In OneView, you can apply operating system updates for Windows using the Vulnerability and Patch Management module. Security updates are often available through operating system patches, so it is important to keep scanning your endpoints for available updates. For more information, see Enable Vulnerability and Patch Management in OneView.
A scheduled patch update is configured in your OneView console and automatically schedules updates to an endpoint with outdated operating system services. Schedules apply to all Windows operating system patches found at the time the schedule is run.
- On the left navigation menu, click Configure > Schedules.
- In the upper-right, click Add schedule .
- Enter a schedule name and choose Install OS Patches for Type.
- Optionally, filter which operating system patches install based on category and severity.
- Configure OS patch settings with the options in the Patch settings table below.
- Click Add another to include filters for un-selected categories.
- In the Schedule groups tab, choose Global (All sites) or select a site.
- Select available groups from the selected sites to scan.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
- Click Save.
Patch categories are defined using Windows standardized terminology for operating system services.
|A broadly released fix for a specific problem addressing a critical, non-security-related bug.
|A broadly-released and frequent software update containing additions to a product's definition database. Definition databases often detect objects with specific attributes, such as malicious code, phishing Web sites, or junk e-mail.
|A software component necessary to control or regulate another device
|New product functionality that is first distributed outside the context of a product release and usually included in the next full product release.
|A broadly released fix for a product-specific security-related vulnerability.
|A tested, cumulative set of all hotfixes, security updates, critical updates and updates, as well as additional fixes for problems found internally since the release of the product.
|A broadly released fix for a specific problem addressing a noncritical, non-security-related bug.
|A tested, cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment.
|A new product release brings a device to the next version, containing bug fixes, design changes, and new features.
OS Patch settings
|Don't reboot servers
|Prevent servers from rebooting after an operating system patch.
|Use existing reboot settings
|Follow the policy reboot settings.
|Override existing reboot settings
|Override the policy and customize the reboot settings.
|Message displayed for required reboot
|The message displayed to users if an operating system patch requires a reboot.
|Reboot automatically after
|The time before the endpoint automatically reboots.
|Enable pre-deployment message
|Allow users to see a custom message before the update is deployed.
|Message to display prior to deployment
|The message displayed to users before the update is deployed.
|The time before the patch is installed.
Note: A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Patch Management page
Navigate to the Patch Management page to view available system updates across your managed sites and endpoints. Use this page to manually apply these updates to endpoints if they are outside of scheduled time frames or if critical fixes are required.
- On the left navigation menu, click Manage > Patch Management.
- On the OS Patch tab, select all or check specific boxes for system patches you want to install.
- In the top right corner, click the Apply patch icon .
- In the confirmation window, click Install.
The following information is displayed for available system updates across endpoints:
|Name of the available patch.
|Knowledge base ID of the patch.
Description of the patch and provides directions on how to resolve the patch issue.
Type of patch available to install on the endpoint.
|Host name of the endpoint.
|Date the available patch was detected on the endpoint.
|File size of the available patch.
|Requirement of a reboot to complete installation of the patch.
Severity level of the patch:
|Site name assigned to the endpoint with the available patch.
|Vendor name of the software requiring a patch update.
Filter available patches
The Patch Management table helps you manage the available information pulled from your endpoints. Use filters within this table to sort your patching information into specified results.
Customize patch data in the table using the following options:
- Reset filters: In the upper-right corner of the page, click Reset filters to go back to the default filter settings.
- Add / Remove Columns: In the top-right of the table, click Add / Remove Columns to customize the table columns.
- Column pinning and auto-sizing: Next to a column header, click the filter button to display a checkbox list of different sub-filters you can apply. Click the filter tab to pin or auto-size for the selected column.
- Right-click menu: In the table, click and drag to select and highlight a table section. Right-click on your selected information to copy or export a .csv or a .xlsx file.
Download all patch information to your local machine for auditing or external reporting.
- Select all or check specific boxes for the rows you want to export.
- At the top-right of the Patch Management page, click the ellipsis icon.
- Click Download .csv or Download .xlsx to export your data.
Available patches tab
Navigate to the Available patches tab to view the ready-to-install operating system updates for specific endpoints. This tab is helpful if a particular endpoint requires multiple system patches and you want to apply them all at once to that endpoint. Patches appear available when the operating system isn't updated automatically and a scan identifies updates required on the endpoint.
To locate the Available patches tab:
- On the left navigation menu, click Manage > Endpoints.
- Click an endpoint name to view the endpoint's properties.
- Click Patches, then click Available patches.
To apply a system patch:
- Select all or check specific boxes for system patches you want to install.
- In the top right corner, click Apply Patch.
- In the confirmation window, click Install.
On the Endpoints page, add a new column to see how many available patches there are for each endpoint. The following column is available:
- Available patches: Shows the number of available OS patches and 3rd-party software updates. Click the value to go to the Patch Management page filtered by the selected endpoint.
Return to Vulnerability and Patch Management.