1 2 Previous Next 15 Replies Latest reply on Feb 7, 2013 1:44 PM by Young So

    How Install Patch Repository without connection to Internet?

    Yasser Husseini
      Share This:

      Hello Friends

       

      I have a challenge to install patch manager 8.2 on Windows platform inside a LAN doesn't have an Internet connection nor Proxy. It is isolated LAN from Internet. The Internet is connected on another subnet with seperate switch and separate cables. I suggested to have another server connected to Internet zone and install Tx,CMS, and Windows patch source on it. After that download all patches and copy it on DVD for example and manual copy to the Patch repository machine inside the LAN.

       

      The Issue, that when I install Patch Repository inside the LAN, it require Internet connection to complete the WPS configuration and create Patch Info channel on Transmitter, I don't have Internet inside LAN? If I select it offline Repository update, it needs address for the source location which is outside LAN and connected to Internet with different subnet not allowed to connect to it from inside the LAN?

       

      Any advice is appreciated

       

      BR

       

      Mostafa

        • 2. Re: How Install Patch Repository without connection to Internet?
          Yasser Husseini

          Hello Young

           

          Thanks for your response. We talk about BBCA 8.2. I tried to install BBCA all component (Console & Transmiter) on a seperate machine have connection to Internet and after select the required patch, donwload it through patch manager on the same machine and after that copy it to the offline repository inside LAN.

           

          So,

           

          1- Is there a good approach than that.?

          2- Is there a way to download all required patches for Win7 for example only with command line  without download all OS and applications patches and move it to off repository?

           

           

          BR

           

          Mostafa

          • 3. Re: How Install Patch Repository without connection to Internet?

            Yes, there is a better approach to this. Here are the steps to configure offline WPS:

             

            1. You must have a Windows Patch Source (WPS) configured on any workstation that can download the binaries and PD5.xml and HFNetChk6b.xml files from the Internet. You do not need to configure Patch Manager or any other components. So, a different console and master transmitter is not needed.

             

            2. On this newly built WPS that has Internet access, use the -downloadAllPatches command to download the differential patches to a folder on the hard drive. You cannot download the patches for a particular platform only, like Windows 7.

             

            Syntax:

             

            runchannel.exe <WindowsPatchSourceURL> -downloadAllPatches -locales English -destination C:\offline -patchType All

             

            3. Copy the offline folder to a folder on production WPS server.

             

             

            To update the offline patch repository:

             

            1 On the WPS and Patch Repository in the isolated environment, log on to the CMS console as a primary administrator, and select Applications > Patch Manager.

             

            2 On the Patch Manager page, select the Configuration tab.

             

            3 On the Patch Manager Configuration page, select Repository.

             

            4 In the Source section, select Enable Offline Repository Update, and in Offline Source Location, type the path to the backup media.

             

            This location must contain the patch binaries and the XML files.

             

            5 Click Preview, and save the configuration.

            • 4. Re: How Install Patch Repository without connection to Internet?
              Yasser Husseini

              Hello Adil

               

              Thanks for your response. But there are missing points so, I sent this Post?

               

              For example :

               

              1- If you download all the binaries first time, it will need huge Giga Bytes and many days to download thousands of patches and fixes for all OS versions even obsolete and applications we don't need it. Let assume we downloaded all of it, the patches updates every day, so we need every day to make the same process to download again all the new patches again to include new ones published on this day and copy again to offline?

               

              2- If you didn't install CMS and Transmitter on a machine connected to Internet, How you can configure Windows Patch source and its folder?

              The command you give require a transmitter to run it, for example:

              runchannel.exe http://10.01.01.01:5282/8000_local/acme01/WindowsPatchSource -downloadAllPatches -locales English -destination C:\offline -patchType All

               

              It need a path to Patch manager on a transmitter and the Internet machine is isolated completely from LAN and can't see the server inside the protected LAN? Secondly when you make the configuration from Patch Manager for repository folder and update schedule, it immediately copy the WPS to the target machine and start building meta-data folder?

               

              For the above reasons, I didn't find any solution except install CMS and Transmitter and select what I need from patches only to download it and copy later to offline. My question was Is there a better approach than this?

               

              BR

               

              Mostafa

              • 5. Re: How Install Patch Repository without connection to Internet?
                Yasser Husseini

                Hello Young

                 

                I didn't hear from you about your advice?

                 

                BR

                 

                Mostafa

                • 6. Re: How Install Patch Repository without connection to Internet?
                  Young So

                  Mosta,

                   

                  Here is the answer your looking for;

                   

                  There are two different way of doing this.  One is channel copy and the other is copy the repository.  The channel copy method will not be support by the BMC support.  The copy of the repository will be support.  Do you know how to copy the repository from point A to point B?  If not let me know.  If you need more details let know.

                   

                  The customer will have concern about the validation of the patches.  Here is what support stated; "The Windows Patch Source channel in BMC CM retrieves Microsoft Windows patch information from third-party vendors, such as Shavlik which collects the relevelant patches metadata from various patch sources like Microsoft. The Windows patch source channel streams the data into patch manager in  uniform format which is also mapped into a patch repository schema in the inventory database."  This would the validation process of the patch has they are downloaded to the repository.

                  • 7. Re: How Install Patch Repository without connection to Internet?

                    Hi Mostafa,  Did u find any challenges with subscribing the WPS from your production master transmitter to the test WPS, and using the run channel cmd in order to download the patches?

                    • 8. Re: How Install Patch Repository without connection to Internet?
                      Yasser Husseini

                      Hello Adil

                       

                      Thanks for your response. Yes, I found challenges as the production LAn is Isolated completely other than the test WPS by different subnet and IPs ranges. So, I can't connect to the patch manager inside LAN as it has unreachable IP.

                       

                      Do you have any advice?

                       

                      BR

                       

                      Mostafa

                      • 9. Re: How Install Patch Repository without connection to Internet?
                        Yasser Husseini

                        Hello Young

                         

                        Thanks for your response. But I didn't know what is the approach you mean. You talk about copy the repository, and how you installed it firstly? as I said previously I installed all the components on the test PC which connect to Internet to download required patches only. After that I copy the folder (s) downloaded to the offline. Beside that, copy updated XML metadata to offline site.

                         

                        If you have enhanced approach than it, kindly let me know.

                         

                        BR

                         

                        Mostafa

                        • 10. Re: How Install Patch Repository without connection to Internet?

                          I believe you dont need a patch manager to download the patches. The runchannel command will do that. Try that.

                          • 11. Re: How Install Patch Repository without connection to Internet?
                            Young So

                            You install like production. The you copy the repository via robocopy the difference over to the isolated patch server.

                             

                            Sent from my iPhone

                            • 12. Re: How Install Patch Repository without connection to Internet?
                              Yasser Husseini

                              Hello Young

                               

                              Thanks for your response. So, You agree with me that we should install the all BBCA on the machine which connected to Internet and copy after that the patches. But I have a question, when we copy the difference by RoboCopy, we will add it to the repository on isolated machine (for example c:\patch) or to the Offline folder which defined in Patch manager repository (for example c:\offline_Patch)?

                               

                              If it will just add the difference to repository on isolated machine (for example c:\patch), How it will know there are new  patches added to it? The update action recreate all the folder again and create a big number of folders.

                               

                              BR

                               

                              Mostafa

                              • 13. Re: How Install Patch Repository without connection to Internet?

                                You will have new Shavlik XML files that contain all the metadata related to the patches. So the differences would be known from this metadata rather than the added folders.

                                1 of 1 people found this helpful
                                • 14. Re: How Install Patch Repository without connection to Internet?
                                  Yasser Husseini

                                  Hello Adil

                                   

                                  Thanks for your response. So, you mean just copy the new Shavlik XML files to the offline folder, so the isolated machine can pick up the new XML file and generate the new required folders?

                                   

                                  I am afraid that the Isolated machine will regenerate all the XML file again and set a very big of duplicated folders with huge space. I noticed that when I made "Update Action" it reduplicate the folders and many thousands of folders created, while the number of patches from Patch manager window was few numbers not equal to the folders created.!!!

                                   

                                  Thanks for your cooperation

                                   

                                  BR

                                   

                                  Mostafa

                                  1 2 Previous Next