In the Subscription Service Content Download page you configure the subscription download options for the ZENworks Primary Server. These options include choosing platforms, languages, vendors, and other download options. You can select the languages that are used within your network to ensure that you only download the patches that are most applicable for your organization. The next time replication occurs, only those patches specific to the languages are downloaded, which saves time and disk space on your ZENworks Primary Server.
NOTE:Micro Focus does not recommend selecting all languages because each language can represent hundreds of patches. Downloading unnecessary languages can result in thousands of unused patch definitions within your ZENworks Primary Server database that would then need to be disabled in the Patch Management page.
EXPECTED RESULTS: From version ZCM 11.1 onwards, administrators are allowed to select the Primary servers that should receive the patch bundles compared to the forced rollout to all servers in prior releases.
To configure content download for the Subscription Service, Select Configuration in the ZENworks navigation menu, and go to Configuration > Patch Management > Subscription Service Content Download.
Refer to the descriptions below to understand and configure the Subscription Service Content Download settings according to your organization’s needs:
|
Item |
Description |
|---|---|
|
Select the platforms to download |
Enables you to select the operating system platform for which you want to download patches. For example, if you select the Windows check box, only Windows patches are downloaded. |
|
RPM Dependency |
This option is only enabled when the LINUX platform is selected. Selecting this check box will download all the root level dependencies that will be necessary to resolve any vulnerabilities. |
|
Red Hat Linux Subscription Management |
Enables you to retain the current default subscription type (RHN Classic) for Red Hat systems or to migrate to the preferred subscription type by choosing RHSM, which is a much more efficient method of getting security content from Red Hat. For information on RHSM registration or migration, see Register for or Migrate to RHSM. |
|
Choose your Windows language options |
Enables you to select the language of patches you want to download. For example, if you select the French check box, only French language patches are downloaded. |
|
Mix Multiple Languages |
Enables you to combine all languages into each Patch Detection Assignment (not recommended). |
|
SSL |
Enables you to turn secured downloading on or off. |
|
Cache patch bundles to satellite servers |
Enables you to cache patch bundles to the servers or workstations that are managed by primary servers. |
|
Cache patch bundles to primary servers |
Enables you to cache patch bundles to primary servers only. |
|
Download location for patch content |
By default all the patches will be downloaded to the ZPM directory which is enabled, but, if necessary, select the radio button for Bundle content directory to download it there.
|
|
Enable not applicable patches |
Enables patches that are not applicable to your enterprise. This option may slow performance if enabled. |
|
Enable PD caching |
Enables local cache for faster Patch Detection results, which eliminates the decryption and decompression of Vulnerability Detections. Only use this feature if you trust end users to stay out of the ZENworks Agent directory. Ideally, workstations users should not have access to the ZENworks agent directory. |
|
Select vendors to use in the system |
Enables you to select the vendors to use in the system. You can choose All or the Selected option. The latter enables the check boxes for selecting individual vendors. NOTE:This list of vendors will not be populated until the initial subscription update has completed. |
|
Patch Policy uses only applicable patches |
Configures the system to only have applicable patches available for selection when building patch policies. |
|
Patch feed filtering |
Disables content within the system based on the criteria you select. These options are useful for filtering out obsolete content and enhancing performance. All options are selected by default. More clarifications are provided below for those settings that are often misunderstood:
|
|
Patch Content Cleanup |
Deletes the patch listing and any cached bundles for that patch that meet the following conditions:
NOTE:The bundles are not deleted until the next subscription update. |
IMPORTANT:Customers with larger network environments should select both Cache Patch Bundles to Satellites and Cache Patch Bundles to Primary Servers for optimal distribution of patches and the daily Discover Applicable Updates task within their environment. Not selecting these options could cause very slow and inefficient delivery of these patch bundles within a highly distributed WAN environment.
Within an enterprise network environment, the customer usually installs more than one ZENworks Primary Server. Although only one of these servers can be used to download patches, every Primary Server has a cache of patch bundle content for distribution to the agents that are closest to it within the zone. Thus, when an agent wants to get a bundle, it can get the bundle directly from its closest Primary Server rather than the Primary Server where the patches were downloaded.
In addition, the satellites that are installed within the customer network can also serve as a cache for bundle content. If an agent is at a remote branch office with a satellite, it can get its content directly from the satellite rather than the Primary Server where patches were downloaded.
Best practice recommendations for using the patch subscription:
Customers should always disable patches that they no longer require, because this minimizes the volume of patch scan data stored each day, as well as the time taken to scan each of the end point devices.
We highly recommend that customers cache only the patches they need. When a patch is cached to the Primary Server where patches are downloaded, it needs to be copied to all Primary Servers and satellites within the zone. Downloading all patches wastes space and bandwidth within the ZENworks content distribution network.
The Red Hat Subscription Management service (RHSM) is the latest model provided by Red Hat to register for Red Hat subscriptions. RHSM is compatible with ZENworks Patch Management 2017. It provides a much more efficient method for Red Hat patch distribution. All Red Hat client subscriptions will be required to use RHSM by July 31, 2017.
To use RHSM, a new subscriber will have to first register with Red Hat or an existing subscriber will have to migrate from the Classic service to RHSM. The ZENworks procedures for both options are provided below:
New subscription: To configure RHSM as a new subscriber:
In the ZENworks Control Center, go to Configuration > Patch Management > Subscription Service Content Download.
Select RHSM under the Red Hat Linux Subscription Management configuration.
Scroll to the bottom of the configuration page and click Apply to save the changes.
Register for RHSM at.
Wait for the next DAU task to execute per the schedule, or click Update Now in the Subscription Service Settings page (Configuration > Patch Management > Subscription Service Settings).
RHSM migration: To migrate to RHSM from the RHN Classic mode:
In the ZENworks Control Center, go to Configuration > Patch Management > Subscription Service Content Download.
Select RHSM under the Red Hat Linux Subscription Management configuration.
Scroll to the bottom of the configuration page and click Apply to save the changes.
Log in to your Red Hat account at and follow the instructions to migrate to RHSM.
Wait for the next DAU task to execute per the schedule, or click Update Now in the Subscription Service Settings page (Configuration > Patch Management > Subscription Service Settings).