Automated Patch Deployment is a feature in Desktop Central that enables you to deploy patches that are missing in the computers in your network automatically. You can automate the following tasks using the Automated Patch Deployment feature:
All the levels of patch-deployment automation mentioned above can be specified for a specific set of client systems. You can choose to have different levels of automation for different sets of client systems. The process of deploying patches automatically depends on the level of automation you choose.
The automation process includes the following steps:
The patch-scanning process takes two hours, from the time it begins, till the time it is complete. During this two-hour period, the deployment status will remain Not Started. The period of two hours includes the time period of 90 minutes, which is when the agent checks the server for information, and an additional buffer of 30 minutes for scanning.
Out of the above, patch scanning process takes an estimated (fixed) time of two hours from the time of commencement. During this two-hour period, you will see the deployment status as "Not Started". The two hours accounts for the agent contact interval of 90 minutes plus an additional scanning buffer of 30 minutes.
Now, what happens when "Patch Approval" has been enabled? When you enable Patch Approval, only the patches that are "approved" will be downloaded and deployed. All the unapproved patches will not be downloaded or deployed via Automated Patch Deployment task, even though they are shown as Missing.
Examples
The examples given below help you understand the sequence of steps followed to deploy patches automatically and how to handle a new scheduled task when the previous task is still in progress.
Example 1: Deploying missing patches to specific systems
This example helps you understand the sequence of steps followed to deploy patches, when you have completely automated patch deployment.
Scenario
You have made the following settings:
- Enabled the Automatically Download and Deploy the Missing Patches option for 50 systems
- Scheduled this option to run at 12:00 hours every Monday
Steps
The sequence of the processes, based on the scenario mentioned above, will take place as follows. The Desktop Central server will:
- Start scanning all the 50 systems at 12:00 hours.
Note: This process will take two hours, hence the next process will begin only at 14:00 hours irrespective of the scan status.
- Get information about the missing patches from the local patch store at 14:00 hours
- Download the patches that are not available in the local patch store.
- Create a patch task and deploy it to the systems that do not have the missing patches once the patch download is completed.
Note: If Patch Approval is enabled, only the patches that have been approved will be downloaded or deployed via Automated Patch Deployment task.
The patch configurations will only be deployed to systems that require them and not to all the 50 systems. However, the patch status will be updated for all the 50 systems.
Example 2: Handling a new scheduled task when the previous task is still in progress
Typically, when a task is in progress and the next scheduled task is ready to be executed, the first task will be suspended and the new task will be created. The following example helps you understand this better.
Scenario
You have made the following settings:
- Enabled the Automatically Download and Deploy the Missing Patches option for 50 systems
- Scheduled this option to run at 12:00 hours every Monday
In the first week, on Monday, ten patches are deployed to 50 computers. As per the settings you made:
- Scanning will commence at 12:00 hours
- Deployment of the configuration, to all 50 systems, will begin at 14:00 hours
Assume that five systems are switched off on that day. The patch-deployment status will have In Progress status because the patch deployment process is not complete in all 50 systems. In the 2nd week, on Monday, if the five systems are still switched off, the following changes will take place:
- The status of the previous task will be changed to Suspended
- A new task will be created to deploy all the missing patches. The status of the task will be changed to Executed only when patch deployment is complete in all the 50 systems.