5 Replies Latest reply on Feb 9, 2017 8:37 AM by MrJoolz1970

    API feature set for Protect 9.4


      I am using this discussion as a kind-of strategic partner forum. I am interested in finding out what specific problems you would like to solve with an API feature set.

      What is the end goal you would like to achieve with the API functionality?

      What are some example of systems you would like to integrate with that would require the API?

      What role do you see the Protect Console taking?

      Is there a need for remote endpoints to make a call to the console? If yes, how should the remote endpoints authenticate with the console? Would the concept of a token used for authentication be desirable? If not, why and what would be acceptable?

        • 1. Re: API feature set for Protect 9.4

          End goal - Patch and scan for patches via calls to your API from my automation scripts.


          Examples - Currently I have Shavlik set to scan daily at 4:00 AM and copy/stage the patches. Then at some random time my PS script will query the Shavlik DB and report machines with missing patches. Next it start queueing patch jobs via server types. Depending on the server type it will run tests to see if right now is a good time to patch. For a pooled web app, it will check total load and determine if we can bleed the server and if so, it will. Next it will execute the .bat in the staged patches folder. After it finishes, it will do some health checks and if everything looks good it will request to be added back to the app pool.


          I'm patiently waiting for the ability for my scripts to do all this without anything on a "schedule" or hacked through calls I have sniffed in SQL profiler. I am a little taken back that this API hasn't been implemented yet, our needs are greatly outgrowing what you have to offer. We're already working on our own scripts to replace Shavlik altogether since most of our systems that require automated patching are not ones with desktop applications and are strictly servers that just need OS patches. The features I want in an API are quite simple. Give me the ability to do what I would do through clicks or schedules in your GUI and allow me to make that call via the API. I don't care if it is a command line call, or a REST call... I just want to tell Shavlik to run this scan on that machine. Deploy these patches on the machine and then scan it again to make sure we didn't miss anything.


          As for integration, I don't see us integrating Shavlik into anything per se, we just want to be able to call for it to do its job without accessing the GUI.


          What I want yesterday -

          • Add/Remove a machine from Shavik
          • Initiate a scan via a configured template
          • Initiate a deployment to a machine with a configured deployment template


          What would be nice but really doesn't matter if we can do the above -

          • Set/Update templates
          • Install/Configure/Update Shavlik via unattended install


          What role - Not much more than patching. I don't want to do anything but scan and patch. Focus on what you guys do well instead of jamming new features that overlap another product or service.


          Endpoints - Cert/SSH/Kerberos/SSL, I don't care, I just need a way to authenticate and execute.

          • 2. Re: API feature set for Protect 9.4
            kstieers Rookie

            I'm in a similar boat...  We'd like to be able to do the following:

                 add a machine to shavlik

                 kick off a scan/patch cycle.

                 check the status of scan

                 check status of patch application (installing/executing/complete, etc.)


            We see integrating calling this via some script or work flow, so that I can patch multi-tier applications in the proper order, and so that we can deploy new servers, and have them patched up at build time.

            • 3. Re: API feature set for Protect 9.4

              Same here. Most urgent need is to be able to do a command line to the agent to patch immediately with template x. I have the agent installing as part of my imaging process but I need it to patch immediately vs wait for the regular schedule. i am not as concerned with a full blown API as just haveing that one ablity to call it via command line.

              • 4. Re: API feature set for Protect 9.4
                kaanfu Rookie

                I was hoping to be able to integrate shavlik to vulnerability scanner. After patches have been installed, servers should be vulnerability scanned automatically.


                I was also hoping to have somekind of integration to to our linux patch management(Puppet), i would like to see if shavlik protect console could at least list linux servers on machine view and maybe even patch them in the future.....

                • 5. Re: API feature set for Protect 9.4
                  MrJoolz1970 Rookie

                  I would be interested to see (within Shavlik) the progress / success of the snapshot taken prior to patch deployment, rather than having to check VCenter.


                  No logs currently show status, but a graphical representation showing the success / failure of the snapshot, so as to not patch machine if snapshot failed.