KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Subscribing to patches and configuring download settings

Subscribing to patches and configuring download settings

To establish a patching workflow, you can subscribe to patches and configure patch download settings.

Subscribe to patches

Subscribe to patches

You can subscribe to patches for the operating systems and applications on your managed devices.

Before you subscribe to and download patches, identify the operating systems and applications installed on managed devices, and verify patching requirements. See View details about operating systems and applications.

1.
Go to the Patch Subscription Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Patch Management panel, click Subscriptions.
2.
The Patch Status section provides several details about the latest patch download and appliance disk space. Here you can also determine if newly downloaded patches should be marked as active or inactive by default.

Option

Description

Activate New Patches

Mark new patches as Active. This setting enables patches that match your subscription settings after every download. If this option is not selected, new patches are marked as Inactive. This enables you to test patches before they are deployed.

3.
Specify the Subscription settings. The operating systems and locales specified in the subscription control the patches that are downloaded.

Option

Description

Windows Operating Systems

Download patches for the selected Windows operating systems. Click the edit button to manage the list of operating systems: . Select All Windows in Inventory to select the Windows operating systems based on managed devices. To ignore Windows operating system patches, select Disabled. Or, select the check boxes next to one or more Windows operating systems.

Selected items are displayed after you save the settings.

Mac Operating Systems

Download patches for the selected Mac operating systems. Click the edit button to manage the list of operating systems: . Select All Mac in Inventory to select the Mac operating systems based on managed devices. To ignore Mac operating system patches, select Disabled. Or, select the check boxes next to one or more Mac operating systems.

Selected items are displayed after you save the settings.

Locales

Download patches for the selected languages. Click the edit button to manage the list of locales: . Select All Locales to download patches regardless of the locale or select the check boxes next to one or more locales.

Selected items are displayed after you save the settings.

4.
Specify the Operating System Patches settings. These settings are used to determine the patch status once the patch files are downloaded. The patch status can be active, inactive, or disabled.

Option

Description

Types

Subscribe to security or non-security type operating system patches. Click the edit button to manage the selected types: . Select All Types to select both security and non-security patches. To ignore the patch type, select Disabled. Or, select the check boxes next to one or more patch types.

Selected items are displayed after you save the settings.

Impacts

Subscribe to patches based on an operating system's patch impact. This can be Critical or Recommended. Click the edit button to manage the selected impacts: . Select All Impacts to select both Critical and Recommended patches. Or, select the check boxes next to one or more patch impacts.

Selected items are displayed after you save the settings.

5.
Specify the Application Patches settings. These settings are used to determine the patch status once the patch files are downloaded. This can be active, inactive or disabled.

Option

Description

Types

Subscribe to security, non-security or software installer type application patches. Click the edit button to manage the selected types: . Select All Types to select security, non-security and windows installer patches. To ignore the patch type, select Disabled. Or, select the check boxes next to one or more patch types.

Selected items are displayed after you save the settings.

Publishers

Subscribe to applications patches based on its vendor. Click the edit button to manage the selected types: . Select All Publishers to select patches from all available publishers. Or, select the check boxes next to one or more publishers.

Selected items are displayed after you save the settings.

Impacts

Subscribe to patches based on an applications patch impact. The impact can be Critical or Recommended. Click the edit button to manage the selected impacts: . Select All Impacts to select both Critical and Recommended patches. Or, select the check boxes next to one or more patch impacts.

Selected items are displayed after you save the settings.

6.
Specify the subscription's Advanced Options.

Option

Description

Labels

Download only those patches that match the selected labels. Click Manage Associated Labels to select the labels.

This refinement is important when disk space is limited. If the total disk space required for selected patches exceeds the space available on the KACE SMA, patches cannot be downloaded.

NOTE: Appliance disk space information appears in the Patch Status section at the top of the page.

Disable Windows Embedded Patches

Identify and disable any embedded Windows patches. When this option is selected, the signatures for embedded patches are downloaded, but they cannot be deployed unless they meet the subscription criteria.

Inactivate Superseded Patches

Mark patches that have been superseded to the Inactive state after every download. Inactive Superseded Patches are identified with Inactive on the Patch Catalog page.

Detect Disabled Patches

Enable the appliance to identify disabled patches when it runs a Detect job. If this option is selected, the signatures for disabled patches are downloaded for detection purposes only. Patches cannot be deployed unless they meet the subscription criteria.

7.
Click Save.

Selected patches are downloaded automatically at the next scheduled download time. If a patch does not match the subscription settings after download, it appears as Disabled. If a patch matches the subscription settings but it is either superseded or manually set to inactive, the state appears as Inactive.

Select patch download settings

Select patch download settings

The patches you subscribe to are downloaded to the appliance according to the settings you choose.

Be aware that the first patch download might use a large amount of network bandwidth.

1.
Go to the Patch Download settings.
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Patch Download Settings.
3.
In the Configure section, select the following options.

Option

Description

Disabled

Prevent the downloading of patch packages. This prevention includes the installers that are required to install the patches.

All subscribed files

Maintain a full cache of subscribed packages on your KACE SMA. This option downloads all deployment packages to which you subscribe, without checking to determine whether they are required for your environment.

It is important for some environments to maintain a full cache. For example, if you select the Offline Target or Online Source option, full caching is required.

Files detected as missing

Allow the appliance to determine which packages to download based on the results of Detect jobs. If a patch detection signature has been detected as Not Patched on any managed device, the patch package is downloaded. If no managed devices are detected as Not Patched, no packages for this patch are downloaded.

Delete unused files after __ days

Delete patches that have not been deployed in the specified number of days. Patches that are marked as Inactive or Disabled are automatically deleted during the patch download process.

Offline Update

The action to take if the appliance is offline when the update process is scheduled to start. Clear the Offline Update option if the appliance is expected to be connected to the internet and can download patches directly.

Offline Target

The Offline Target to use if the appliance is not connected to the internet, and you want to upload the patch files from a local directory. If you have a KACE SMA that is connected to the internet, you can configure that appliance as an Offline Source. Then you can manually copy the patch files from the Offline Source Patches file share to the following directory on the Offline Target: \\KACE_SMA_host\patches.

Click Upload to load patch TAR files.

Online Source

Whether the appliance is used as a source for a different appliance. When this option is selected, patch files are downloaded to the KACE SMA’s Patches file share.

4.
Select schedule options for patch signatures in the Schedule section. Patch signatures include the security bulletins and other files that define patches downloaded from Lumension.

Option

Description

None

Prevent the downloading of patch signatures.

Every __ hours

Download signatures at a specified interval. Use caution when specifying frequent intervals (4, 8 or 12 hours), because this can increase bandwidth requirements.

Every day at the specified time

Select day to download patch detection signatures every day, or select a day of the week to download once a week.

Select the time to start the download. Time is displayed in 24-hour clock format, where 0 is midnight, 1:00 a.m. is 1 and 11:00 p.m. is 23.

On the nth of every month or on a specific month at HH:MM

Select the day of the month to download patch detection signatures on a monthly basis.

Option

Description

After signature download

Download packages after the signatures have been downloaded. This option is not available if package download is disabled in the Patch Download Options section.

Every __ minutes

Specify the frequency with which signatures and packages are downloaded. This option is available only if Patches detected as missing in the Patch Download Options section is selected.

Download Blackout: Start __ End __

Specify a time period during which patch detection signatures cannot be downloaded. For example, use an early morning stop time to prevent the process from using a large amount of network bandwidth during regular working hours.

If you select this option, the appliance stops patch downloads at the specified time. It does not start patch downloads again until the next specified patch download time. When the download resumes, it starts up where it left off. Downloads that are incomplete might not appear on the Patch Catalog page.

6.
Click Save.
8.
To immediately remove all patches from the appliance, click Delete. This can be useful if you no longer need any patches and you want to quickly reclaim the disk space that they used.

To schedule patch detection and deployment for managed devices, see Creating and managing patch schedules.

Viewing available patches and download status

Viewing available patches and download status

You can review the available patches and set appropriate patch download filters to download only the patches you need.

For example, once the patch packages are downloaded, you can set a filter to view patches based on category; view Operating System patches only.

Documents connexes