Novell Doc: ZENworks 10 Patch Management Reference - Using the Patches Tab for a Device

7.2.1 Patches

This section of the Patches page provides the following information about patches:

Name of the patch
Total number of patches available
Impact of the patch
Statistics of the patch

This section features the Action menu, which enables you to perform any of the following actions related to patches: Deploy Remediation, Enable, Disable, Scan Now, Update Cache, and Export. For more information on these actions, see Section 7.2.6, Action Menu Items.

The Patches section also features the show items option that enables you to select the number of items to be displayed in this section:

Figure 7-1 Show Items drop-down List

7.2.2 Patch Name

The patch name typically includes the vendor or manufacturer of the patch, the specific application, and version information.

An example of a patch name is shown in the following figure, where patch name is given, Adobe is the vendor, Acrobat Reader is the application, and 6.0.6 is the version information:

Figure 7-2 Example of a Patch Name

7.2.3 Total Number of Patches Available

The total number of available patches is displayed in the bottom left corner of the table. In the following example, there are 979 patches available:

Figure 7-3 Total Number of Patches

7.2.4 Patch Impacts

Based on the release date and impact, a patch can be classified as Critical, Recommended, Informational, or Software Installers:

Critical: Novell has determined that this type of patch is critical, and should be installed as soon as possible. Most of the recent security updates fall into this category. ZENworks Server automatically downloads and saves the patches that have critical impact.
Recommended: Novell has determined that this patch, although not critical or security related, is useful and should be applied to maintain the health of your computers. Therefore, Novell recommends that you implement patches that fall in this category.
Informational: This type of patch detects a condition that Novell has determined as informational. Informational patches are used for information only. There is no actual patch to be installed.
Software Installers: These types of patches are software applications. Typically, they include installers. The patches show Not Patched if the application has not been installed on a machine.

Patch Management impact terminology for its patch subscription closely follows the vendor impact terminology for patch criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a Novell rating as described in this section. Patch Management, following the recommendations of Lumension Security, increases or steps up the severity of the impact rating. For example, Microsoft classifications for “Critical,” “Important,” and “Moderate” patches are all classified as “Critical” by Novell.

The following table lists the mapping between Novell and Microsoft patch classification terminology:

Table 7-1 Novell and Microsoft Patch Impact Mapping

Novell Patch Impacts	Windows	Other
Critical	Critical Security Important Moderate	NA
Recommended	Recommended Low Example: Microsoft Outlook 2003 Junk E-mail Filter Update	NA
Software Installers	Software Distribution Example: Microsoft Windows Malicious Software Removal Tool (Virus Removal)	Adobe 8.1 software installer
Informational	NA	NA

Source: Lumension Security

7.2.5 Patch Statistics

Patch statistics show the relationship between a specific patch and the selected device. The patch statistics appear in the Patched column on the far right side of the Patch page. This column indicates whether the selected device has been successfully patched or not. If the device has been patched, this column shows Yes; if the device has not been patched, this column shows No.

7.2.6 Action Menu Items

The Action menu on the Patches page for a selected device consists of the following six options:

Figure 7-4 Action Menu

Deploy Remediation: Enables you to deploy a patch. To use this option, select the check box for the patch you want to deploy and select Deploy Remediation to open the Deploy Remediation Wizard.
Enable: Allows you to enable a disabled patch. To use this option, select it from the Action menu.
Disable: Enables you to disable a patch. To use this option, select the check box for the required patch and select Disable. The selected patch is removed from the list.

NOTE:Disabling a patch also disables all the bundles associated with it.
Update Cache: Initiates a download process for the bundles associated with the selected patch and caches those bundles on your ZENworks Server.

NOTE:The remediation bundles must be cached before they are installed on the target device.

To use this option:
1. Select one or more patches in the patches list.
2. In the Action menu, click Update Cache.
  
  The patch icon changes to . While the download is in progress, the icon changes to . When the caching is complete, the color of the patch icon changes to green. This indicates that the patch remediation is ready to be deployed.
Export: Enables you to export the details such as the status and impact of selected patches into a comma-separated value (CSV) file. You can choose to save the file in a different file format after opening it from the download option.

7.2.7 Searching Patches

The Search section on the Patches page offers extensive search and data filtering options that allow you to search for specific patches and filter result sets based on the status and impact of the patches. Searching and filtering can be performed independently of each other or can be combined to provide extensive drill-down capabilities. The following figure shows the Patch Search section:

Figure 7-5 Search Section on the Patches Page

To search for a patch:

Type all or part of the patch name in the Patch Name text box.
Select the desired check box under Status and Impact.
Select the vendor in the Vendor drop-down list.
Select the cache status in the Cache Status drop-down list.
Click Search.

Clicking Reset enables you to return to the default settings.

The following table describes the result of selecting each filter option under Status:

Table 7-2 Status Filters in Search

Status Filter	Result
Patched	Search results include all the patches in the patch list that have been applied to one or more devices.
Not Patched	Search results include all the patches in the patch list that have not been applied to any device.
Not Applicable	Search results include all the patches in the patch list that do not apply to the device.
Include Disabled	Search results include all the patches in the patch list that have been disabled by the administrator.

The following table describes the result of selecting each filter option under Impact:

Table 7-3 Impact Filters in Search

Impact Filter	Result
Critical	Search results include all the patches in the patch list that are classified as Critical by Novell.
Recommended	Search results include all the patches in the patch list that are classified as Recommended by Novell.
Informational	Search results include all the patches in the patch list that are classified as Informational by Novell.
Software Installers	Search results include all the patches in the patch list that are classified as Software Installers by Novell.

Table 7-4 Vendor Filters and Cache Status Filter in search

Filter	Result
Vendor	Search results include all the patches relevant to the vendor.
Cache Status	Search results include all the patches that have been cached or not been cached on the local server.

7.2.8 Patch Information

You can view detailed information for a selected patch in the Patch Information section. Clicking the name of a patch displays the details of that patch.

For example, if you select the patch called Adobe Acrobat Reader 6.0.6 Update from the list of patches, the Patch Information section displays the result of a patch analysis for the selected patch, as shown in the following figure:

Figure 7-6 Patch Information for a Selected Patch

The following table defines each property name in the Patch Information section:

Table 7-5 Property Names in the Patch Information Section

Property Name	Definition
Name	The name of the patch.
Impact	The impact of the patch as determined by Novell. See Section 7.2.4, Patch Impacts.
Status	Status of the patch; can be Enabled, Disabled (Superseded) or Disabled (By User).
Vendor	The name of the vendor or manufacturer.
Released on	The date the patch was released.
Vendor Product ID	The ID number given to the product by the vendor.
Description	The description of the patch; it includes the advantages of deploying the patch and the prerequisites for deployment.
Requires Reboot	Whether a reboot is required after patch deployment.
Supports Uninstall	Whether the patch supports uninstallation.

7.2.9 Workstation Device Patches

To view the patches for a specific workstation device:

Click the Workstation link on the Devices page.

A list of workstation groups classified on the basis of their operating systems appears, as shown in the following figure:

List of workstation groups classified by operating system

You see the following icons on the Workstations page:

Icon	Status
	Message Status: Normal Device Status: Bundle and policy enforcement successful
	Message Status: Warning Device Status: Bundle and policy enforcement successful
	Message Status: Error Device Status: Bundle and policy enforcement successful
	Message Status: Error Device Status: Bundle and/or policy enforcement failed on one or more bundles or policies.

Devices can also be found by using Search (see section Filter Item).

Click the required group (Workstation or Dynamic Workstation Group) to view the details of the group and its members.
Click the required member or workstation device.

A page displaying the member’s details is displayed. The following figure shows the page displaying details for the workstation device w2adxpsp2:
Click the Patches tab.

The patches associated with the workstation device appear as shown in the following figure:

7.2 Using the Patches Tab for a Device