> Patch Management > Patch Setup Wizard

Patch Setup Wizard

The Patch Setup Wizard guides you through the steps of creating maintenance windows that define the patch rule. Rules are the tools that enable you to centrally control all aspects of patch requirements, and the scheduling of detection, downloading and installation of patches. The Patch Setup Wizard enables you to quickly and completely configure the rules.

When setting up maintenance windows, immediate and scheduled window times should not overlap. If an immediate maintenance window is initiated while a scheduled window is active, the immediate maintenance window will not run. SolarWinds MSP recommends to only use a single immediate window or one or more scheduled windows.

You need to configure a proper filter first before running the wizard and ensure it is assigned to the correct sites.

Run the Patch Setup Wizard

To access the Patch Setup Wizard, at the Service Organization or Customer level, click Configuration > Patch Management and in the Patch Setup Wizard area, click Create a New Patch Configuration.

MSP N-central does not save a Rule until you click Finish on the final screen.

Profile Configuration screen

Select a profile. A patch profile is a collection of patch management configuration options that determine how a device interacts with Patch Manager and the Windows update server. With a profile, you can apply similar settings across devices and even across multiple customers or sites.

For more information, see Patch Management Profiles.

Detection screen

The Detection Maintenance Window specifies when, and for how long, devices check for new updates and communicate this information to MSP N-central. The default detection window is twice daily at midnight and 4 pm. This is important for workstations and servers hosted in virtual environments, where detection can result in cumulative loads and slower performance overall.

Adjust the frequency of maintenance windows to match the frequency of software patches, For example, if a server is patched only monthly or quarterly, you can reduce the detection frequency.

Detection can cause momentary CPU utilization spikes on Win7 and Server 2008 R2 devices.

Pre-download

The Pre-download Maintenance Window defines the period when you want to download approved patches to the device for installation. A best practice is to download at least one to two hours before you plan to install the patch, or download during the night prior to the day when you want to patch. The default is for a duration of 60 minutes at 1 am every day.

Installation

The Installation Maintenance Window defines the period when devices install approved patches, or to install them as soon as they are approved. The default window duration is for 180 minutes at 2 am on Saturday.

When setting up maintenance windows, immediate and scheduled window times should not overlap. If an immediate maintenance window is initiated while a scheduled window is active, the immediate maintenance window will not run. SolarWinds MSP recommends to only use a single immediate window or one or more scheduled windows.

Reboot

The Reboot Maintenance Window defines the period when the device can be rebooted if required by the Patch Status service and whether the user can delay the reboot until a later time.

  • The reboot countdown times gives the user a grace period to save files and close applications before the reboot occurs.
  • The reboot downtime option is only for the duration of the reboot. This means you will not have any false positive notifications when the device reboots.

The default window duration is for an 180 minutes at 3 am on Saturday.

After a window cycle completes it will not restart after a reboot, even if the window duration has not expired. For example, if there is a one hour installation window, and a reboot occurs halfway through, the system will not check for new patches after the reboot. If the task assigned to that window has completed, it is done until the next exclusive install window schedule.

If you select the Reboot Method to Allow user to postpone beyond the maintenance window, the user will still be prompted every four hours for a reboot, which they can continually postpone.

Rule Configuration

The Rule Configuration page enables you to enable third party patching and add a filter to target specific system and sites. For example you can include a filter for all Windows-Workstations for a specific customer site to have patch enabled.

If you do not specify any customers on this page, the rule becomes a "staged" patch rule that you can add the customers to later in Configuration Monitoring Rules.

Summary

The Summary Window provides an overview of the schedules and rules you configured.

Best Practices

  • The reboot countdown times gives the user a grace period to save files and close applications before the reboot occurs.
  • The reboot downtime option is only for the duration of the reboot. This means you will not have any false positive notifications when the device reboots.
  • Use the Force Device out of Downtime After option if the device does not come back online after a reboot. For example, the device will be rebooted after the initial hour countdown timer. The downtime will last about five or so minutes it takes to reboot. Once the MSP N-central server receives a response from the local agent, it brings the device out of downtime. If MSP N-central does not receive any response, it will bring the device out of downtime in the defined time frame. Workstations by default remain in a disconnected state once they are offline due to unscheduled downtime.
  • The period the maintenance window should last for is largely dependent on if you want the user to delay the reboot. A longer maintenance window is required if you want a longer countdown period.
  • The time you choose is not a reboot at that time. It is only if the device has requested a reboot due to patch management. To verify, check the Patch Status service on a device. The device may or may not reboot at that time.
  • Do not pick a time that coincides with patch install times. The device will reboot if the device has requested so from patching. If anything interrupts a patch install it will not resume.
  • Choosing selected days is not required as it will only reboot when needed. This is for maintenance scheduled for servers, such as weekends only.