Beyond The Basics of Patching (Patching 201)

1Dell World User Forum

UFIL502: Beyond the Basics of Patching

Ron Colson, Senior TrainerRaphael De Vos, Senior Trainer

Dell WorldUser Forum


Agenda

• Labels

• Schedule Tips & Tricks

• Follow-up & Verification

• Best Practices & Goals: Group Discussion

3 Dell World User Forum

Labels


Labels – Devices and PatchesDevice LabelsTest Devices

Production Devices

Patch LabelsPatch Exclusions Excluding Patches

As of 5.4, and continuing with 5.5, most customers no longer need to worry about multiple, very explicit, labels of patches. So, do we really need them at all, anymore?

Yes. Well…maybe. Most customers only need to eliminate from consideration those patches which will be detected as “needed” by their devices, but which they can’t have deploying. Things like JAVA JRE come, immediately to mind.

PerformanceReplication Shares


Group(s) of devices for “test” patchesDevice Labels

• Test group(s) of devices = get all/latest patches• Manual label = the only way to get a well-rounded sample of your entire

environment• The wrong test group can be counter-productive, rather than merely worthless.

Group(s) of devices for “production” patches• Production devices = get only patches released more than XX days ago.• We also need to take into account the three main considerations, when

deciding how to sort devices into Patch Schedule “groups”:1. K1000 Performance2. Device Availability (Timing)3. Patch-Sensitivity of devices


What Matters

• K1000 Performance – What else is happening?• Replication Shares!

• Timing – Which devices are available? When?• Desktops• Nights/Weekends• Silent

• Laptops• Business Hours• Interactive

• Which Patches – Will JAVA updates break certain PCs?

Most Important Considerations


Improving K1000 Patching Performance

• Everybody thinks about the WAN savings (which are awesome), but they don’t typically think about the K1000 performance aspect of Replication Shares.

• All device tasks, which require devices downloading packages from the K1000, are necessarily resource-intensive. By off-loading this requirement, we can dramatically improve the performance of the K1000. That means we can patch a LOT more devices, simultaneously!

• To extend that even further, we might consider setting up a Replication Share(s), even in the office where the K1000 is located. That way no device is ever downloading anything from the K1000, directly.

Replication Shares

Dell World User Forum

Exercise 1: Create Patch Labels


Exercise 2: Create Device Labels


ScheduleTips & Tricks


Deploy Schedule – Quick Review

Deploy

Patches

Reboot


Detect and Deploy Schedule – Quick Review

Detect

Uploa

d

Result

sPatche

s to

Deplo

y?

Deplo

y

Patche

s

Reboo

t

NO


Things to Think About…Manual / On-DemandThis device – Run NOW!

IT WorkbenchIP Subnet – Run NOW!

Imaging SupplementationImaged devices – Automated!

You already know about generally patching your typical laptops and desktops…let’s delve deeper!


ManualOther Patch Schedules

Need to patch that one device, right now?• Keep a Patch Schedule, normally set to Don’t Run on a schedule, that you can,

at any time, target to a/some device(s).

Got a separate IP Subnet on your IT workbench?• Keep a Patch Schedule, set to run in overnight hours – every night, targeting

the IP Subnet dedicated to your workbench.• This way, any devices that are brought in for maintenance, will also –

automatically! – get fully updated, before reinsertion back into the “wild”.

IT Workbench

Image patches out-of-date?• Build a Device Smart Label to group your devices that were just imaged.• Keep a Patch schedule, set to run every hour, targeting that label.

Image Patching


Exercise 3: Create “Urgent” Patch Schedule


Follow-Up & Verification


Follow-Up & Verification

• Canned Reports– LOTS of Patching Reports built-in– Simple Tweaks

• Other Options– ITNinja.com for SQL Code

• Learn More – This Week!– Other DWUF Classes


Best Practices & Goals


Let’s Talk…

• Policies & Procedures• The Way Forward• Beyond Pareto’s Law

!


Thank you.


KACE Support Portal Migrating to Dell Software Support Portal

• Starting in November, all KACE Support Portal material will be migrated to the Dell Software Support Portal

• All service requests will be submitted online or by phone

• Same great content– Knowledge base articles– Video tutorials– Product documentation– JumpStart training

• Check out the Support Portal Getting Started videos

https://support.software.dell.com/create-service-request