During a patch deployment, you can specify multiple Deployment Settings like when to install, whether the user can skip deployments, reboot policies, etc. These deployment settings can be created as Policies, which can then be used while defining the configurations/tasks. Any policy can be marked as a default policy, so that it will be applied by default for all subsequent configurations/tasks that are created. There are several ways to create deployment policies:
From build version 10.1.2121.1, the deployment policy workflow has been enhanced to include pre and post deployment settings like options to add custom scripts and a lot more. To know more about this, refer to this document.
Policies can be created from the Deployment Policies page. You can reach the Deployment Policies page from:
Follow the steps below to create a Policy manually:
Install during 90 minutes refresh interval: Select this option if the patches have to be installed after the refresh cycle(90 minutes) within the deployment window (refer step.6) .
Either of the above, whichever is earlier : Select this option if you wanted the deployment to happen either during the system startup or refresh cycle whichever is earlier within the deployment window (refer step.6).
Specify the schedule for the deployment to happen, it can be done on any day of the week or on specific days. If you wanted the deployment to happen only on weekends, you can select only Saturdays and Sundays.
If you wish to schedule the deployment based on Patch Tuesday of that month, you can pick 'Based on patch Tuesday' as your preferred week split. Doing so, you will get the options in 'Preferred week(s) of deployment', based on Patch Tuesday. You can either choose the Patch Tuesday week or any consecutive week after Patch Tuesday as per your requirement.
Specify the Deployment Window. Deployment window is the time interval, when you wanted the deployment to happen on the client computer. You can specify a time interval between 3 hours to 24 hours. It is recommended to provide a minimum of 3 hours, so that the agent will be able to communicate with the Patch Manager Plus server at least once during this deployment window to receive inputs from the Patch Manager Plus server to initiate the deployment.
You can specify the Start and End time within which the deployment should begin. The Start Time can also be greater than the End time - in such cases the End time is assumed to be on the following day. For example, if you wish the deployment should happen between 10.00 PM and 4.00 AM, you can specify the Start Time as 22:00:00 and End Time as 04:00:00
If the deployment has not been completed within the specified deployment window, then the deployment will be continued only during the subsequent deployment window. For example, if you have deployed a configuration for installing 5 patches and deployment window expires while installing the third patch, then the remaining patches will be installed only during the subsequent deployment window.
"Download Binaries during Subsequent Refresh Cycle" By enabling this option agent will not wait for the deployment window for download to happen. Patch binaries will be downloaded to the client computers prior to the deployment window, during the subsequent refresh cycle or system startup whichever is earlier. The deployment will be initiated during the specified deployment window.
For example: If the deployment window is set to begin at 20:00 hours, enabling this option will initiate the deployment exactly at 20:00 hours, because the patch binaries has been downloaded already. If this option is not enabled the binaries will be downloaded only during the deployment window and the deployment will be initiated after the download is completed.
Enter the "Title of the Message" that needs to be displayed on the client computer before initiating the Deployment
Enter the message that needs to be displayed on the client computer before initiating the deployment
Notification message will be displayed on the client computer based on the time limit specified here.
Notifications can be configured for Windows and Linux endpoints
Enabling "Deployment Progress" checkbox will display the deployment progress on the client computers.
Specify whether the user can skip the deployment, to a later time by selecting the "Allow Users to Skip Deployment". When you do not select this option, the deployment will be forced and the user will not have any control on the deployment.
If the deployment progress has to be shown on the client computers, enable "Show deployment progress in the client computers" option.
If you wanted to allow Users to Skip Deployment, specify it here. If you have chosen this option and the user has not responded, then the message will be displayed for the specified time limit and then the deployment will be initiated.
Specify the number of days after which the deployment needs to be forced on the computer. By choosing this option, users will be allowed to skip deployment only for the number of days specified above, after which the deployment will be forced on the client computer.
Specify the time limit for the deployment to be initiated if the system is idle. For example, you have specified the idle time limit as 30 minutes and a configuration is scheduled to be deployed on a computer at 10:00:00 hr as per the deployment window. If this particular computer has been idle since 9:30:00 hr, then the deployment will be initiated by 10:00:00 hr. without prompt the user, or displaying any notification message.
Under Reboot Policy, select the action that needs to be performed as Reboot or Shutdown after deployment is completed.
If you have chosen for a reboot/shutdown and you do not want to disturb your servers, then you can choose this option to exclude servers from reboot/shutdown.
Specify if you wanted to allow users to postpone reboot.
Enter the Reboot Message Title that needs to be displayed on the client computer.
Enter the message that needs to be displayed before the computer is rebooted.
Specify the time limit for the notification message to be displayed on the client computer. If you have chosen this option and the user is has not responded, then the computer will be rebooted.
Reboot notifications are available for Windows and Linux machines
You can set the maximum number of days allowed for the users to postpone reboot, after which reboot will be forced on the client computer.
You can also enable a check box, which allows you to skip computers, which does not require a reboot.
Click Save to save the changes.
You have successfully created a deployment policy. This policy can be applied to any configuration.
The following features are currently supported only for computers running operating systems mentioned next to them
All the Policies that are created can be used to create any configuration/task.
Follow the steps mentioned below to modify a policy:
Click Patch Management tab
Choose Deployment Policies
Under Actions against the specific Policy, click modify icon, read and accept the confirmation message
Make necessary changes to the Policy and Click Save to store the changes.
You have successfully modified the Policy. Assume the policy that you have modified is used in few configurations, then the changes made to the policy will automatically get applied to all the configurations/tasks to which this policy was applied.
For example, you have created a policy named Sample and applied to configuration A and automatic patch deployment task B. Configuration A has been deployed to 10 computers, where the configuration is deployed successfully to 6 computers and the remaining 4 computers' deployment status is "yet to deploy". If the policy "Sample" is modified now, then the changes will get applied to the remaining 4 computers whenever they are deployed. Similarly changes made to the policy "sample" will get applied automatically to patch deployment task B from the subsequent schedule.
Deleting a policy will not affect the configurations to which it was applied.
Follow the steps mentioned below to delete a policy:
Click Patch Management tab
Choose Deployment policies
Under Actions against the specific Policy, click delete icon, read and accept the confirmation message.
You have successfully deleted the policy. If this policy is applied to any configurations/tasks, you can still see the policy being listed with the remarks saying "deleted". This will be automatically removed when the configurations/tasks to which it is used is deleted. However this policy cannot be modified or applied to any other configuration/task. You can view the details of the policy by selecting the policy under Deployment Policies and choosing Policy details. You can also view the configurations to which the policy is applied by selecting the policy under Deployment Policies and choosing Configurations/Tasks.