Vulnerability Manager Plus allows you to automate patch deployment process, from identifying the missing patches, to deploying them to the required computers. There might be cases where you would like to test a critical patch in few computers before rolling it out to the entire network. Vulnerability Manager Plus allows you to create test groups to test those patches before approving them.
Patch approval process can be performed from, Vulnerability Manager Plus web console -> Deployment -> Test and Approve -> You can choose one of the below mentioned mode:
All the patches will be approved automatically, which means all the approved patches will be deployed using Automated Patch Deployment. If you want to ignore deploying a specific patch, then you will have to decline the patch manually.
This feature allows you to create test groups to test the patches before approving them. You will have to create test groups for each platform separately. It is recommended to create a test group, which contains all the major versions of the OSs, so that the testing could be effective. Once the patches are successfully deployed to the test groups, then you can choose to approve them either manually or automate the approval process. If the patch deployment has failed, then the patches will not be approved. When a patch is not approved, those patches will not be deployed using Automated Patch Deployment tasks. You can either deploy them manually or approve it, for the deployment to happen.
After testing the patches, you can choose to approve the tested patches manually. You can click the test group to view the details on the patches which are successfully tested and are waiting for approval, those patches will be marked as "Not Approved". You will have to choose them manually and approve it, if the deployment need to be automated. If they are not approved, then you will have to deploy them manually.
Once the patches are successfully deployed to the test group, you can configure a time interval for the patches to be approved. This will allow you to identify the stability of the patches once they are deployed. Assume a patch is tested successfully and it has no adverse effects for 7 days after deployment, then you can choose to approve those patches. When those patches are approved, they become available for Automated Patch Task and are deployed to the complete network. This time delay for approval is completely optional and provides you an extra buffer time before approving the patches.
If you change the approval settings from automatic approval to test and approve, you will have to create a test group for testing the patches and the testing process remains the same as explained above. Once the patches are tested, you can choose to approve the patches either manually or automatically.
Also, when the Patch Approval settings is changed from "Automatic" to "Test and Approve" mode, users will be provided with the following options:
You can choose to retain the existing Approval status of the patches, which means the patches that are marked as "Approved" will be retained as Approved. Patches that were marked as "Declined" will be retained as "Declined". All the patches that are discovered henceforth will be marked as "Not Approved".
By choosing this option, all the patches other than "Declined Patches" will be marked as "Not Approved". All the patches that are discovered henceforth will be marked as "Not Approved", you can choose to decline the patches manually.
All the test groups that you have created will be removed. All the patches except the ones that are declined will be approved by default.Patches that are discovered henceforth will be marked as "Approved" automatically.