Home » Configuring Deployment Policy
 

Configuring Deployment Policies

Deployment Policy and its need

Deployment Policy is an end-to-end customized policy configured by the IT administrators to deploy patches according to the enterprise's needs. The deployment policy also aids in designing a user-specific patching policy, enabling an effective patching system across all the endpoints, managed by the enterprise irrespective of its location.

When you deploy a software or a patch using Endpoint Central, you can specify multiple Deployment Settings like when to install, whether the user can skip deployments, reboot policies, etc. These deployment settings can be created as Policies, which can then be used while defining the configurations/tasks. Any policy can be marked as a default policy, so that it will be applied by default for all subsequent configurations/tasks that are created.

There are several ways to create deployment policies: Policies can be created from the Deployment Policies page. You can reach the Deployment Policies page by,

  1. Navigating to the Patch Mgmt tab.
  2. Select Deployment.
  3. Click the Deployment Policy.

The Deployment Schedule

Each enterprise has its unique set of rules and regulations with a customized working pattern to gain maximum returns. The deployment of the patches might sometimes hinder the productivity of the systems due to high bandwidth consumption. To avoid this, the admin can customize the Deployment schedule.

Deployment Policies

To do this,

  1. Click Create Policy under Deployment Policy.
  2. Specify a name for the policy.
  3. Preferred week split: There are two options for choosing the split, namely, the Regular Split and the one based on Patch Tuesday. The latter one operates from the second Tuesday of every month until the next Monday based on the Patch Tuesday releases, while the former one is the normal week split. Specify the schedule for the deployment to happen, it can be done on any day of the week or on specific days. If you wanted the deployment to happen only on weekends, you can select only Saturdays and Sundays.
  4. Specify the Deployment Window. Deployment window is the time interval, when you want the deployment to happen on the client computer. You can specify a time interval between 3 hours to 24 hours. It is recommended to provide a minimum of 3 hours, so that the agent will be able to communicate with the product server at least once during this deployment window to receive inputs from the product server to initiate the deployment.
  5. You can enable the "Download patches from server to agent" during the Deployment window or during the time when agent contacts the server.
  6. You can choose to initiate the deployment during the System Startup or Refresh Cycle.

    Configuring Pre-Deployment Activities

    If you wanted the configuration to be deployed to the computers, which are turned off, then you can enable the check box to "Automatically wake computers before deployment". Enabling this option, will allow the administrators to deploy the configuration to the target computers, which are within the network but turned off. If the target computers are available in the Corporate LAN/WAN network, then those computers will be turned on using our Wake On LAN feature and the configuration will be deployed. This feature will not work for computers which are not available in the corporate LAN/WAN. This Wake On LAN feature, will be applied to computers based on their local time zone. For example: If the deployment time specified in the product server is 20:00 hours, then the deployment will happen to computers, whenever the local time on the computer becomes 20:00 hours.

    You can choose to configure the Pre-Deployment Reboot settings. The admin can customize the settings such that the servers can be excluded from the reboot. This feature is especially included to prevent system downtime. The admin can also skip the reboot process for the machines that do not require one. The users can get notified about the system reboot through a customized notification message.

    Deployment Policies

    You can choose to configure the Pre-Deployment User Notification.

    1. Enter the "Title of the Message" that needs to be displayed on the client computer before initiating the Deployment.
    2. Enter the message that needs to be displayed on the client computer before initiating the deployment.
    3. Notification message will be displayed on the client computer based on the time limit specified in the Notification Timeout section.
    4. Specify whether the users can skip the deployment by selecting the "Allow Users to Skip Deployment". When you do not select this option, the deployment will be forced and the user will not have any control on the deployment.
    5. If the deployment progress has to be shown on the client computers, enable the "Show deployment progress on the client systems" option.
    6. Specify the number of days after which the deployment needs to be forced on the computer. By choosing this option, users will be allowed to skip deployment only for the number of days specified above, after which the deployment will be forced on the client computer.
    7. Specify the time limit for the deployment to be initiated if the system is idle.

    Deployment Policies


    Configuring Post-Deployment Activities

    1. Under the post-deployment activities, the admin can configure the Reboot/Shutdown settings of the systems. The admin can configure a Force reboot/shutdown or a Delay reboot/shutdown option to the systems. It is also possible to configure the reboot/shutdown time. The users can get notified about the reboot/shutdown through a customized notification message. The admin also has an option to "Restart and then Shutdown" the systems.
    2. Click Save to save the changes.

    Deployment Policies

    You have successfully created a deployment policy. This policy can be applied to any configuration. Note that, the Deployment Policy can be modified or deleted by clicking the Actions button.

    Notification seen on end-user's device

    Windows

    WindowsOS Notification

     

    MAC

    MacOS Notification

    NOTE: This is only applicable for MacOS patch

Role-based access

You can further fine-tune the deployment process to align with your specific needs by configuring the deployment settings. By customizing this setting, you can ensure that only authorized users with the necessary roles can modify the deployment policies. The deployment policies are associated with various configurations and tasks related to the deployment process and modifying these policies should be limited only to authorized users with the necessary roles and permissions. Users with the appropriate roles such as Administrators, Policy owners, Patch Management Write access and Software Deployment Write access are granted the privilege to modify deployment policies. The ability for only authorized users to modify the deployment policies helps in maintaining the consistency of the endpoint's deployment process.