7.2 Using the Patches Tab for a Device

7.2.1 Patches

This section of the Patches page provides the following information about patches:

  • Name of the patch

  • Total number of patches available

  • Impact of the patch

  • Statistics of the patch

This section features the Action menu, which enables you to perform any of the following actions related to patches: Deploy Remediation, Enable, Disable, Scan Now, Update Cache, and Export. For more information on these actions, see Section 7.2.6, Action Menu Items.

The Patches section also features the show items option that enables you to select the number of items to be displayed in this section:

Figure 7-1 Show Items drop-down List

7.2.2 Patch Name

The patch name typically includes the vendor or manufacturer of the patch, the specific application, and version information.

An example of a patch name is shown in the following figure, where patch name is given, Adobe is the vendor, Acrobat Reader is the application, and 6.0.6 is the version information:

Figure 7-2 Example of a Patch Name

7.2.3 Total Number of Patches Available

The total number of available patches is displayed in the bottom left corner of the table. In the following example, there are 979 patches available:

Figure 7-3 Total Number of Patches

7.2.4 Patch Impacts

Based on the release date and impact, a patch can be classified as Critical, Recommended, Informational, or Software Installers:

  • Critical: Novell has determined that this type of patch is critical, and should be installed as soon as possible. Most of the recent security updates fall into this category. ZENworks Server automatically downloads and saves the patches that have critical impact.

  • Recommended: Novell has determined that this patch, although not critical or security related, is useful and should be applied to maintain the health of your computers. Therefore, Novell recommends that you implement patches that fall in this category.

  • Informational: This type of patch detects a condition that Novell has determined as informational. Informational patches are used for information only. There is no actual patch to be installed.

  • Software Installers: These types of patches are software applications. Typically, they include installers. The patches show Not Patched if the application has not been installed on a machine.

Patch Management impact terminology for its patch subscription closely follows the vendor impact terminology for patch criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a Novell rating as described in this section. Patch Management, following the recommendations of Lumension Security, increases or steps up the severity of the impact rating. For example, Microsoft classifications for “Critical,” “Important,” and “Moderate” patches are all classified as “Critical” by Novell.

The following table lists the mapping between Novell and Microsoft patch classification terminology:

Table 7-1 Novell and Microsoft Patch Impact Mapping

Novell Patch Impacts

Windows

Other

Critical

Critical Security

Important

Moderate

NA

Recommended

Recommended

Low

Example: Microsoft Outlook 2003 Junk E-mail Filter Update

NA

Software Installers

Software Distribution

Example: Microsoft Windows Malicious Software Removal Tool (Virus Removal)

Adobe 8.1 software installer

Informational

NA

NA

Source: Lumension Security

7.2.5 Patch Statistics

Patch statistics show the relationship between a specific patch and the selected device. The patch statistics appear in the Patched column on the far right side of the Patch page. This column indicates whether the selected device has been successfully patched or not. If the device has been patched, this column shows Yes; if the device has not been patched, this column shows No.

7.2.6 Action Menu Items

The Action menu on the Patches page for a selected device consists of the following six options:

Figure 7-4 Action Menu

  • Deploy Remediation: Enables you to deploy a patch. To use this option, select the check box for the patch you want to deploy and select Deploy Remediation to open the Deploy Remediation Wizard.

  • Enable: Allows you to enable a disabled patch. To use this option, select it from the Action menu.

  • Disable: Enables you to disable a patch. To use this option, select the check box for the required patch and select Disable. The selected patch is removed from the list.

    NOTE:Disabling a patch also disables all the bundles associated with it.

  • Update Cache: Initiates a download process for the bundles associated with the selected patch and caches those bundles on your ZENworks Server.

    NOTE:The remediation bundles must be cached before they are installed on the target device.

    To use this option:

    1. Select one or more patches in the patches list.

    2. In the Action menu, click Update Cache.

      The patch icon changes to Icon indicates that download process has started. While the download is in progress, the icon changes to Icon indicates that download is in progress. When the caching is complete, the color of the patch icon changes to green. This indicates that the patch remediation is ready to be deployed.

  • Export: Enables you to export the details such as the status and impact of selected patches into a comma-separated value (CSV) file. You can choose to save the file in a different file format after opening it from the download option.

7.2.7 Searching Patches

The Search section on the Patches page offers extensive search and data filtering options that allow you to search for specific patches and filter result sets based on the status and impact of the patches. Searching and filtering can be performed independently of each other or can be combined to provide extensive drill-down capabilities. The following figure shows the Patch Search section:

Figure 7-5 Search Section on the Patches Page

To search for a patch:

  1. Type all or part of the patch name in the Patch Name text box.

  2. Select the desired check box under Status and Impact.

  3. Select the vendor in the Vendor drop-down list.

  4. Select the cache status in the Cache Status drop-down list.

  5. Click Search.

Clicking Reset enables you to return to the default settings.

The following table describes the result of selecting each filter option under Status:

Table 7-2 Status Filters in Search

Status Filter

Result

Patched

Search results include all the patches in the patch list that have been applied to one or more devices.

Not Patched

Search results include all the patches in the patch list that have not been applied to any device.

Not Applicable

Search results include all the patches in the patch list that do not apply to the device.

Include Disabled

Search results include all the patches in the patch list that have been disabled by the administrator.

The following table describes the result of selecting each filter option under Impact:

Table 7-3 Impact Filters in Search

Impact Filter

Result

Critical

Search results include all the patches in the patch list that are classified as Critical by Novell.

Recommended

Search results include all the patches in the patch list that are classified as Recommended by Novell.

Informational

Search results include all the patches in the patch list that are classified as Informational by Novell.

Software Installers

Search results include all the patches in the patch list that are classified as Software Installers by Novell.

Table 7-4 Vendor Filters and Cache Status Filter in search

Filter

Result

Vendor

Search results include all the patches relevant to the vendor.

Cache Status

Search results include all the patches that have been cached or not been cached on the local server.

7.2.8 Patch Information

You can view detailed information for a selected patch in the Patch Information section. Clicking the name of a patch displays the details of that patch.

For example, if you select the patch called Adobe Acrobat Reader 6.0.6 Update from the list of patches, the Patch Information section displays the result of a patch analysis for the selected patch, as shown in the following figure:

Figure 7-6 Patch Information for a Selected Patch

The following table defines each property name in the Patch Information section:

Table 7-5 Property Names in the Patch Information Section

Property Name

Definition

Name

The name of the patch.

Impact

The impact of the patch as determined by Novell. See Section 7.2.4, Patch Impacts.

Status

Status of the patch; can be Enabled, Disabled (Superseded) or Disabled (By User).

Vendor

The name of the vendor or manufacturer.

Released on

The date the patch was released.

Vendor Product ID

The ID number given to the product by the vendor.

Description

The description of the patch; it includes the advantages of deploying the patch and the prerequisites for deployment.

Requires Reboot

Whether a reboot is required after patch deployment.

Supports Uninstall

Whether the patch supports uninstallation.

7.2.9 Workstation Device Patches

To view the patches for a specific workstation device:

  1. Click the Workstation link on the Devices page.

    A list of workstation groups classified on the basis of their operating systems appears, as shown in the following figure:

    List of workstation groups classified by operating system

    You see the following icons on the Workstations page:

    Icon

    Status

    Message Status: Normal

    Device Status: Bundle and policy enforcement successful

    Message Status: Warning

    Device Status: Bundle and policy enforcement successful

    Message Status: Error

    Device Status: Bundle and policy enforcement successful

    Message Status: Error

    Device Status: Bundle and/or policy enforcement failed on one or more bundles or policies.

    Devices can also be found by using Search (see section Filter Item).

  2. Click the required group (Workstation or Dynamic Workstation Group) to view the details of the group and its members.

  3. Click the required member or workstation device.

    A page displaying the member’s details is displayed. The following figure shows the page displaying details for the workstation device w2adxpsp2:

    General details for a workstation device
  4. Click the Patches tab.

    The patches associated with the workstation device appear as shown in the following figure:

    Patches applicable to the managed server device