4.4 Configuring Subscription Service Content Download Details
-
Click the tab in the left panel to display the Configuration page:
-
Click to display the seven links (Subscription Service Settings, Subscription Service Content Download, Email Notification, Dashboard and Trending, Vulnerability Detection Schedule, Patch Policy Settings, Mandatory Baseline Settings):
-
Click the link to display the Subscription Service Content Download page:
The Subscription Service Content Download Options page allows you to configure the subscription download options for the Patch Management Server. You can select the languages that are used within your network to ensure that you only download the patches that are most applicable for your organization. The next time patch replication occurs, only those patches specific to the selected languages are downloaded, thereby saving download time and disk space on your Patch Management Server.
NOTE:Novell does not recommend selecting all languages because each language can represent hundreds of patches. Downloading unnecessary languages can result in thousands of unused patch definitions within your ZENworks Primary Server database that would then need to be disabled in the tab.
EXPECTED RESULTS: From version ZCM 11.1 onwards, the administrators are allowed to select the Primary servers that should receive the patch bundles compared to the forced rollout to all servers in prior releases.
The following table describes each option on the Subscription Download Options page:
Item
Description
Enables you to select the operating system platform for which you want to download patches. For example, if you select the check box, only Windows patches are downloaded.
This Option will be enabled ONLY when the LINUX platform is selected. Selecting this check box will download all the root level dependencies that will be necessary to resolve any vulnerabilities.
Enables you to select the language of patches you want to download. For example, if you select the check box, only French language patches are downloaded.
Enables you to combine all languages into each Patch Detection Assignment (not recommended).
Enables you to turn secured downloading on or off.
Enables you to cache patch bundles to the servers or workstations that are managed by primary servers.
Enables you to cache patch bundles to primary servers only.
By default all the patches will be downloaded to the ZPM directory which is enabled, but, if necessary, select the radio button for Bundle content directory to download it there.
-
ZPM directory: Downloads patch content to installpath\zenworks\zpm (Windows) or /var/opt/Novell/zenworks/zpm (Linux)
-
Bundle content directory: Downloads patch content to installationpath\zenworks\work\content-repo (Windows) or /var/opt/Novell/zenworks/content-repo (Linux)
Enables patches that aren’t applicable to your enterprise. This option may slow performance if enabled.
Enables local cache for faster Patch Detection results, which eliminates the decryption and decompression of Vulnerability Detections. Only use this feature if you trust end users to stay out of the ZENWorks Agent directory, ideally, workstations users shouldn’t have access to Zenworks agent directory.
Enables you to select the vendors to use in the system. By default it is ALL. For example, if you want to select the patches only for Novell not the rest available. Select the radio button Selected and then select the check box, only Novell patches are downloaded.
NOTE:This list of vendors will not be populated until the initial subscription update has completed.
Configures the system to only have applicable patches available for selection when building patch policies.
Disables content within the system based on the criteria you select. These options are useful for filtering out obsolete content. ALL options are selected by default.
Deletes the patch listing and any cached bundles for that patch that meet the following conditions:
-
The patch is disabled.
-
The patch has been disabled longer than the time duration selected from the drop-down.
NOTE:The bundles are not deleted until the next subscription update.
IMPORTANT:Customers with larger network environments should select both and for optimal distribution of patches and the daily Discover Applicable Updates task within their environment. Not selecting these options could cause very slow and inefficient delivery of these patch bundles within a highly distributed WAN environment.
Within an enterprise network environment, the customer usually installs more than one ZENworks 11 SP4 Primary Server. Although only one of these servers can be used to download patches, every Primary Server has a cache of patch bundle content for distribution to the agents that are closest to it within the zone. Thus, when an agent wants to get a bundle, it can get the bundle directly from its closest Primary Server rather than the Primary Server where the patches were downloaded.
In addition, the satellites that are installed within the customer network can also serve as a cache for bundle content. If an agent is at a remote branch office with a satellite, it can get its content directly from the satellite rather than the Primary Server where patches were downloaded.
The following table describes the action of each button on the page:
Button
Action
Enables you to go back to the Configuration page.
Enables you to save the changes made to the page.
Enables you to reset the selected options.
Enables you to cancel the last action performed.
-
Best practices recommendations for using the patch subscription:
-
Customers should always disable patches that they no longer require, because this minimizes the volume of patch scan data stored each day, as well as the time taken to scan each of the endpoint devices.
-
We highly recommend that customers cache only the patches they need. When a patch is cached to the Primary Server where patches are downloaded, it needs to be copied to all Primary Servers and satellites within the zone. Downloading all patches wastes space and bandwidth within the ZENworks 11 SP4 content distribution network.