When you deploy a patch using the web console, you can specify multiple Deployment Settings like when to install, whether the user can skip deployments, reboot policies, etc. These deployment settings can be created as Policies, which can then be used while defining the configurations/tasks. Any policy can be marked as a default policy, so that it will be applied by default for all subsequent configurations/tasks that are created.
Policies can be created from the Deployment page.
Install during 90 minutes refresh interval: Select this option if the patches have to be installed after the refresh cycle(90 minutes) within the deployment window (refer step.6) .
Either of the above, whichever is earlier : Select this option if you wanted the deployment to happen either during the system startup or refresh cycle whichever is earlier within the deployment window (refer step.6).
Specify the schedule for the deployment to happen, it can be done on any day of the week or on specific days. If you wanted the deployment to happen only on weekends, you can select only Saturdays and Sundays.
Specify the Deployment Window. Deployment window is the time interval, when you wanted the deployment to happen on the client computer. You can specify a time interval between 3 hours to 24 hours. It is recommended to provide a minimum of 3 hours, so that the agent will be able to communicate with the Central Server at least once during this deployment window to receive inputs from the Central Server to initiate the deployment.
You can specify the Start and End time within which the deployment should begin. The Start Time can also be greater than the End time - in such cases the End time is assumed to be on the following day. For example, if you wish the deployment should happen between 10.00 PM and 4.00 AM, you can specify the Start Time as 22:00:00 and End Time as 04:00:00
If the deployment has not been completed within the specified deployment window, then the deployment will be continued only during the subsequent deployment window. For example, if you have deployed a configuration for installing 5 patches and deployment window expires while installing the third patch, then the remaining patches will be installed only during the subsequent deployment window.
If you wanted the configuration to be deployed to the computers, which are turned off, then you can enable the check box to "Turn On Computers before deployment". Enabling this option, will allow the administrators to deploy the configuration to the target computers, which are within the network but turned off. If the target computers are available in the Corporate LAN/WAN network, then those computers will be turned on using the Wake On LAN feature and the configuration will be deployed. This feature will not work for computers which are not available in the corporate LAN/WAN. This Wake On LAN feature, will be applied to computers based on their local time zone, for example: If the deployment time specified in the Central Server is 20:00 hours, then the deployment will happen to computers, whenever the local time on the computer becomes 20:00 hours. You should also ensure that at least one of the computers with an agent should be live within the same subnet to wake computers. This feature will work only IP redirectred broadcast is enabled on the router.
"Download Binaries during Subsequent Refresh Cycle". Enabling this option, will download the binaries to the client computers prior to the deployment window. The binaries will be downloaded during the subsequent refresh cycle, system startup or deployment window whichever is earlier and the deployment will be initiated only during the specified deployment window. Else, the binaries will be downloaded only during the deployment window and the deployment will be initiated after the download is completed.
Enter the title of the message
Enter the message that needs to be displayed on the client computer before initiating the deployment
Notification message will be displayed on the client computer based on the time limit specified here.
Enabling Deployment Progress checkbox will display the deployment progress on the client computers.
Specify whether the user can skip the deployment, to a later time by selecting the Allow Users to Skip Deployment. When you do not select this option, the deployment will be forced and the user will not have any control on the deployment.
If the deployment progress has to be shown on the client computers, enable Show deployment progress in the client computers option.
Specify the number of days after which the deployment needs to be forced on the computer. By choosing this option, users will be allowed to skip deployment only for the number of days specified above, after which the deployment will be forced on the client computer.
Specify the time limit for the deployment to be initiated if the system is idle. For example, you have specified the idle time limit as 30 minutes and a configuration is scheduled to be deployed on a computer at 10:00:00 hr as per the deployment window. If this particular computer has been idle since 9:30:00 hr, then the deployment will be initiated by 10:00:00 hr. without prompt the user, or displaying any notification message.
Under Reboot Policy, select the action that needs to be performed as Reboot or Shutdown after deployment is completed.
If you have chosen for a reboot/shutdown and you do not want to disturb your servers, then you can choose the option to exclude servers from reboot/shutdown
Specify if you wanted to allow users to postpone reboot.
Enter the Reboot Message Title that needs to be displayed on the client computer.
Enter the message that needs to be displayed before the computer is rebooted.
Specify the time limit for the notification message to be displayed on the client computer. If you have chosen this option and the user is has not responded, then the computer will be rebooted.
You can set the maximum number of days allowed for the users to postpone reboot, after which reboot will be forced on the client computer.
You can also enable a check box, which allows you to skip computers, which does not require a reboot.
Click Save to save the changes.
You have successfully created a deployment policy. This policy can be applied to any configuration.
|
The following features are currently supported only for computers running Windows operating system
|
All the Policies that are created can be used to create any configuration/task.
Follow the steps mentioned below to modify a policy:
Navigate to Deployment> Deployment policies
Under Actions against the specific Policy, click modify icon, read and accept the confirmation message
Make necessary changes to the Policy and Click Save to store the changes.
You have successfully modified the Policy. Assume the policy that you have modified is used in few configurations, then the changes made to the policy will automatically get applied to all the configurations/tasks to which this policy was applied.
For example, you have created a policy named Sample and applied to configuration A and automatic patch deployment task B. Configuration A has been deployed to 10 computers, where the configuration is deployed successfully to 6 computers and the remaining 4 computers' deployment status is "yet to deploy". If the policy "Sample" is modified now, then the changes will get applied to the remaining 4 computers whenever they are deployed. Similarly changes made to the policy "sample" will get applied automatically to patch deployment task B from the subsequent schedule.
You can further fine-tune the deployment process to align with your specific needs by configuring the deployment settings. By customizing this setting, you can ensure that only authorized users with the necessary roles can modify the deployment policies. The deployment policies are associated with various configurations and tasks related to the deployment process and modifying these policies should be limited only to authorized users with the necessary roles and permissions. Users with the appropriate roles such as Administrators, Policy owners and Patch Management Write access are granted the privilege to modify deployment policies. The ability for only authorized users to modify the deployment policies helps in maintaining the consistency of the endpoint's deployment process.
Deleting a policy will not affect the configurations to which it was applied.
Follow the steps mentioned below to delete a policy:
Navigate to Deployment> Deployment policies
Under Actions against the specific Policy, click delete icon, read and accept the confirmation message.
You have successfully deleted the policy. If this policy is applied to any configurations/tasks, you can still see the policy being listed with the remarks saying "deleted". This will be automatically removed when the configurations/tasks to which it is used is deleted. However this policy cannot be modified or applied to any other configuration/task. You can view the details of the policy by selecting the policy under Deployment Policies and choosing Policy details. You can also view the configurations to which the policy is applied by selecting the policy under Deployment Policies and choosing Configurations/Tasks.