Central patch management

Provide visibility and control over patch installation, status, and history.

About this task

The central manager provides the interface to install patches on all managed units in your environment and also view the patch installation status and history for each unit. After your central manager is upgraded, you can use its interface to also view the detailed patch status log for each managed unit even if the units are running on an older version.

When you install a patch, a date and time request can be specified to indicate when the patch is installed. If no date and time is entered or if now is entered, the installation request time is immediate.

Note: A patch that is installed successfully can be installed again. This fact is important for batched patches. A warning informs you if the patch is already installed.

Log in to the Guardium® GUI of the unit to be managed as the admin user:

Procedure

  1. Click Manage > Central Management > Central Management.
  2. Select the units that need the patch, and click Patch Distribution
  3. From the Patch Distribution screen select the patch you want to distribute and click Install Patch Now or Schedule Patch.
  4. To see the summary of the installation status, click Manage > Central Management > Central Management and then select the units and click Patch Installation Status. The summary lists all the patches for each managed unit in the order that the installation was requested. The Patch Installation Status screen also displays, for each unit, failed installations and discrepancies. For example, having one patch installed on part of the units only, regardless if it failed on other units or was not installed. To remove patches from the Patch Distribution screen, click the delete icon (red x) next to the patch. This does not delete the patch from the patch distribution directory on the appliance, but will remove it from the display.
    Attention: Removing a patch from the patch distribution display also removes that patch from dependency-checking and can prevent the installation of newer patches.
  5. To see detailed information about the patch installation, click on a managed unit that is listed under the Unit name column. This action opens the Patch Status Details window, where you can view the last five lines of the patch status log for the managed unit. The patch status log reflects the last patch that was installed. If a patch installation is in progress, the latest patch log is displayed. If you'd like to see more details from the log, click Fetch More.
  6. When you click on a different managed unit, the log in the Patch Status Details window is appended. You also have the ability to Clear or Close the log, as needed.
    Important: To view the patch status details, the root passkey must be installed on the managed unit. If the root passkey is not installed, you will receive an error message. For more information, see Resetting the root password.