Chatta subito con l'assistenza
Chat con il supporto

KACE Systems Management Appliance 14.1 Common Documents - Administration Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings Configuring Content Security Policy
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates About Remote Control Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Manage quarantined file attachments
Using reports and scheduling notifications Monitoring devices
Getting started with monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

About patch testing and security

About patch testing and security

Quest provides safe, timely, and high-quality patch signatures for Windows and Mac operating systems, and many popular applications.

Before patch signatures are made available to the appliance, Quest performs the following security checks:

About the patch testing environment

About the patch testing environment

Quest uses VMware® ESX®, VMware® vCenter™, Microsoft® Azure®, and custom hardware bench testing.

Testing methods include verification that patch-naming conventions comply with Quest policies.

About assessment testing

Assessment testing verifies that the Patch Management component is performing properly.

The testing verifies that:

About deployment testing

Deployment testing verifies that patches are being deployed appropriately.

The testing verifies that:

About the patch quality assurance process

About the patch quality assurance process

Quest provides Patch Management customers more value through the content development and quality assurance processes. The quality assurance teams verify the patch install and uninstall processes as well as the patch metadata produced by the content development team. Providing quality content to our customers is a high priority. To ensure successful delivery of content, Quest executes test cases covering the following test components.

Testing environment

Quest invests heavily in testing infrastructure. The content development and quality assurance teams have access to a virtual enterprise environment representing nodes of various configurations. Quest uses a mix of virtual desktops and servers in addition to custom physical bench testing to ensure that our testing infrastructure is state of the art.

Application testing

Quest tests with various applications as necessary to ensure the requirements of the patch are satisfied.

Testing strategy

Quest uses the following types of testing:

General testing verifies the following:
Assessment testing verifies the following:
Deployment testing verifies the following:

Trusted delivery and flexibility

Quest processes are designed and implemented to maximize global availability through a secure content distribution network. All communications with Quest are conducted through encrypted, secure channels to ensure the integrity of security content.

Using a best practice approach, critical security patches are automatically downloaded to customer locations, based on their subscription options. Additional security patches may be downloaded, as necessary, to create a customized version of the KACE Patch Content Repository within the customer’s own secure enterprise environment.

Best practices for patching

Best practices for patching

Best practices for patching devices include testing patches, using labels to organize devices and patches, and notifying users when systems are being patched.

Test patches on selected devices before deploying them to all devices. This testing ensures that patches do not break anything before they are widely deployed.

When choosing test devices, look for these characteristics:

For a thorough test, devices should function normally for at least a week after being patched. If no problems are reported after a week, the patch can be deployed to the remaining devices on the network.

You can use Smart Labels to automatically group devices by type, such as laptop, desktop, and server. In addition, you can use Smart Labels to automatically group patches by importance, such as critical operating system patches and lower priority patches for other applications. You can then create patching schedules to match each type of device and patch.

See:

There are two options for patching Windows devices:

Use Windows Feature Update: Windows Update is a Microsoft feature that downloads and installs updates to Windows operating systems. If you enable Windows Update on managed devices, use Patch Management on the appliance only to detect Windows operating system patches, not to deploy them. Patches will be deployed by Windows Update.
Use the Patch Management: You can download and deploy patches for Windows operating systems using Patch Management. If you use Patch Management on the appliance, disable Windows Update on managed devices, because patches will be deployed by the appliance.

Schedule patch deployment during periods when device use is lower to minimize downtime. Keep in mind that device use varies depending on the device type:

Servers: These require careful and well-publicized upgrades. When patching servers, you might need to plan ahead by several weeks.
Desktops: These have more flexible options for patching, because they are often left running when they are not in use.
Laptops: These are the most difficult to patch, because they are often only available to patch while being used.

For more information about creating patch schedules for each type of device, see:

Be sure to notify users when the devices they use are being patched. This is especially important if devices need to be restarted as part of the patching process. There are several ways to inform users of patching schedules:

Send email or use other messaging systems: Notify users in advance through email and other messaging systems outside the appliance Administrator Console. This notification is especially useful when patching might prevent access to critical systems, such as servers, for a time.
Send an alert message from the appliance: Use the appliance Administrator Console to create an alert and broadcast it to all devices or to selected devices. These broadcast alerts can be used to remind users that patching is about to start.

For more information on creating alerts, see Broadcasting alerts to managed devices.

Provide alerts during patching: When you schedule patching, choose to alert users before patching, and prompt users before rebooting their devices. You can also enable users to snooze or postpone reboots if necessary. See Configuring patch schedules.

For more information about scheduling patching for various devices, see:

Patching jobs can require extensive bandwidth and resources. To reduce the impact on users, you can set time limits on patching jobs. For example, you could configure patching jobs to start at 04:00 and stop at 07:00. Any patching jobs that are in progress at 07:00 are suspended. Jobs resume where they left off when the next scheduled patching job begins. See Configuring patch schedules.

Use Replication Shares to optimize network resource requirements and download time. Replication Shares are devices that keep copies of files for distribution, which can be useful for managed devices that are deployed across multiple geographic locations. For example, using a Replication Share, a device in New York could download patch files from another device at the same office, rather than downloading those files from an appliance in Los Angeles.

For more information on setting up and using Replication Shares, see Using Replication Shares.

Quest Support has a Knowledge Base of articles about the appliance, which you can access at https://support.quest.com/kace-systems-management-appliance/kb. The Knowledge Base is continually updated with solutions to real-world appliance problems that administrators encounter. To view patching articles, go to the Knowledge Base and search for Security.

Sponsored by Quest KACE, ITNinja.com (formerly AppDeploy.com) is a product-agnostic IT-focused community website. It is the Internet’s leading destination for IT professionals to share information and ask questions about system-management related topics. See http://itninja.com.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione