Managing Patching
The Patching service lets SoftwareOne manage the patching of the operating systems running on the infrastructure in your cloud environment. The Patching service is a critical component in the overall Security Posture of your cloud environment.
You can configure the Patching Schedule to suit the needs of your business operations. The schedule controls the deployment of patches to your resources in Patch Waves. Patch Waves are groups of resources that are planned to be patched together in a specified time period.
In the Patching Schedule you can define up to three (3) Patch Waves, that include the:
Week of the month,
Day of the week,
Start time that each Patch Wave should run, and
Any change freeze windows that should be observed.
We store the configuration of your Patching Schedule in the Operations Definition. You can view the Operations Definition, in the dedicated Confluence space that we provide to you during onboarding. If required, you can modify the Patching Schedule by raising a Service Request. For more information, refer to Getting Support.
The Patching service automatically installs agents to your resources based on the values of tags set in your cloud environment. A Tagging Policy for Patch Management provides you with comprehensive coverage that you can modify to suit your business requirements, for example, you can modify the values of the tags assigned to a device, to change the Patch Wave assigned to it.
The service supports a comprehensive suite of operating systems, including variants of Windows and Linux. For more information, refer to Supported Operating Systems and Unsupported Operating Systems.
Architecture
The patching system is a purely agent-based approach with outbound traffic on port 443 to a centralized managed service hosted by SoftwareOne.
Patching Architecture – AWS
Alert Contacts
When an alert if received and evaluated the Default Caller defined the in the Contacts page will be notified
Tagging
The following table gives a example of your patching waves.
VM’s swoPatch Tag Value | Week of the month | Day of the week | Backup time | Patching Start Time (UTC) | Patching End Time (UTC) | Reboot After Patch? |
|---|---|---|---|---|---|---|
1 | 2 | Saturday | 2hrs before | 00:00:00 | 04:00:00 | Yes |
2 | 3 | Saturday | 2hrs before | 00:00:00 | 04:00:00 | Yes |
3 | 4 | Saturday | 2hrs before | 00:00:00 | 04:00:00 | Yes |
Note that “Patch Tuesday” is when Microsoft release patches and is the second (2nd) Tuesday of each month.
Notes
Note that patches are approved based on the current month’s releases.
All times are Agent time (the time of the local Operating System Environment).
Agent installations are started at midnight UTC.
All new machines will automatically be enrolled in the Default Patch wave unless the tag is changed before the point of Agent installation.
Exclusions
The patch service allows a change freeze period (e.g. Black Friday) or server reboot exclusions where the patches or reboot are postponed.