About Deployments

The term deployment refers to the process of sending content items to managed endpoints.

Several key concepts and status indicators are associated with a deployment. These concepts are used to define deployment behavior.

The following topics include some of the key concepts and indicators that give definition to a deployment.

Topic

Description

Explaining Deployment Distribution Order

The order that the deployment is submitted to target endpoints.

Deployment Types

Deployments can be based on content, packages, or a Mandatory Baseline.

Standard and Chained Deployments

Deployments are processed as either standard or chained.

Explaining Deployment Distribution Order

When deploying more than one package to an individual endpoint or group of endpoints, the deployments can be scheduled to process at different times. Order is also influenced by deployment type, status, and reboot requirements.

Important: You must install an agent on an endpoint in order to deploy content to the endpoint. A deployment is assigned to the agent installed on an endpoint.

Deployments proceed in the following order prior to regularly scheduled system tasks and agent processes:

  1. Chained deployments
  2. Standard deployments
  3. System Task: Reboot
  4. Task – Reboot System
  5. Discover Applicable Updates (DAU)

Although no deployment occurs before its scheduled time, a chained deployment whose scheduled time has elapsed will always precede a standard deployment whose scheduled time has also elapsed.

If multiple chained deployments are scheduled and some endpoints have the final reboot suppressed, the determination of a reboot override is based on the last scheduled deployment.

Deployment Types

Deployments are based on the content-type being deployed and how the content is being deployed. Deployment types include System Tasks, Package Deployments, and Mandatory Baseline Deployments.

System Task: System tasks are Ivanti Endpoint Security deployments where no actual patch content is deployed. Rather, they are instructions for the Ivanti Endpoint Security Agent to execute to determine if an endpoint is in need of patch content, and then further instructions to complete deployment of patch content. There are two types of System tasks:

  • Discover Applicable Updates: this task, also called a DAU, is a Ivanti Endpoint Security Agent scan that determines whether endpoints have applicable patch content available on the Global Subscription Service installed. By default Ivanti Endpoint Security schedules a global DAU for all endpoints every twenty six hours following replication, but you can modify DAU schedules using Agent Policy Sets. Additionally, DAUs run five minutes after the Ivanti Endpoint Security Agent installs a patch, immediately following an endpoint reboot, or immediately when you use the Scan Now feature.
  • Reboot: this task is usually executed following installation of a patch. You can also manually schedule a reboot as well.

Package Deployment: These deployments are a user-scheduled deployment of patch content. They include all patch content you select when completing the Deployment Wizard. When the package deployment begins at the time you schedule, the Ivanti Endpoint Security Agent runs scripts on the endpoint you targeted for deployment. These scripts identify whether the patch content included in the deployment applies to the endpoint. If the patch content applies, the content is installed. For additional information, refer to About Packages.

Mandatory Baseline Deployment

Unlike package deployments, which are scheduled by the user, Mandatory Baseline deployments are deployments that Ivanti Endpoint Security automatically initiates. Here's how it works: You can form a group of endpoints, and then select the patch content that group members must have installed at all time͞͞s—a mandatory baseline. Every DAU will check to make sure that patch content included in the mandatory baseline is installed. If patch content from the mandatory baseline is missing, Ivanti Endpoint Security deploys the patch content to incompliant endpoint immediately. For additional information, refer to About Mandatory Baselines.

Standard and Chained Deployments

Deployments come in two varieties: standard deployments and chained deployments.

Standard Deployment: A standard deployment is a deployment that has not been chained with another deployment. While not all standard deployments require a reboot, if the included package does require one and the reboot is suppressed, the endpoint will not accept additional deployments until it is rebooted.

Chained Deployment: A chained deployment is a deployment grouped with other deployments so the endpoint will not reboot after each one. Following the first chained deployment, the endpoint will accept only chained deployments until rebooted.

Reboot and Chained State

The reboot and chained states are the result of an endpoint not performing the required reboot following a deployment.

State

Description

Reboot State

Indicates that the endpoint received a standard deployment requiring a reboot, but the reboot was suppressed. While in the reboot state, the agent only accepts deployments. A reboot deployment or a manual reboot clears this state.

Chained State

Indicates that the agent received a chained deployment in which the reboot was suppressed. While in the chained state, the agent only accepts another chained deployment or a reboot deployment.

The following deployments always perform a reboot.

Deployment

Description

Reboot System Package

A system task that is automatically added to the end of chained deployments where the final reboot is not suppressed. This is also sent to agents when you click the Reboot Now button on the Endpoints page.

Task - System Reboot

A task that permits the user to schedule a reboot using the scheduling features of the Schedule Deployment Wizard.

Standard packages reboot for one of the following reasons:

  • The deployed package required and forced the reboot (unless suppressed), during the installation.
  • The package installer determined that it required a reboot.
  • The reboot flag was sent to the agent. It is not necessary that the agent receive the Reboot System Package or Task. The agent performs the reboot on its own.