Creating offline patch windows
You can create a patch window to apply patches for outdated and offline virtual machines with the use of the Offline Patch Window Scheduler dashboard. From the dashboard, you can set the time and date when the patch window starts and ends.
When you select the Switch VLAN check box, you can switch to a pre-configured and quarantined VLAN from the dropdown menu.
A separate VLAN can be setup and used in conjunction with the offline patch window dashboard. In this setup, the offline virtual machines are switched from a normal network to a VLAN where they can only communicate to a pre-configured BigFix relay. In this setup, the relay can communicate to all of the clients and to the world, but the individual clients cannot communicate with the world.
The machines patch in a safe environment and at the end of a patch window, they return to their initial VLAN. To use this mode, the user needs to setup this separate network. If a VLAN is set but a targeted virtual machine does not have this VLAN configured to be one of it's network adapters, the VLAN isn't switched for that particular endpoint.
You can manage the number of virtual machines that are patched in one batch when you enter a value in the Concurrent Operations drop-down menu. This function turns on only a maximum number of virtual machines at a time per host. The window turns off the machines when it gets through the patch baseline and turns on the next batch of virtual machines.
This function can help avoid having all the virtual machines turned on simultaneously, if, for example, you have a patch that targets several thousands of virtual machines.
The following image is an example of 5 virtual machines targeted with a concurrency value of 2 and a patch window time of 30 minutes.
In this example shown in the image, at the beginning of the window, VM#1 and VM#2 starts up. After 30 minutes of being on, VM#1 and VM#2 turns off and #3 and #4 starts. After #3 and #4 turn off, if it's still before 7:00 p.m., VM#5 and VM#1 will start back on again. After 7:00 p.m., no new machines are turned on through this patch window, so when VM#1 and VM #5 turn off at the end of the 30 minute patch window, they won't turn on again.
Both the Switch VLAN and Concurrent Operations functions are optional.
Using the Offline Patch Window Scheduler dashboard
To create a patch window using the Offline Patch Window Scheduler dashboard, select System Lifecyle from the console. From the navigation tree, select
- Name
- Start Date
- Start Time
- End Date
- End Time
You have the option to click Switch VLAN. Select the VLAN from the dropdown menu. You can also select the number of concurrent operations that will be executed.