This content has been marked as final. Show 7 replies
When you run the deployment using the option "Copy files to selected machine(s) but do not install", it will update the patch scan result with the status of the patch as "Copied". This allows you to use the same existing scan result to run the deployment when you actually want to install patches.
So how do you install the patches that have been previously copied but not installed? I can do another scan of the machine group and choose deploy immediately, but this -obviously- peforms a new scan which is unnecessary. I can also go to Machine View, and select my machine group and tell it to deploy all missing patches, but then it goes through the process of building the deployment packages again and then it brings up the deployment status screen and appers to go through each server to determine if the packages are already there. Again, this is time consuming.
How do I tell Shavlik to just install what is already there from the previous deployment without having it do any of these unnecessary operatioins?
Just go in the first scan result, select the machine you want to deploy, then right click on it an use the "Deploy" option that suits you best.
Depending on how you manage your console, using the machine view can be a good place to deploy patch on selected machines.
You can almost perform any task from any view in the console. It could be pretty disappointing at first glance, but it is also pretty flexible.
Once you find the way that comply the most with your environment, just stick with it.
If your remote sites suffer bandwidth use, I highly recommend to have a look at the Distribution Servers feature. It is really easy to implement and customise.
Right, so that is exactly what I'm doing, but when I select my scan results and tell it to deploy the missing patches it goes back through the package bundling process which takes a significant chunk of time when deploying to a large volume of servers and is ultimately completely unnecessary since the bundles are already there. I'm hoping for a mechanism of avoiding that step.
The Distriubtions Servers aren't really necessary so long as we copy the patches ahead of time. What would be nice would be to have the distributed consoles so that the scans could happen locally, but we do not have licensing for that.
WSUS seems very tempting there.
Oh that's the deploy job generation time that is an issue to you. Sorry I missed this on.
I agree that the sequential process is not the most time efficient one.
The only ways I see, would be splitting it throught several consoles has you mentionned (but it means additional licence cost) or schedule the patching deployement.
On my side, I have choosen the following way for the servers:
- lab testting
- push the patch and deploy it at next reboot (plus post install reboot)
It allow me to have the patches deployed during the maintenance window (weekly reboot) but of course it could not fit every environment.
How do you configure the push patch and install at next reboot option? I'm not seeing that..
Nevermind, I see it now.