you to cancel the last action performed.
novdocx (en) 16 April 2010
30 ZENworks 10 Patch Management Reference
Loading...
+ 72 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use