A patch consists of a description, signatures, and fingerprints required to determine whether the patch is applied or not patched. A patch also consists of associated patch bundles for deploying the patch.
The Patches page displays a complete list of all known patches reported by various software vendors. After they are reported and analyzed, the patches are registered for distribution to your ZENworks Server through the ZENworks Patch Subscription Network. The ZENworks Agent should be installed on each device to check for known patches. A patch bundle called Vulnerability Detection is then assigned to run on each device on a daily basis to scan for known patches. This task returns the results that are displayed on the Patches page. The results are presented in a table of patch status. The total number of patches is displayed below the table in the bottom left corner.
NOTE:The Patches page downloads and displays patches only for the operating systems that are running on your managed devices. This process prevents wastage of bandwidth and disk space, which would be required to store thousands of unneeded patches in the ZENworks Primary Server database. If you connect a device running a previously undetected operating system, you must initiate replication again so that the Patch Management Server downloads patches for that operating system.
The Dashboard page addresses operational, management, and compliance reporting needs.
NOTE:To use patch management effectively, you should disable patches that are irrelevant to your environment so that daily compliance statistics are based only on patches relevant to your network of devices, giving the percentage of enabled patches actually applied on a given day.
To view the Patch management Dashboard, navigate to Patch Management > Dashboard.
The Subscription Service History section displays the activity log of the subscription activities. The table below describes each item featured in this section.
Item |
Definition |
---|---|
Type |
Subscription type defined for your account: Patches (Subscription Replication), Bundles (Subscription Replication), and Licenses. |
Status |
Status of the replication. When replication begins, the status reads In Progress. When replication ends, the status reads Complete. NOTE:If the replication process is interrupted, the status reads Resetting. This indicates that the replication process has continued from the point where it was interrupted. |
Start Date |
The date and time when replication started. |
End Date |
The date and time when replication ended. |
Duration |
The length of time the replication has been going on. |
Successful |
Indicates whether the replication was successful or not. True indicates successful replication and False indicates incomplete or failed replication. |
Error Detail (if any) |
Details of any error encountered during the patch download process. |
Recently Released Patches lists the last patches that were downloaded by the subscription service. You can change how many patches display on each page by selecting the number of items in the bottom right-hand corner of the page.
item |
Definition |
---|---|
Patch Name |
The name of the patch. |
Platform |
The operating system that the patch applies to. |
Impact |
The impact of the patch in terms of its priority. |
Patched |
The number of devices that the patch has been installed on. |
Not Patched |
The number of devices that the patch has not been installed on. |
Released On |
The date that the patch was released. |
The Dashboard panel consists of a graphical dashboard and three standard reports that document patches, patch deployments, patch status, trends, inventory and more, at individual machine or aggregated levels. This provides a unified view to demonstrate progress toward internal and external audit and compliance requirements. Clicking a dashboard report will display more information about that report in tabular form. Click the Update Dashboard Report button in bottom right-hand corner to refresh the report.
The dashboard reporting thread captures daily statistics concerning the overall percentage of enabled patches that are actually patched on a given day. It will take at least 24 hours for the initial dashboard reports to be generated.
Patch Compliance: Displays the monthly [or daily] trend of overall compliance for each patch impact category.
Patch Management best practices recommend that an organization should monitor compliance reports over time to ensure that the intended patches are deployed regularly and the patch management solution is being used correctly. Mouse over the trend lines to
see the actual calculated percentages for each impact category (Critical, Software, or Optional). Detailed drill-down information showing the individual patched / not patched totals per patch can be seen in the Patch Management > Patches page.
Month [or Day]: Time period
Critical Patched: Percentage of critical patches that are patched
Optional Patched: Percentage of Recommended and Informational patches that are patched
Software Patched: Percentage of Software patches that are patched
Patch Compliance By Device: Displays the overall patch compliance of the devices that ZENworks Patch Management is monitoring.
Each device will only be evaluated as “compliant” if it has a patched status for all of the active patches currently available within Patch Management. It is recommended that patches that are not applicable should always be disabled within Patch Management so that this metric can track only the relevant patches for the managed network of devices.
Status: Compliant or Non-Compliant
Device Count: Total number of devices in each state
Time Since Last Agent Refresh: Displays the elapsed time since the last refresh cycle for all managed devices within the network.
Within a patch management system, it is vital to ensure that all devices are scanned regularly for missing patches. Even with a regular daily refresh cycle, it is very likely that some laptops or workstations will be offline during any given day.
Elapsed Time: < 24 hrs, < 48 hrs, < 72 hrs, > 72 hrs, above custom time
Device Count: Total number of devices in each category
The following table describes the action of each button on the page:
Button Name |
Action |
---|---|
Graph |
Displays the details graphically. |
Data |
Displays the details in tabular form. |
Zoom Control |
Enlarges or reduces a single graph into the full page size or restores it to the original size. |
Update Dashboard Report |
Refreshes the Dashboard page to show the updated information. |
When you click the button, the corresponding graph is in full page size mode; when you click the button, the corresponding graph is restored to its former size.
You create and manage patch policies from the Patch Management page, not in the Policies page.
To view patch policies, navigate to Patch Management > Patch Policies.
To view the patches that are discovered in the zone from the DAU tasks, click Patch Management in the navigation menu, and select the Patches page.
The Status page displays the download status for patches and bundles in table form, and also displays the details of patch caching and queuing status.
To view the Status page, navigate to Patch Management > Status.
The page consists of two data tables, Status and Cache Status. Definitions for each table item are provided below:
Table 4-1 Status Item Definitions
Item Name |
Item Status |
---|---|
Signature Download |
Indicates whether downloading of the signature has finished or is in progress. |
Signature Download Time |
Indicates the last time the local server contacted and downloaded the signature from the Patch Subscription server. |
Bundle Download |
Indicates whether the patch bundle download is finished or is in progress. |
Last Patch Download |
Indicates the last time the local server contacted and downloaded a patch from the Patch Subscription server. |
Number of Failed Download(s) |
Indicates the number of patches that failed to download from the Patch Subscription server. |
Number of Patches Queued for Caching |
Indicates the number of patches that are queued for download from the Patch Subscription server. |
Number of Active Patches |
Indicates the number of patches that are available for download from the Patch Subscription server. |
Number of New Patches (less than 30 days) |
Indicates the number of patches that have been uploaded to the Patch Subscription server in the last 30 days and are available for download. |
Latest Patch Released On |
Indicates the time when the latest patches were released. |
Table 4-2 Cache Status Item Definitions
Item |
Definition |
---|---|
Action > Cancel Pending Downloads |
Cancels the download of any patches in the process of being cached. |
Name |
The name of a patch. |
Status |
Whether the patch has been successfully downloaded. |
Error Detail (if any) |
Details of any error that occurred during the download process. |