4 Replies Latest reply on Feb 21, 2013 10:54 AM by Justin Dettmann

    Patch Deployment Confirmation

    Justin Dettmann



      Is there a way to confirm that a specic patch/rpm has been installed successfully from Bladelogic without running the patch analysis after installed (Linuxand Windows)?


      Reason for this is that during a change control the user will patch a set of servers, but does not have the right to run the patch analysis job and needs to be sure all has installed successfully.


      Any ideas?

        • 1. Re: Patch Deployment Confirmation
          Siddu angadi

          Hi Justin,


          Use the Component Template --> Compliance option and define the rules find out patch installed or not.


          Rules can be created to check some files or versioning.


          Bladelogic provide complaint and non-complianrt reports based on rules.




          1 of 1 people found this helpful
          • 2. Re: Patch Deployment Confirmation

            Good idea, Siddu. But as a warning, your suggestion does not confirm anything other than a patch was installed, and the same could be verified via a server live browse.


            Example: Say you install a Windows patch that requires a reboot. The patch is installed, but the system is not rebooted. In Siddu's suggested approach, you would see that the patch is installed, but the system is actually still vulnerable. Running another patch analysis job would show you that the system is still vulnerable (because that DLL is still running in the OS memory). The same situation with false assurance would occur if the patch was incorrectly assembled at Microsoft and the wrong dll was updated (happens more than you think).


            You should give your users the ability to run patch analysis jobs against their servers as a result of their job. Is there a reason you can't do this?

            1 of 1 people found this helpful
            • 3. Re: Patch Deployment Confirmation
              Bill Robinson

              for windows, what adam said is true.  for linux seeing a successful deploy job result should be sufficient except for the kernel rpm which would require the reboot.


              if the user's function is to patch servers, why do they not have the ability to run patching jobs ?  who does have the ability to run patching jobs ?

              • 4. Re: Patch Deployment Confirmation
                Justin Dettmann

                Thanks Bill, for some or other reason they didn’t want the people deploying the patches to run the patch analysis. I have put together a process that will include running a patch analysis after deployment that should be followed as this seems to be the most viable way to ensure successful deployments.