Patch Download and Installation
Download
Management Point: Catalogs, deployment scripts and mass data of the patches are downloaded from the DSM PatchLink Server and/or directly from the producer's websites. The download URLs use the following protocols: HTTP, HTTPS, FTP. Make sure that the firewall accepts these protocols. To configure firewall exceptions one can find the list of download servers for DSM PatchLink in the KB article 19507.
Linux: The same applies to the download of Linux patches except that the mass data of the patches are downloaded directly to the Linux clients from the provider's websites. For this reason, Linux clients must be connected to the respective provider's network (Red Hat, SUSE). Alternatively, you can also download the mass data from a local Red Hat Satellite or SUSE Manager if either is connected to the provider's network.
Installation
Windows
The patch installation runs in a loop: Scan for security vulnerabilities on the client (via PatchLink Execution Package - Scan), feedback to the Management Point, download of deployment scripts and mass data from the provider and packaging (see Rollout Rules), patch installation (via PatchLink Execution Package - Install) and reboot, if required.
Each step includes installing only one patch type in the following order:
•Microsoft OS Service Packs
•Microsoft OS Patches
•Microsoft applications
•3rd party service packs
•3rd party applications
The installation can be customized by using different patch templates.
Linux
The patch installation runs in a loop: Scan for security vulnerabilities on the client (via PatchLink Execution Package - Scan), feedback to the Management Point, download of deployment scripts from the provider and packaging without mass data (see Rollout Rules), patch installation on the client with download of mass data directly from the provider.
Each patch is installed as an individual package, independent of the installation order and the priority. The system does not use an execution package for the installation. If the mass data has not been downloaded completely while a patch is being installed, the Installer waits until the download is finished.
The installation can be customized by using different patch templates.
Reboot Behavior (Windows computers only)
The system is rebooted before installing the service packs. You can change this behavior with the property Patch package controls reboot for the individual patch package.
With some service packs a reboot is mandatory before they can be installed. Make sure to test the changes to the property. The system is rebooted after installing the Microsoft OS service packs. The other reboot requests of patches are registered and there will be one reboot for all.
System Requirements of the Management Point Server
The DSM Patch Management (Classic and DSM PatchLink) is installed on the Central Management Point and is integrated completely in DSM NetInstall. If necessary, you can also use another Management Point on ORG level. Therefore, you can execute Patch Management completely from within the DSM Console (DSMC).
For the integration into the Management Point, the Management Point Server has to meet the same hardware and software requirements as in DSM NetInstall.
Specific requirements for the Management Point Server apply to the following areas of DSM Patch Management:
•Operating System
•Hardware
•Software
•Network
•Configuration
Operating System
DSM Patch Management has the same requirements as DSM NetInstall.
Hardware
Management Point with Patch Management Service: We recommend that you provide at least 500 MB of RAM for Patch Management.
DSM PatchLink downloads the mass data of the patches to the following directory: C:\ProgramFiles (x86)\HEAT Software\LPR\content. Depending on the number of different operating systems, this directory needs 500 MB to 1 GB of available free storage.
DSM PatchLink gets the mass data from http(s)://heat.cdn.heatsoftware.com/dsm/. The URLs to download the mass data for 3rd-Party products can be found in the Knowledge base article KB 26244 (HEAT PatchLink DeskTop Connection Guide) in the 3rd-Party Content section.
Managed Computers
DSM PatchLink copies the PM Client files and the individual patch catalog to this directory: C:\Program Files (x86)\HEAT Software\LPR\client. Here, 200 MB of free storage is enough.
Software
DSM Patch Management requires the following DSM environment: DSM NetInstall
Network
The Management Point Server must have:
•Internet access
•Alternatively for DSM Classic Patch Management: Access to a local WSUS server or a local update catalog
Configuration
For optimum use of DSM Patch Management, we recommend customizing virus scanners. Please refer to the Knowledge base article KB 18503 in the HEAT DSM - Virus Scanner Configuration whitepaper.
System Requirements of the Client Computer
DSM Patch Management (Classic and DSM PatchLink) creates patch packages for Microsoft's product updates and security patches. DSM PatchLink additionally supports the patch installation of numerous non-Microsoft and 3rd Party products as well as Linux systems. The following requirements have to be met so that these patch packages can be installed on the computers.
For client computers there are the following specific requirements:
•Operating system
•Software
Operating System
Windows: Patch packages can be installed on all client and server operating systems that are supported by DSM.
Linux: Patch packages can be installed on Linux computers with one of the following operating systems:
•Red Hat Enterprise 7
•SUSE Linux Enterprise 12
•CentOS
•Ubuntu
For this, Linux computers must have direct connection to the Linux network or, as an alternative, to a local Red Hat Satellite or SUSE Manager.
Software
To be able to install all available patches on a Windows computer, the following software has to be installed as a minimum: Windows Installer 3.1