The Patch Deployment feature currently operates only on Microsoft Windows computers running single-byte character languages (English, Spanish, French, etc.). Double-byte character languages (Japanese, Russian, Korean, etc.), are unsupported.
This section describes how to manage your Windows infrastructure’s software patch needs using the SilverBack solution. Once required patches have been identified via a Vulnerability Scan, you can deploy them.
Patch Deployment, part of the SilverBack Remediation Pack , is a separately purchasable option that enables you to quickly and efficiently identify required software patches and deploy them to your Windows infrastructure at any time. This ease of patch roll-out saves you time, effort and ultimately, money.
|
|
The Patch Deployment feature currently operates only on Microsoft Windows computers running single-byte character languages (English, Spanish, French, etc.). Double-byte character languages (Japanese, Russian, Korean, etc.), are unsupported. |
The SilverBack solution includes intelligence which enables it to:
Obtain multiple patches in a single download per SilverStreak , then distribute them to multiple targets, which limits bandwidth usage
Verify the integrity of the required patches prior to download
Store the downloaded patches on the SilverStreak host responsible for monitoring the Windows devices, and then delete the patches once they have been successfully deployed
Alert when patch deployment fails
|
|
SilverBack expects to receive a Success status from the SilverStreak within one hour of starting patch deployment. If Success is not received within that time frame, the system generates an alert to notify you of the failure. |
SilverBack can track a history of deployed patches in a report that can be scheduled. This provides a documentable audit trail tor regulatory or customer requirements compliance.
From the Security category page click on the New Patch Deployment link to display the Add Patch Deploy form.
The Add Patch Deploy form consists of four (4) tabbed sub-forms:
Attributes - Defines the Patch Deployment’s parent Management Domain , name and optional description
Options - Defines the Patch Deployment’s alert generation status, alert severity, execution timeout value, and the execution and device reboot schedules
Targets - Defines the Patch Deployment’s target devices
Patches - Defines the patches that will comprise the Patch Deployment
|
|
Immediately deployed Patch Deployments cannot be canceled. |
In the Attributes tab form, select the target Windows devices' parent Management Domain from the drop-down.
Enter a name for the Patch Deployment into the Name field.
Optionally, you can enter a Description of the Patch Deployment.
Click on the Options tab to display the Options tab form.
To cause alerts to be generated if the Patch Deployment fails, click on the Generate Alerts checkbox.
If you want to change the Patch Deployment's alert Severity, select the appropriate level from the drop-down:
Critical
Major
Minor
Informational
If you want to change the Patch Deployment’s timeout value, type the value (in minutes) into the Execution Timeout (Min) field.
To deploy the patches now, ensure that the Install Patch Immediately radio button is selected.
To deploy the patches at a later date, select the Schedule radio button.
Then, select the desired month, day, year and time from the drop-downs.
To schedule reboots of the affected Windows devices, select one of the following radio buttons:
Reboot Immediately - Reboots the devices immediately following patch installation
Do Not Reboot - Does not reboot the devices
Reboot At - Enables you to select the desired reboot month, day, year and time from the drop-downs.
The default setting is Reboot Immediately.
Click on the Targets tab to display the Targets tab form, which consists of an expandable list of Management Domains and devices.
Expand the list, then select the devices to which you want to deploy patches.
|
|
You must select one or more devices before continuing. |
Click on the Patches tab to display the Patches tab form.
|
|
This form is unpopulated until a Patch Scan has been run, and then devices have been selected in Step 2 in the Targets tab. See Performing a Security Audit for more information about running Vulnerability Scans. |
Select the patches you wish to include in the Patch Deployment.
If you make a mistake and wish to start again, click on the Reset button.
Click on the Save button to save your work.
Or, click on the Cancel button to abandon the operation without making any changes.
A confirmation dialog message displays, asking you to confirm or cancel the operation.
|
|
Immediately deployed Patch Deployments cannot be canceled. |
Click on the OK button to deploy the patches.
Or, click on the Cancel button to dismiss the dialog message and return to the Add Patch Deploy form.
