The Patch Server Configuration settings define the server for patch-related maintenance tasks as well as the default server for an Ondemand Content Master. To access these settings, navigate to Security > Getting Started > Mitigating Vulnerabilities, and click Select Patch Server in the Enable Patch Management section. You can also access the settings under Security in the Management Zone Settings.
If you are migrating the Patch Management platform after a ZENworks upgrade rather than a new installation, the migration wizard will take you to the Mitigating Vulnerabilities page. For information about migration, see Platform Migration.
One Primary Server needs to be designated as the Patch server. The Patch server performs Patch-related maintenance tasks for your zone, including accessing the Internet to validate your Patch subscription license. By default, it is also assigned as an Ondemand Content Master to download patch content from the Internet.
As the Patch Server performs these functions, it requires access to the Internet as explained below:
License Verification:
The Patch server must be able to reach the following license verification URL:
https://appsvcext.microfocus.com
If the Patch server requires a proxy server to reach the Internet, it uses the System Update Entitlement’s proxy server. You define that proxy server on the System Update Settings page (Configuration > Management Zone Settings > Infrastructure Management > System Update Settings > Proxy Server Settings). Make sure the proxy server has access to the license verification URL.
Patch Content Download: The Patch server, functioning as an Ondemand Content Master to download patch content, must be configured for Internet access as explained in Configuring Ondemand Content Masters for Patch Management.
The Patch Server performs maintenance once a day, which includes rebuilding the patch scan files (DAU bundles), disabling outdated patches, and generating an email notification.
You can define the time that scheduled maintenance occurs and run a manual maintenance task at will.
This option enables you to set all Patch Management settings, including deployments and patch policies, back to the default state. All patch-related configuration settings, policies, deployments, and data will be removed from the database. The patch content stored on the Content Server will be cleaned up based on the Ondemand Content clean-up schedule for each server.
When you initiate the Patch Management Reset, the following actions will be performed:
Patch Management Settings clean-up
Database clean-up
Patch Bundle clean-up
Patch Policy clean-up
Patch Settings clean-up
If the Patch license is currently in the evaluation mode or all licenses have expired, then the evaluation period will be reset so that you can evaluate ZPM again. The current valid licenses will remain unchanged.
Patch services will be stopped on all the servers.
Before resetting the Patch Management:
Ensure that the CVE subscription, Bundle or Device deletion is not in progress.
Ensure that the Patch Maintenance is not in progress.