Patch Management Part 2
Patch Management Part 2 This lesson continues discussing patch management. This lesson offers participants step by step instructions in the following: Updating manager settings Baselines and baseline groups Creating a baseline Attaching a baseline Scanning for updates
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
14 hours 13 minutes
Patch Management Part 2 This lesson continues discussing patch management. This lesson offers participants step by step instructions in the following:
Updating manager settings
Baselines and baseline groups
Creating a baseline
Attaching a baseline
Scanning for updates
Hello. Welcome to Part two of the Patch Management Lesson. We went through the beginning here talking about what the update manager is a little bit about the installation and what's required. Now we're gonna look a little bit of some of the settings. So if you go to your Home Screen Solutions and Appliances Section update Manager,
you have your own configuration tab, among other tabs.
This is where you define your I P. Address
the host name for the Patch Store of Patrick Posit Torrey.
We also decide where to get the patches from. And if you need to configure the proxy that would be done from that same
part of the interface. Weaken. Depict a download schedule.
So how often do you want it to download patches? Assuming that there's some available once a day once a week,
you make the decision there.
Then you can get a schedule for the notification.
This basically tells you when a patch has been recalled. If there's a patch fix or some other kind of upgrades that that might be critical, you can get notified at whatever interval you you pick daily weekly. Whatever it is,
we also have some settings for RV EMS.
Basically, the only thing you need to worry about is whether or not you want to take a snapshot before do remediation so that you can easily roll back in case the patch causes a problem or in case the patch breaks something.
So probably a good idea to enable the snapshot for that purpose. You just need to remember that snapshot exists and get rid of it after some period of time, where you feel the patch is stable.
Otherwise, that snapshot will continue to grow.
Also, the host and cluster settings are controlled from the convict tap.
For instance, when your host is going into maintenance mode, there may be various things that could cause it to not enter maintenance mode, which means that it can't be patched. It could be that you've got distributed power management, Vega enabled.
Maybe you weren't able to get all the V EMS move to another host, so now the host can't go into maintenance mode for that reason.
So there's very setting, sir, that will look at me when you see the lab,
and then lastly, we have the virtual appliance settings, or V APS.
We can decide to do a smart reboot of Avi up when it's needed, depending on what kind of remediation activity is taking place.
All right, so ah, baseline is just a collection of patches
or host extensions or upgrades. We can make a single baseline, or you can make baseline groups,
so it might make more sense to create a group of separate baselines. Maybe you have one baseline just for critical patches, one for virtual machine hardware, another one for host extensions, and you could group those together. It just depends on how you like to manage your your resource is,
but basically there are five different types of bass lines you can create one for host patches, one for host extensions, host upgrades,
upgrade of the virtual hardware or via more tools on the last one is your virtual appliance upgrade.
You'll notice when we see the lab as well that there are several default baselines included.
And when you initially connect and install update manager, you can tell it to automatically update the depository so it will do that will download a tremendous amount of patches
that might pertain to systems you have in your inventory. So that's why you want. Oh, look at that check box and I talk about that when we do the lab.
All right, so what's involved with creating a baseline is pretty, pretty simple.
We just If you're still in your update Manager tab, you just click the create button.
Give it a name and a description.
Probably want to be a descriptive here. Don't just call it a baseline number one right? Cause something. Someday we'll be looking back at that and not remember what that means.
So give it a name that means something to you that you'll remember in the future.
Then you pick the baseline type from these different five different choices here.
If it's a patch baseline, then we have to decide whether we want to be fixed or dynamic.
A fixed base line means that the baseline doesn't change its fixed, just like it sounded static.
If we pick a dynamic baseline
when patches that are in the baseline wouldn't I should say with newer patches that Aaron the baseline become available, you'll get some notification the baseline can get updated to always have the latest collection of patches for that particular baseline type. When it's a a patch baseline,
and then the last thing we have to pick is the patches to add,
and we'll see this in the lab. You've got a two windows, one with all the patches, and then you just drag and drop, or you use the arrow. Select something, and it moves it down to the bottom window. It's pretty easy interface to use
once the baselines created. Then you have to attach it.
So when you attach a baseline to a host or to another object, you'll get some compliance information that should pop up. It'll tell you if the base, if the baseline that you're trying to attach, will work,
it doesn't get to that. It will be installed without problems, but at least tells you if it's compliant with that particular object,
then you can think about using different containers like folders, clusters and hosts
for better. Ah, more efficient operation. So if I've got a bunch of the EMS on my host, I've got a bunch of'em or tools that may need remediation. I could just apply the paint the baseline to the entire host and not have to deal with each individual component that's on that host.
Or you can have several V EMS and a folder or several hosts in a folder and apply the baseline to the folder so that everything inside gets remediated. So it's a really great way to save time and also makes your organization tasks a lot easier.
Another thing to think about is once you've got an object in the inventory is to skin for updates
when you scan your basically checking the compliance against the existing baseline and checking to see if there's something new that this particular object might require.
Once that's done,
your scan will tell you what meets what needs to be remediated
You could do a scan is a manual process, or you can create a scheduled task
to do the scanning.
So to recap,
we talked about some of the settings for the update manager to get configured.
I'm ready to use
then what's involved with creating the five different types of bass lines.
They were simple to create the baseline, some simple choices. The gooey is really friendly.
Then we know that we need to attach the baseline to an inventory object before we can do the remediation, which is installing the updates or the patches.
And then you could scan an object
to find out what patches and requires.
Okay, Stay tuned for part three. Thank you.