This section will walk you through the process of Patch installation configurations with more controlled options to Schedule, Approve, Reboot and Enable Maintenance on the devices. You can also have the entire Patch activity from Scan to Install, automated using the Out of the Box Automation feature called Process Definition, which reduces the human intervention completely to perform any Patch related tasks.

To know more about available automation utility for Patch related tasks, see Patch Automation. To know more about remediation and automation capability, see Remediation Automation.

Configure the Patch Management at Client Level

To deploy Patch Installation Configurations at Client level, follow the below steps:

  1. Login to OpsRamp Portal.
  2. Select a client from the All Clients list.
  3. Go to Patch Management > Patch Management 2.0.
  4. On the left side of this page, click the Menu bar icon and then Configuration.
  5. Click + ADD to create a new patch configuration.

The Configuration deployment involves the below 3 steps:

  • Resource Selection
  • Patch Selection
  • Schedule

Resource Selection

On this page, we will choose resources at client level based on the requirements.

  1. In the Configuration Name field, give the configuration a name.
  2. Choose resources from the list. There are two options for doing so.
    • Dynamic: Choose resources by adding an OpsQL query; if any resources match the query, they will be included in the configurations automatically. This will automate the process and reduce the need for user intervention whenever there are new devices onboarded and required to add new devices to the existing installation configurations.
      patch management
    • Select Resources id: This is a manual process for searching and selecting resources by defining Resource attributes in a simple search query. The selected resources list would not be updated with newly onboarded devices if the installation schedule is saved with this option. Users have to manually update the list for any onboarding or decommission of the devices on the platform.
      patch management
  3. To proceed to the patch selection page, click Next.

Patch Selection

  1. In the Patch Selection page, select the patches to be configured by using any of the options.

    • Approved Patches: Would show the list of Approved Patches
    • Dynamic Patches: You can have the Patches selected for the installation Dynamically using the filter criteria. With the next Missing Patch Scan job execution, if there are new patches found as per the filter criteria, those patches would be automatically included for installation under the respective configuration.
    • Select Patches: You can select the patched manually from the list or using the Filter criteria and then click Apply.
      patch management
  2. Once the patch selection process is finished, click Next to proceed to the schedule page.

    patch management

Schedule

After selecting the resource and patches, you must now define a schedule to run the scan at the desired time.

  1. On the Schedule section, you could specify when this patch activity should be performed:
    • Run On Demand: Select this option, If you want to apply the patch updates right away.
    • One Time: Select this option, If you want to apply the patch updates once a time.
    • Daily: Select this option, If you want to apply the patch updates on daily. You can configure this option by choosing: Every Weekday (Mon-Friday) or Everydays.
    • Weekly: Select this option, If you want to apply the patch updates on weekly wise. Configure weekly schedule by selecting: Time preference, Starting date, and Days.
    • Monthly: Select this option if you only want to apply patch updates on a monthly basis. Configure this by selecting: Time preference, Starting date, and number of days in a month.
    • Yearly: Select this option, If you want apply the patch updates on yearly once. Choose the option which are the months this should be happened.
    • Patch Tuesday: Select this option, If you want apply the patch updates only on Tuesday of every months.
  2. Resource Time Zone: You can select a specific time zone to patch all the resources in the patch configuration. When you select a time zone, it ignores the different local time zones of resources and instead uses the time zone specified in the patch configuration.
  1. Reboot After Install: Select the option Yes/No if you want to reboot the system after patch installation.
  2. Approval Type: Select type of approval of patches whether it will be Manual or Automatic. If you select Automatic type approval; all whitelisted security and critical patches are approved automatically on the selected devices.
  3. Maintenance Period: This setting creates a maintenance window for all of the selected devices, using the given schedule and duration. To know more about scheduling maintenance period on the resources for other related use cases, see Scheduling Maintenance Period.
  4. Choose the deployed and enabled Patch Automation Process Definition from the drop down list (if any).
  5. In the Notifications section, select the users want to be notified about the Patch Installation status. All the platform Users would be listed under “Notify Users”. If the Installation status notifications required to be send to any external email address without having an account on the platform, enter the external email address under “CC Users” and hit enter.
  6. Click Finish after you configured the scheduled page.
    patch management

Configure the Patch Management at Partner Level

To deploy Patch Installation Configurations at Partner Level, follow the below steps:

  1. Login to OpsRamp Portal.
  2. Select All Clients.
  3. Go to Patch Management > Patch Management 2.0.
  4. On the left side of this page, click the Menu bar icon and then Configuration.
  5. Click + ADD to create a new patch configuration.

The Configuration deployment involves the below 3 steps:

  • Resource Selection
  • Patch Selection
  • Schedule

Resource Selection

On this page, we will choose resources at Partner level based on the requirements.

  1. To select a client, choose from All Clients or Select Clients.
  2. In the Configuration Name field, give the configuration a name.
  3. Find the resources from the list using the + QUERY button.
    Choose resources by adding an OpsQL query; if any resources match the query, they will be included in the configurations automatically. This will automate the process and reduce the need for user intervention whenever there are new devices onboarded and required to add new devices to the existing installation configurations.
    patch management
  4. To proceed to the patch selection page, click Next.

The following table summarizes the difference between Client Level and Partner Level functionality.

FunctionalityClient LevelPartner Level
Resource Selection
Client Selection
Dynamic Resources

Static Resources

Patch Selection
Approved Patches
Dynamic Patches

Select Patches

Schedule
Schedule Type
Reboot after Install

Approval Type

Maintenance Period

Assign Process

Notifications

View the Patch Configuration Page

View the list of configured jobs under Patch Management 2.0 > Configuration.

patch management

The following table describes the various attributes and actions displayed on the Patch Scan Schedule page:

AttributesDescription
NameName of the patch configuration.
ScheduleThe start date, time, and the selected scheduled configurations.
ResourcesThe number of resources chosen when scheduling a scan job.
Search buttonUse the search field to find jobs.
EditUse the edit option to change the current job setup.
Run NowThis option allows you to run the job.
RemoveUse this option to remove tasks from the list if they are not relevant.

To see the configuration of the created schedule scan such as: Properties, Resources, Patches, logs, and Installation Status, click on the configured jobs listed here.

patch management

Resources Installation Progress:

patch management

WidgetDescription
PropertiesCreated ByUser who created this patch configuration
Updated ByUser who updated this patch configuration at last
Created TimeTime when this Configuration was created
Last Updated TimeTime when this Configuration was Last Updated
Operating SystemOperating system of the selected Resources
Reboot After InstallDevice Reboot options selected after the Patch installation
Approval TypeType of Approval defined for the Patch Installation
Maintenance PeriodThe Scheduled Maintenance period defined to ignore the Monitoring alerts generated during Patch Installation
UUIDThe unique ID generated for each the Patch Configuration. These UUIDs can be used with OpsQL for any required use cases
ResourcesSelected Resources for the Patch Installation Configuration
PatchesSelected Patches for the Installation on the selected Devices
LogsActivity Logs of the Patch Configurations
Installation StatusSee live status of a resource patch installation, including whether it has started, completed, failed, etc.