Novell ZENworks 7 Patch Management Administration Guide

User Guide

ZENworks Patch Management 6.4 SP2

02_012N 6.4SP2 User Guide

- 2 -

- 3 -

Notices

Version Information

ZENworks Patch Management User Guide - ZENworks Patch Management Version 6.4SP2 - Released:

September 2009

Document Number: 02_012N_6.4SP2_092651134

Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this

documentation, and specifically disclaims any express or implied warranties of merchantability or fitness

for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make

changes to its content, at any time, without obligation to notify any person or entity of such revisions or

changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically

disclaims any express or implied warranties of merchantability or fitness for any particular purpose.

Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time,

without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export

controls and the trade laws of other countries. You agree to comply with all export control regulations and

to obtain any required licenses or classification to export, re-export or import deliverables. You agree not

to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist

countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear,

missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page

(http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumes no

responsibility for your failure to obtain any necessary export approvals.

photocopied, stored on a retrieval system, or transmitted without the express written consent of the

publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described

in this document. In particular, and without limitation, these intellectual property rights may include one or

more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/

legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other

countries.

Novell, Inc.

404 Wyman Street, Suite 500

Waltham, MA 02451

U.S.A.

www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

ZENworks Patch Management

- 4 -

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/

legal/ trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

- 5 -

Table of Contents

Preface: About This Document............................................................................................. 17

Typographical Conventions................................................................................................................17

Contacting Novell...............................................................................................................................17

Chapter 1: ZENworks Patch Management Overview...........................................................19

Product Overview...............................................................................................................................19

Patch Management Server and Agent Process........................................................................20

System Requirements........................................................................................................................21

Minimum Hardware Requirements.............................................................................................21

Supported Operating Systems...................................................................................................21

Other Software Requirements................................................................................................... 21

Supported Database Servers.....................................................................................................22

Recommended Configuration.....................................................................................................22

Agent Supported Operating Systems................................................................................................22

Agent Supported Languages.............................................................................................................24

Chapter 2: Using ZENworks Patch Management.................................................................25

Getting Started with ZENworks Patch Management.........................................................................25

Accessing ZENworks Patch Management.........................................................................................26

Logging on to ZENworks Patch Management...........................................................................26

Logging Out of Update.............................................................................................................. 27

Common Functions within Patch Management Server..................................................................... 28

Defining Browser Conventions...................................................................................................28

Using Search..............................................................................................................................29

Using Filters............................................................................................................................... 30

Using Tabbed Pages................................................................................................................. 31

Expanding and Collapsing Folders and Outlines.......................................................................31

Advancing Through Pages.........................................................................................................31

Using the Action Menu.............................................................................................................. 32

Using Help..................................................................................................................................32

Exporting Data............................................................................................................................33

Viewing the Patch Management Server Home Page........................................................................34

Table of Contents

- 6 -

Using the Navigation Menu....................................................................................................... 35

Viewing Latest News..................................................................................................................37

Viewing the Documentation Links..............................................................................................38

Viewing Server Information........................................................................................................38

Viewing the Graph Dashboard...........................................................................................................39

Dashboard Charts......................................................................................................................39

Dashboard Settings and Behavior Icons...................................................................................39

Adding a Graph to the Dashboard............................................................................................ 41

Removing a Graph from the Dashboard................................................................................... 41

License Expiration..............................................................................................................................42

Chapter 3: Using Vulnerabilities and Packages.................................................................. 43

The Relationship Between Vulnerabilities and Packages..................................................................43

About Vulnerabilities...........................................................................................................................44

Defining Vulnerability Structure..................................................................................................44

The Vulnerabilities Page....................................................................................................................46

To Access The Vulnerabilities Page..........................................................................................46

Viewing Vulnerabilities............................................................................................................... 46

Viewing Vulnerability Details......................................................................................................47

Vulnerability Status and Types..................................................................................................47

Vulnerability Package Cache Status and Type.........................................................................48

Vulnerability Name.....................................................................................................................49

Vulnerability Impacts..................................................................................................................49

Vulnerability Statistics................................................................................................................ 50

Searching, Filtering, and Saving Views.....................................................................................50

Working with Vulnerabilities...............................................................................................................51

Vulnerability Status Tabs...........................................................................................................51

Column Definitions.....................................................................................................................51

Device Status.............................................................................................................................52

Deploying Vulnerabilities............................................................................................................53

Disabling and Enabling Vulnerabilities.......................................................................................53

Using the Scan Now Feature.................................................................................................... 53

Updating the Cache...................................................................................................................55

About Packages.................................................................................................................................55

Using the Packages Tab................................................................................................................... 57

Table of Contents

- 7 -

Package Information Tab...........................................................................................................59

Package Statuses and Types....................................................................................................61

Package Column Definitions......................................................................................................62

Searching, Filtering, and Saving Views.....................................................................................62

Working with Packages......................................................................................................................63

Deploying a Package.................................................................................................................63

Deleting a Package....................................................................................................................63

Updating the Package Cache....................................................................................................63

Editing a Package......................................................................................................................64

Creating a Package................................................................................................................... 64

Using the Package Editor..................................................................................................................64

Including Deployment Options in a Package.............................................................................73

Adding File and Directories to a Package.................................................................................75

Creating Scripts for a Package..................................................................................................79

Chapter 4: Working With Deployments................................................................................ 81

About Deployments............................................................................................................................81

Viewing Deployments.................................................................................................................82

Deployment Types..................................................................................................................... 84

Standard and Chained Deployments.........................................................................................85

Using the Deployment Pages............................................................................................................86

Deployment Status and Type....................................................................................................87

Deployment Details Summary................................................................................................... 89

Working With Deployments................................................................................................................90

Deployments Page.....................................................................................................................90

Viewing the Deployment Details................................................................................................91

Viewing Deployment Results.....................................................................................................94

Explaining Deployment Distribution Order.................................................................................95

Aborting Deployments................................................................................................................95

Disabling Deployments...............................................................................................................95

Enabling Deployments............................................................................................................... 96

Modifying Deployments..............................................................................................................96

Deleting Deployments................................................................................................................96

Explaining Deployment Deadlines............................................................................................. 96

Using the Deployment Wizard...........................................................................................................97

Table of Contents

- 8 -

Introduction Page.......................................................................................................................97

Device / Device Groups Selection Page................................................................................... 98

Package Selection Page............................................................................................................99

Associated Vulnerability Analysis.............................................................................................101

Licenses Page..........................................................................................................................102

Deployment Options Page.......................................................................................................103

Schedule Configuration Page..................................................................................................105

Selecting the Deployment Start and End Functions................................................................108

Package Deployment Order and Behavior Page.....................................................................110

Package Deployment Behavior Options Page.........................................................................114

Notification Options Page........................................................................................................ 118

Deployment Confirmation Page...............................................................................................121

Associated Vulnerability Analysis Page...................................................................................123

Deployment Summary Page....................................................................................................124

Chapter 5: Using Devices and Inventory............................................................................127

About Devices..................................................................................................................................128

Viewing Devices.......................................................................................................................128

Using the Devices Page..........................................................................................................129

Using the Details by Device Page...........................................................................................132

Working with Devices.......................................................................................................................138

Installing an Agent................................................................................................................... 138

Viewing Device Details............................................................................................................ 140

Disabling a Device...................................................................................................................140

Deleting a Device.....................................................................................................................141

Enabling a Device....................................................................................................................141

Deploying a Vulnerability......................................................................................................... 141

Exporting Device Information...................................................................................................141

Scanning Devices.....................................................................................................................142

Rebooting Devices...................................................................................................................142

About Inventory................................................................................................................................143

Viewing Inventory.....................................................................................................................143

Using the Inventory Tab.................................................................................................................. 144

Inventory Types........................................................................................................................144

Scanning Inventory...........................................................................................................................145

Table of Contents

- 9 -

Manually Scheduling the DAU Task........................................................................................146

Using Custom Inventory...................................................................................................................146

Guidelines for Microsoft Windows based Operating Systems.................................................146

Guidelines for Linux/Unix/Mac based Operating Systems.......................................................150

Chapter 6: Using Groups..................................................................................................... 153

To View Groups...............................................................................................................................154

To Search for a Group.................................................................................................................... 154

Groups and the Directory Tree........................................................................................................155

Parent and Child Groups.........................................................................................................155

Defining Groups....................................................................................................................... 155

Group Information............................................................................................................................ 156

Group Information Settings......................................................................................................157

Assigned Email Notification Addresses................................................................................... 157

Assigned Child Groups............................................................................................................158

Assigned Mandatory Baseline Items....................................................................................... 158

Assigned Policy Sets............................................................................................................... 158

Resultant Policy Information....................................................................................................159

Assigned Roles........................................................................................................................ 159

Group Membership...........................................................................................................................160

Creating a Group..................................................................................................................... 161

Moving a Group....................................................................................................................... 162

Deleting Groups....................................................................................................................... 163

Editing Groups..........................................................................................................................164

Device Membership..........................................................................................................................165

Adding or Removing Device Members....................................................................................166

Enabling or Disabling Devices within a Group........................................................................168

Mandatory Baseline..........................................................................................................................168

Viewing a Group Mandatory Baseline.....................................................................................170

Managing Mandatory Baselines...............................................................................................171

Removing Deployments Created by Mandatory Baselines..................................................... 176

Device Group Vulnerabilities............................................................................................................177

Enabling Vulnerabilities within a Group...................................................................................178

Disabling Vulnerabilities within a Group..................................................................................178

Device Group Inventory...................................................................................................................179

Table of Contents

- 10 -

Device Group Deployments.............................................................................................................180

Deploying to a Group...............................................................................................................181

Device Group Policies......................................................................................................................181

Adding a Policy to a Group.....................................................................................................182

Removing a Policy from a Group............................................................................................182

Device Group Roles.........................................................................................................................183

Adding a Role to a Group....................................................................................................... 183

Removing a Role from a Group..............................................................................................184

Device Group Dashboard................................................................................................................ 185

Dashboard Charts....................................................................................................................185

Dashboard Settings and Behavior Icons.................................................................................186

Adding a Graph to the Dashboard.......................................................................................... 187

Removing a Graph from the Dashboard................................................................................. 188

Device Group Settings.....................................................................................................................188

Editing Group Settings.............................................................................................................189

Assign a Source Group to a Custom Group...........................................................................190

Chapter 7: Reporting............................................................................................................ 193

About Reports.................................................................................................................................. 193

Available Reports Page........................................................................................................... 194

Report Parameters Page.........................................................................................................195

Report Results Page................................................................................................................197

Viewing Reports.......................................................................................................................197

Working with Reports.......................................................................................................................199

Searching within Reports.........................................................................................................199

Displaying Time and Date in Reports......................................................................................200

Exporting Reports.....................................................................................................................200

Viewing Printable Data in Reports...........................................................................................200

Available Reports.............................................................................................................................201

Agent Policy Report.................................................................................................................201

Deployment Detail Report........................................................................................................202

Deployment Error Report.........................................................................................................202

Deployment In-Progress Report...............................................................................................203

Deployment Summary Report..................................................................................................204

Detection Results Not Found Report.......................................................................................205

Table of Contents

- 11 -

Device Duplicate Report..........................................................................................................205

Device Status Report...............................................................................................................206

Hardware Inventory Detail Report........................................................................................... 206

Hardware Inventory Summary Report..................................................................................... 207

Mandatory Baseline Detail Report...........................................................................................207

Mandatory Baseline Summary Report.....................................................................................208

Operating System Inventory Detail Report..............................................................................209

Operating System Inventory Summary Report........................................................................209

Package Compliance Detail Report.........................................................................................209

Package Compliance Summary Report...................................................................................210

Services Inventory Detail Report.............................................................................................211

Services Inventory Summary Report.......................................................................................211

Software Inventory Detail Report.............................................................................................211

Software Inventory Summary Report.......................................................................................212

Vulnerability Analysis Report...................................................................................................212

Chapter 8: Managing Users and Roles...............................................................................215

About User Management.................................................................................................................215

Viewing Users.......................................................................................................................... 216

Defining User Access.......................................................................................................................216

Windows-based Authentication................................................................................................216

Update Access Rights..............................................................................................................216

Defining Users..................................................................................................................................216

Defining Roles..................................................................................................................................217

Defining the Predefined System Roles....................................................................................217

Defining Custom Roles............................................................................................................218

Defining Access Rights............................................................................................................218

Defining Accessible Device Groups.........................................................................................221

Defining Accessible Devices....................................................................................................222

Working with Users..........................................................................................................................222

Creating New Users.................................................................................................................222

Adding Existing Users..............................................................................................................226

Editing User Profiles................................................................................................................ 228

Removing Users.......................................................................................................................229

Deleting Users..........................................................................................................................230

Table of Contents

- 12 -

Changing a User’s Password.................................................................................................. 230

Working with User Roles.................................................................................................................232

Creating User Roles.................................................................................................................233

Editing User Roles...................................................................................................................235

Assigning a User Role to an Existing User.............................................................................236

Disabling User Roles............................................................................................................... 237

Enabling User Roles................................................................................................................238

Deleting User Roles.................................................................................................................238

Chapter 9: Configuring Default Behavior...........................................................................239

About the Options Page.................................................................................................................. 239

Viewing Configuration Options.................................................................................................240

Viewing Subscription Service Information........................................................................................241

Subscription Service Information............................................................................................. 242

Subscription Service History....................................................................................................242

Subscription Service Configuration..........................................................................................244

Setting the Vulnerability and Package Languages..................................................................247

Configuring Enhanced Content................................................................................................248

Supporting Red Hat Enterprise and Sun Solaris Agents.................................................................251

Enabling Enhanced Content....................................................................................................251

Content Credentials Manager..................................................................................................252

Verifying Subscription Licenses.......................................................................................................255

Product Information..................................................................................................................255

Default Configuration........................................................................................................................257

Configuring Deployment Defaults............................................................................................ 258

Configuring Agent Defaults......................................................................................................259

Configuring User Interface Defaults.........................................................................................261

Configuring ISAPI Communication Settings............................................................................ 263

Working With Agent Policy Sets......................................................................................................264

Viewing Agent Policy Summary Information............................................................................265

Creating a Policy Set...............................................................................................................265

Editing a Policy Set..................................................................................................................269

Deleting a Policy Set............................................................................................................... 270

Defining Inventory Collection Options......................................................................................272

Defining Agent Hours of Operation..........................................................................................275

Table of Contents

- 13 -

Defining FastPath Servers.......................................................................................................276

Defining Agent Policy Conflict Resolution............................................................................... 278

Using E-Mail Notification..................................................................................................................279

Defining E-Mail Notification......................................................................................................280

Defining E-Mail Alert Thresholds.............................................................................................281

Sending a Test E-Mail.............................................................................................................282

Technical Support Information.........................................................................................................283

Server Information....................................................................................................................283

Component Version Information.............................................................................................. 284

Support Information..................................................................................................................285

Chapter 10: Using the Agent............................................................................................... 287

About the Agent for Pre Windows Vista..........................................................................................287

Viewing the Pre Windows Vista Agent....................................................................................287

Deployment Tab.......................................................................................................................288

Detection Tab...........................................................................................................................291

Proxies Tab..............................................................................................................................293

About Tab.................................................................................................................................295

User Interaction During a Deployment.................................................................................... 296

User Interaction During a Reboot............................................................................................298

About the Agent for Windows Vista.................................................................................................299

Viewing the Agent....................................................................................................................299

Home Page.............................................................................................................................. 301

Tools and Settings...................................................................................................................303

User Interaction During a Deployment.................................................................................... 306

User Interaction During a Reboot............................................................................................308

About the Agent for Mac................................................................................................................. 309

Viewing the Agent....................................................................................................................309

Deployment Tab.......................................................................................................................309

Detection Tab...........................................................................................................................311

Refreshing the Agent Information............................................................................................312

Starting the Agent....................................................................................................................312

Stopping the Agent.................................................................................................................. 312

Restarting the Agent................................................................................................................313

User Interaction During a Deployment.................................................................................... 313

Table of Contents

- 14 -

User Interaction During a Reboot............................................................................................314

About the Agent for Linux/Unix........................................................................................................315

Appendix A: Patch Management Server Reference.......................................................... 317

Server Security.................................................................................................................................317

Server Error Pages..........................................................................................................................318

WinInet Error Codes........................................................................................................................ 318

HTTP Status Codes.........................................................................................................................319

Device Status Icons.........................................................................................................................320

Appendix B: Securing Your Patch Management Server...................................................321

Secure Your Server With SSL.........................................................................................................321

Use Secure Passwords....................................................................................................................322

Turn Off File and Printer Sharing....................................................................................................322

Turning Off File and Printer Sharing....................................................................................... 322

Put Your Server Behind a Firewall..................................................................................................323

Turn Off Non-Critical Services.........................................................................................................323

Lock Down Unused TCP and UDP Ports........................................................................................323

Locking Unused Ports..............................................................................................................323

Apply All Security Patches...............................................................................................................327

Appendix C: Working With the Content Update Tool....................................................... 329

Content Update Tool System Requirements...................................................................................329

Installing the Content Update Tool..................................................................................................330

Downloading the Content Update Tool....................................................................................330

Installing the Content Update Tool..........................................................................................332

Using the Content Update Tool.......................................................................................................333

The Configuration Page...........................................................................................................333

Using the Content Update Tool...............................................................................................334

Appendix D: Creating a Disaster Recovery Solution........................................................ 341

Preparing Your Database................................................................................................................ 341

Changing the Database Recovery Model................................................................................341

Creating a Manual Solution.............................................................................................................343

Creating a Database Backup...................................................................................................343

Restoring a Database Backup.................................................................................................346

Table of Contents

- 15 -

Creating an Automated Solution......................................................................................................349

Creating a Maintenance Plan.................................................................................................. 349

Appendix E: Working With the Distribution Point.............................................................357

Distribution Point System Requirements......................................................................................... 357

Installing the Distribution Point........................................................................................................ 358

Downloading the Distribution Point..........................................................................................358

Installing the Distribution Point................................................................................................ 359

Configuring the Distribution Point....................................................................................................361

Table of Contents

- 16 -

- 17 -

Preface

About This Document

This User Guide is a resource written for all users of Novell ZENworks Patch Management

6.4 SP2. This document defines the concepts and procedures for installing, configuring,

implementing, and using Novell ZENworks Patch Management 6.4 SP2.

Tip: Novell documentation is updated on a regular basis. To acquire the latest version of this

or any other published document, please refer to the Novell Documentation Web page (http://

www.novell.com/documentation/).

Typographical Conventions

The following conventions are used throughout this documentation to help you identify various

information types.

Convention Usage

bold Buttons, menu items, window and screen objects.

bold italics Wizard names, window names, and page names.

italics New terms, options, and variables.

UPPERCASE SQL Commands and keyboard keys.

monospace File names, path names, programs, executables, command

syntax, and property names.

Contacting Novell

The following table lists the available technical support options.

Call Novell Support

Phone: +1 800.858.4000

Web Support

http://www.novell.com/support

Preface

- 18 -

- 19 -

Chapter

1

ZENworks Patch Management Overview

In this chapter:

• Product Overview

• System Requirements

• Agent Supported

Operating Systems

• Agent Supported

Languages

ZENworks Patch Management is a tool to audit the current

state of a network and install updates to the various devices

within that company’s network. The ZENworks Patch

Management Server retrieves available vendor patches

collected by Novell and bundled with scripts that use an

Agent as a detection and installation tool.

A vulnerability includes information that is used by the

agents to identify the requirements for the devices. This

identification process uses prerequisite profiles to determine

if a patch is applicable to a computer. If the prerequisite

profile matches then the agent will use detailed patch

identifiers, called fingerprints, to verify the device is fully

patched and protected.

Product Overview

ZENworks Patch Management is an agent-based patch, vulnerability and compliance

management system that monitors and maintains patch compliance throughout the entire

enterprise using a centralized Web-interface. ZENworks Patch Management provides a means

for an administrator to install an Agent on every client system in the target network ensuring all

systems are protected.

ZENworks Patch Management

- 20 -

Patch Management Server and Agent Process

The following process map demonstrates how patch information is communicated between the

Patch Management Server and the Agent.

1. The Agent scans the host device and compiles information on

operating system, software, hardware, and services on that

device via the Discover Applicable Updates (DAU) task.

2. The DAU runs an inventory scan on the agent and sends

the results back to Patch Management Server, which

compares it with the list of known vulnerabilities. Based

on this information, vulnerabilities are determined to be

applicable for each device.

3. The results of the scan are returned to the Patch

Management Server and can be viewed at any time in

the Inventory section of the product. If applicable, the

Agent performs another scan using the patch fingerprints

incorporated into each vulnerability to determine the device’s

patch status in relation to that vulnerability.

4. Once patch status is established, the ZENworks Patch

Management Administrator creates deployments to patch the

devices on the network. The deployments are then sent to the

selected agents.

5. Once patch status is established, the Administrator can

deploy the desired vulnerability to each applicable device on

the network.

6. After the agent receives the patch from the server, it applies

the patches by installing them to the device. The device is

now protected.

Page is loading ...

Novell ZENworks 7 Patch Management Administration Guide

Novell ZENworks 7 Patch Management Administration Guide

Related papers

Other documents