Since the first virus arrived on the IT scene, patching software has been a costly and time-consuming IT focus. In fact, “Patch Tuesdays” have come to symbolize the drain software patches place on organizations of every description. Attend this session to find out how Novell ZENworks Patch Management—working hand-in-hand with Novell ZENworks Configuration Management—can make Patch Tuesdays a thing of the past. You'll learn about the benefits of integrated patch and configuration management. You'll also receive tips, tricks and inside information to successfully deploy and troubleshoot Novell ZENworks 10 Patch Management and realize its true potential.

1. Novell ZENworks Patch
® ®
Management
Best Practices
Allen McCurdy Scott Guscar
Technology Specialist Technology Sales Specialist
Novell, Inc/amccurdy@novell.com Novell, Inc/sguscar@novell.com

2. Agenda
Configuring Patch Management Services
Patch Deployment
Patch Baseline
Reporting
Demo
2 © Novell, Inc. All rights reserved.

3. Configure Patch Management Services

4. Important Initial Configuration Issues:
• Patch Management OFF by default
– Select your ZENworks Configuration Manager server
®
– Start the service!
• Ensure the server has
– 4GB RAM w/ 40GB Free Disk
– 2Ghz Dual Core Processor, or better…
• Choose your Replication Time
– Midnight by default
• Select Language(s) for Patch Subscription
– US English by default
4 © Novell, Inc. All rights reserved.

5. Steps Needed to get Patch Services
Operational
1.Activate Product
2.Configure Subscription Download
3.Configure Http Proxy
4.Configure Mandatory Baseline Settings
5.Configure Subscription Service Information
5 © Novell, Inc. All rights reserved.

6. Activate Product
6 © Novell, Inc. All rights reserved.

7. Patch Serial Number
• NO SERIAL NUMBER REQUIRED
– For first 60 days of Novell ZENworks Configuration
® ®
Management evaluation !!!
• When required …enter a valid Novell s/n ®
– Only enforces expiration
– Requires SSL outbound (443)
– Node count displayed for information only!
• Does it work with ZENworks Patch Management serial
®
number? - Yes
Tip: When you buy ZENworks Configuration Management,
the trial period ends!
7 © Novell, Inc. All rights reserved.

8. Configure Subscription Download
Other languages supported: Italian, Simplified Chinese, Finnish, Russian,
German,Hong Kong Chinese and Czech
8 © Novell, Inc. All rights reserved.

9. Configure Http Proxy
**If your proxy cache's content, patch services may not
work properly
9 © Novell, Inc. All rights reserved.

10. Configure Mandatory Baseline
Settings
New in version 10.3
10 © Novell, Inc. All rights reserved.

11. Configure Subscription Service
Information
Tip:
Please note that if the “Reset Patch Management Settings” button is
selected all patch content will be lost.
11 © Novell, Inc. All rights reserved.

12. “ZENworks Patch Management” ®
Sub-folder
• Auto-created by Novell ZENworks Patch Management
® ®
– Content is refreshed daily from http://novell.patchlink.com
• Three types of Bundle
– Remediation Bundle (Single Bundle, no reboot)
– Discover Applicable Updates (Single Bundle)
– ZENworks Patch Management Assignment
(Directive Bundle = collection of bundles)
> Name includes date and time of assignment
> Reboot handling options
• Useful for Tech Support
– What was assigned where and when…
Tip: Dont' mess with ZENworks Patch Management System folder!
12 © Novell, Inc. All rights reserved.

13. Subscription Replication
• Definitely NOT a spectator sport!
– Files download to /zenworks/zpm/dist
– Download takes 20 mins or more
– Bundling can take 30 - 40 mins (high CPU)
– DAU creation takes 5 mins
– Assignment Updates 1+mins
• Let it run overnight
– Or prepare ahead of time!
13 © Novell, Inc. All rights reserved.

14. Replication Status
14 © Novell, Inc. All rights reserved.

15. Patch Deployment

16. Discovering Vulnerabilities
• Single File Bundle
• One DAU task per:
– Platform
– Architecture
– Language
– Service Pack
Runs: ANALYZE.EXE
16 © Novell, Inc. All rights reserved.

17. Patch Status
Patch is Cached
Patch needs to be Cached (downloaded)
Patch is in download process
Patch is Disabled
Patch is apart of a Baseline
Patch could not be Cached (error)
17 © Novell, Inc. All rights reserved.

18. Deploying Patches
1.Select Patch / Patches to be deployed
2.Accept any license agreements
3.Specify when the patch is to be deployed (Run Now,
Scheduled or Event)
4.Adjust or accept the deployment order (multiple
patches)
5.Select reboot options
6.Deployment Summary (accept or adjust)
18 © Novell, Inc. All rights reserved.

19. ZENworks Patch Management ®
Assignment Bundle
• Directive Bundle = “Bundle of Bundles”
• Ordered list of Remediation Bundles
– Ordered as the administrator wanted to install them
+ Reboot Action
– User prompt message
– User can cancel
+ Re-Scan Action
– Runs a DAU at the end of patch install
Runs: REMEDIATE.EXE
19 © Novell, Inc. All rights reserved.

20. Mandatory Baselines

21. Mandatory Baselines
Mandatory baseline is a user-defined compliance
level for a group of devices.
• Can be applied to Groups or Dynamic Groups
• Every few hours, depending on the results of the DAU task, the
ZENworks Server determines the devices that are applicable and
®
out of compliance (based upon the patches added to the
baseline).
• Necessary bundles, as defined in the baseline, are then deployed
as soon as possible for each device.
• After patches have been deployed, it might be necessary to reboot
those devices for them to be detected as patched.
21 © Novell, Inc. All rights reserved.

22. Creating or Modifying Baselines
• From a group object, select the patches tab
• Select patches needed for the baseline
• Click on action / assign to baseline
22 © Novell, Inc. All rights reserved.

23. Reporting

24. Reporting
• Requires ZENworks Reporting Services
®
• Customizable
• Canned Reports
24 © Novell, Inc. All rights reserved.

25. Reporting Universe
• Novell ZENworks Patch Management tables integrated
® ®
into Universe
• Patch Management Service reports
– Vulnerability Summary
– Vulnerability Detail
– Baseline Compliance
25 © Novell, Inc. All rights reserved.

26. Demo Time

28. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.