Patch outside deployment window
Need to patch endpoints that have missed the deployment cycle or haven't come live during the deployment windows? With the Patch outside deployment window functionality, you can now seamlessly patch such endpoints even after the deployment windows.
In case the systems have missed the deployment windows, patches would be deployed to them either manually or through Automate Patch Deployment tasks, on the first agent-server communication, irrespective of the deployment window.
Here's how to set up Patch outside deployment window in:
Setting up in Manual Deployment
To setup the Patch outside deployment window:
- Navigate to Patch mgmt > Deployment > Manual Deployment
- You can either create a new configuration or modify an existing one.
- Under Deployment Settings, click on the Patch outside deployment window checkbox.
- Specify the date and time after which you want the patches to be force-deployed on the unpatched endpoints.
Note:
Patches would be deployed to the unpatched endpoints on successful agent-server communication, anytime after the date and time specified. The deployment would occur, irrespective of the deployment windows that had been set earlier.
Setting up in Automate Patch Deployment
To set up the Patch outside deployment window:
- Navigate to Patch mgmt > Deployment > Automate Patch Deployment
- You can either create a new task by clicking on Automate Task or modify an existing one.
- Under Choose Deployment Settings, select the appropriate deployment policy and click on the Patch outside deployment window checkbox.
- Specify the number of missed deployment days to be considered post which patches would be force deployed to unpatched systems.
How to calculate the number of missed deployment days?
Let's take the example of an Automate Patch Deployment task with the following configurations:
- Preferred weeks for deployment: Second, Third
- Preferred days for deployment: Monday, Tuesday
- Deployment window: 06:00 to 18:00
- Force deploy to unpatched systems after they have missed 6 deployment days
In this case:
- The total number of deployment days in a month = 4
(Number of preferred weeks for deployment x days of deployment)
- If the endpoints do not come online (i.e. no agent-server communication) within the 4th of April, 18:00 hours (after 6 deployment days have been missed), the patches would be force deployed, anytime the endpoints come online post the deployment time frame (i.e. when a successful agent-server communication is established), irrespective of the already configured deployment windows.