1.4 Patch Management Process and Workflow

The following process maps demonstrate how patch information is communicated between the ZENworks Server and the ZENworks Agent and the general workflow administrators use to implement patch policy across the management zone:

The patch detection cycle begins each day at the ZENworks Server where a Vulnerability Detection task is scheduled for all ZENworks managed devices (servers and workstations).

The ZENworks Agent performs a scan by using the patch catalog on each device, which determines the status (number of Patched or Not Patched devices) for each specific patch.

The results of the patch detection scan are sent to the ZENworks Server and can be viewed anytime in the Security > Patches page. There is also a Patches page for each individual workstation and server.

After completion of the patch detection cycle, devices will either download patches on-demand in accordance with a Patch Policy schedule or when you initiate remediation deployments for applicable devices on the network. If required, you can configure pre-fetch and pre-cache settings to stage and replicate patches to Content servers before they are requested in the ondemand process.