You're adaptable. Your patching tool should be, too. With Patch Manager Plus, tailor your patching policies to meet specific industry needs. Select the deployment features you want most with native OS and third party application patching. In simpler words, Patch Manager Plus will work the way you do.
From build version 10.1.2121.1, the deployment policy workflow has been enhanced to include pre and post deployment settings like options to add custom scripts and a lot more. To know more about it, refer to this document.
Patch Manager Plus lets you create patching policies to enable patching across all your enterprise's endpoints irrespective of their location and despite them being mobile, remote, or asleep.
One deployment doesn't fit all, because enterprises vary with different sizes and different patching needs. Create a Deployment Policy to specify the installation and reboot options to be performed on the client computers while deploying a patch, software or a service pack. The multiple deployment settings will help decide when to deploy a patch to the operational environment, to plan how and when that deployment will take place, in order to ensure that it does not compromise business critical systems and applications.
Notifications can be configured for Windows and Linux endpoints.
If you wanted the updates to be deployed to the computers, which are turned off, then you can enable the check box to "Turn On Computers before deployment". Enabling this option, will allow the administrators to deploy the configuration to the target computers, which are within the network but turned off. If the target computers are available in the Corporate LAN/WAN network, then those computers will be turned on using Patch Manager Plus 's Wake On LAN feature and the configuration will be deployed. This feature will not work for computers which are not available in the corporate LAN/WAN.
This feature will download the binaries to the client computers prior to the deployment window. The binaries will be downloaded during the subsequent refresh cycle, system startup or deployment window whichever is earlier and the installation will be initiated only during the specified deployment window. For instance, say a deployment policy has been created at 2pm, and the deployment window is from 4pm to 10pm. The missing patches are downloaded during the subsequent refresh cycle, which is at 3:30pm. This makes patches ready to be installed in client machines when the deployment window starts at 4pm
Deployment of certain patches that are related to OS components, may force an immediate reboot; a critical operation for many environments especially when production servers are involved. Business-critical computers may have specific times at which changes and computer restarts are permitted. Here, the deployment of a software patch or any system restarts that are required should not be scheduled. Patch Manager Plus lets you customize reboot policies post deployment. Patch Manager Plus offers a choice of the following reboot options:
For version 10.0.405 and above the reboot policy has been enhanced the following way.
Bearing in mind how essential rebooting a system is , there’s always a pressure on the sysadmins to ensure the reboot occurs successfully but also during the most convenient time thus not interrupting the enterprise’s productivity. Patch Manager plus’s flexible reboot policy helps achieve this by offering the following options for reboot :
Reboot/shutdown Immediately after deployment(within deployment window)
Specify Force Reboot Timings
Reboot notifications are available on Windows and Linux endpoints.
Note : The customization in postpone time intervals is available only in Windows and Linux. For macOS, the postpone time intervals are set to 15 minutes, 1 hour, 2 hours and 4 hours by default. Also, the user alert before a force reboot is by default set to 5 mins for macOS, this customization is also allowed only in Windows.
Note: The postpone time intervals that are shown to the end user is dependent upon the force reboot timing (if configured by you). For eg. If you have configured force reboot on a system after 4 hours from when the first reboot prompt was shown, then, the end user will be shown options to postpone lesser than 4 hours.
Configuring Force Reboot ensures that your system is rebooted even if the end user fails to do so. The force reboot prompt appears exactly after 'x' hours from when the first reboot was shown and the system reboots immediately after the notification times out. Reflecting the correct status of the patches (post patching) is important. If you choose to shutdown your system post patching, you may enable the 'restart and shutdown' option. This ensures that your system reboots in order to reflect the exact status of the patches before the system shuts down.
Admins can opt to exclude reboot/shutdown:
Restart and then Shutdown: If you choose to shutdown your system post patching, you may enable this option. This ensures that your system reboots in order to reflect the exact status of the patches before the system shuts down.
You can further fine-tune the deployment process to align with your specific needs by configuring the deployment settings. By customizing this setting, you can ensure that only authorized users with the necessary roles can modify the deployment policies. The deployment policies are associated with various configurations and tasks related to the deployment process and modifying these policies should be limited only to authorized users with the necessary roles and permissions. Users with the appropriate roles such as Administrators, Policy owners and Patch Management Write access are granted the privilege to modify deployment policies. The ability for only authorized users to modify the deployment policies helps in maintaining the consistency of the endpoint's deployment process.