How to use the Offline Patching option on the KACE Systems Management Appliance (4303519)

How to use the Offline Patching option on the KACE Systems Management Appliance

The KACE Systems Management Appliance feature "Offline Update Options" allows you to get updated Patch files when the KACE Systems Management is in a secured environment, without internet access. The Offline Update Options require another KACE Systems Management Appliance that has internet access to download the patches and ability to move all of the patch files in a compressed file (patches.tgz) onto the second KACE Systems Management Appliance's file share to update the patching list. The patch files are store in the \\kbox\patches directory (replacing kbox with your KACE Systems Management Appliance's hostname).

Requirements

1) The Source KACE Systems Management Appliance

• The source KACE Systems Management Appliance is a physical or virtual K1000 - with internet access - which downloads patches as normal from the Internet.
• Configured on patch settings page as ‘Online Source’ for Offline Patching.
• Contains a read-only samba share on this KACE Systems Management Appliance so patches can be copied off. (e.g. \\kbox\patches)
• Can be set to maintain either a full backup or incremental backup since last checkpoint (tgz file format).
• Patches are downloaded on a regular schedule to this KACE Systems Management Appliance.
• This machine MUST subscribe to the same platforms, languages, etc, as desired on the Offline Box.

2) The Offline KACE Systems Management Appliance

• The offline KACE Systems Management Appliance is a KACE appliance without internet access that is used to manage and patch clients.
• Configured on patch settings page as ‘Offline Target’ for Offline Patching.
• This setting opens a read-write share on this KACE Systems Management Appliance so patches can be copied on (e.g. \\kbox\patches), and prevents the Update Patching process from making any HTTP requests.
• Nightly patch download does not run, instead user manually periodically copies an update from the Source KACE Systems Management Appliance to the samba share on the Target KACE Systems Management Appliance, then runs ‘Upload’ to load the data from patches.tgz.

Configuration

How to Enable Offline Patching (Online and Offline Servers)

1. Navigate to KACE Systems Management Appliance Settings > Control Panel > Patch Download Settings.
2. Under Configure, Choose "Offline Update".
3. Choose either "Offline Target" or "Online Source", depending on which type of server you are configuring.
4. Click Save.

For Online Servers:

• The patches.tgz file will be built after the next patch feed sync. This will happen based on the configured schedule, or it can be triggered manually with the "Run Now" button.
• The status can be seen under Settings > Logs by selecting the Patch Download Log.
• Upon completion, the patches.tgz file will be accessible in the \\kbox\patches share and can be copied to the offline KACE Systems Management Appliance.

For Offline Servers:

1. Copy the patches.tgz file from the online source server's patches share (e.g. \\kbox\patches) to the patches share on the offline target server.
2. Click "Upload" to start the import of data from patches.tgz. You can monitor under Settings > Logs by selecting the Patch Download Log.

Creating and Using Checkpoints (Full or Incremental Offline Updates):

A checkpoint can be created by clicking the "Update" button on an Online Source server at any time. This will create a checkpoint at the time the "Update" button is pressed, thus setting the start date/time for the next incremental update.

Note:

• The incremental updates must be managed accurately to avoid a situation where something is missed and the database/files no longer match between the source and offline target. Example Bad Scenario: The "Update" button is pressed to create a new checkpoint after a patch feed is sync'd but before the patches.tgz was copied over and uploaded to the offline box. These systems are now out of sync.
• To reset checkpoints and rebuild the patches.tgz from the entire patch database of the online server, the "Reset" button can be pressed for the Online Source. This will eliminate all checkpoints and ensure a 1:1 copy of the data from the online source to the offline target once uploaded to the offline target server.

To Access the patches share directory (offline and online):

1. Check if the samba share is enabled and enter a password for it, navigate to KACE Systems Management Appliance Settings > General Settings.
2. Make sure the following is set under "Samba Share Settings"
   1. Check the "Enable File Sharing" box.
   2. Enter a password for the "File Share User 'admin' Password"
   3. Click "Save Samba Settings".
   4. Map a network drive to \\kbox\patches\ and change the user to admin and enter the password.
      (Replace kbox with either fully qualified hostname or IP address of the KACE Systems Management Appliance appliance)

Common Problems/Troubleshooting

Problem #1:

On the Offline Target, you are getting Patch Tip # 3. Patching is currently disabled for Windows, because patch signatures are missing from the KACE Systems Management Appliance. Please check the server logs for download errors, and rerun the patch download.

Solution #1:

This error appears when the Offline server is subscribed to data in the feed to which the Online source server is not. Make sure your subscription settings match on both appliances.