Configuring the Remote Consoles in a Disconnected Configuration

Here are the major steps you must perform when configuring each remote console in a disconnected console configuration.

For information on how to activate a console in a disconnected environment, see Activating Security Controls.

I. (Optional) Configure the Data Rollup Service

While this is optional, the recommendation is to use the data rollup feature so that you can track what is happening on each of your remote consoles from one central site. To implement data rollup, you must configure each remote console so that it rolls up its results to the central console.

  1. Select Tools > Options > Data Rollup.
  2. Enable the Enable Data Rollup check box.
  3. Specify the IP address/hostname and port number used by the rollup console.
  4. In the Minutes between sending console's results box, specify how often the data will be rolled up from the remote console to the central console.
    The default value is every 240 minutes (four hours).
  5. Click Register.

II. Set Up a Distribution Server

You must set up a distribution server that each remote console can access. The remote consoles will download all necessary files (such as patch files, engine components and data definition files) from the distribution server. The distribution server should be the same distribution server you set up on the central console.

See Configuring Distribution Servers for detailed information.

III. Create a Machine Group of the Machines at This Site

  1. From the main menu select New > Machine Group and name the group All Machines (or something similar).
  2. Add all the machines that are managed by the remote console.

IV. Specify Where to Download Files

Configure the remote console so that prior to a scan it will automatically download the latest files from the distribution server.

  1. Select Tools > Options > Downloads.
  2. In the Definition download source area, specify the appropriate distribution server to use when downloading the latest engine components and data files.
  3. In the Patch and product level download source area, specify the appropriate distribution server to use when downloading the patches and product levels.

V. Create a Patch Scan Template

  1. From the main menu select New > Windows Patch > Patch Scan Template.
  2. Configure the patch scan template as desired.

See Creating a New Patch Scan Template for details.

If you want to scan for a particular set of patches in an unattended console configuration, see Implementing an Unattended Console Configuration for more information.

VI. Create a New Favorite and Schedule a Periodic Scan

Create a favorite containing the machine group and the scan template you created earlier and then use the favorite to schedule a scan.

  1. From the main menu select New > Favorite.
  2. In the Select at least 1 group list, select the new machine group you created earlier.
  3. In the Template box, select the patch scan template you created earlier.
  4. Click Run operation.
  5. On the Run Operation dialog, schedule the recurring patch scan.

When you schedule the patch scan make sure you:

  • Select the patch scan template you created in Step V
  • Enable theAuto-deploy patches after scancheck box
  • Specify what deployment template to use and when the deployment should occur