1.8 Patch Management

  • Airgap for Closed Network Customers: For customers who work with sensitive data that cannot be exposed to the Internet, an airgap feature is now available. This feature allows you to use ZENworks Patch Management on workstations in networks disconnected from the Internet, also known as “airgapped” environments. In this configuration, one Patch Management server is configured to download patch content to the Internet. Then, after the content is downloaded, it is migrated to another Patch Management server, which is disconnected from the Internet. Use this server to patch your airgapped workstations into compliance.

  • Patch Server Migration: In the event of Patch Management server failure or maintenance, it is now possible to migrate Patch Management on another ZENworks server while retaining the data from your previous Patch Management install. During a move, you can now retain Cached Patch Content, Mandatory Baselines, and DAU Bundles.

  • Patch Management Configuration Reorganization: The configuration settings for Patch Management in the Management Zone Settings have been reorganized into different pages. The new layout is more intuitive. However, experienced Patch Management users might find that some settings have been moved from the pages they are used to.

    • Management Zone Settings for Patch Management: The number of Management Zone Settings for Patch Management has been reduced from 12 categories to 7. Some of these categories have been consolidated for a more intuitive user experience.

      The following table shows the new ZENworks 11 SP4 categories, compared with the ZENworks 11 SP3 categories.

      Table 1-1 Patch Management Category Reorganization

      ZENworks 11 SP4 Categories

      ZENworks 11 SP3 Categories

      Subscription Service Settings

      • Subscription Service Information

      • Configure HTTP Proxy

      • Patch Subscription Credentials

      Subscription Service Content Download

      Subscription Download

      Email Notification (no change)

      Dashboard and Trending (no change)

      Vulnerability Detection Schedule

      • Schedule Discover Applicable Update Bundles Install

      • Schedule Discover Applicable Update Bundles Distribution

      • Deployment Options

      Patch Policy Settings

      • Patch Policy Enforcement Settings

      • Patch Policy Distribution Settings

      Mandatory Baseline Settings (no change)

  • Disabling Content by Age: This new option has been added for managing older content. You can now automatically disable content older than a selected expiration date. This feature will prevent you from deploying old patches and reduce the scope of listings on the Patches tab. For example, you can set third-party installers to automatically disable themselves after six months.

For more information about the Patch Management scenarios, see the ZENworks 11 SP4 Patch Management Reference.