Direct Download of patches to simplify WFH patching - Don't let bandwidth constraints hinder patching for remote machines

Direct Download of patches to simplify WFH patching - Don't let bandwidth constraints hinder patching for remote machines

Hello everyone,

Downloading and deploying patches to remote machines is one of the significant problems faced by IT administrators during the transit to remote work. Remote agents connecting to the server and downloading patches cause significant consumption of Internet and VPN bandwidth in the server hosted network. In order to ensure regular patching in networks with bandwidth constraints, we have introduced a feature called the Direct Download option in Windows and Mac agents.

 

How does it work?

Once the Direct Download option is enabled on the client machines (Vulnerability Manager Plus agents), the agents can directly download the patches from the vendor websites, without depending upon the Vulnerability Manager Plus server for patch download.

 

For build versions between 100646 and 100715

Upgrade to the latest build version available between 100646 and 100715, configure settings to enable the direct download of patches in remote agents.

To configure the direct download option, follow the steps below. Once the option is configured (one-time process), your remote machines (agents) will download the patches from the vendor websites, when they are out of your network or connected to VPN. Once the machines come back into the network (Intranet), the agents will automatically download patches from the Vulnerability Manager Plus Server.

  • Open https://<hostname>:<port>/webclient#/patch-mgmt/internal-settings

  • Key : addMetaParams

  • Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "0"}

To disable the direct download option, follow the steps below

  • Open https://<hostname>:<port>/webclient#/patch-mgmt/internal-settings

  • Key : addMetaParams

  • Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "1"}


For build version 100715 and above

The procedure is same as given above, with only change in the Internal settings URL. To enable the direct download option, follow the steps below

  • Open https://<hostname>:<port>/webclient#/uems/patch-mgmt/internal-settings

  • Key : addMetaParams

  • Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "0"}

To disable the direct download option, follow the steps below

  • Open https://<hostname>:<port>/webclient#/uems/patch-mgmt/internal-settings

  • Key : addMetaParams

  • Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "1"}


For build versions between 100546 and 100645

Direct Download option is also available for users on build versions between 100546 and 100645. The users however, have to manually enable the option when the machines are roaming and disable the option once they come inside the network (Intranet). The following steps have to be followed to enable/disable the direct download option respectively:

On Windows clients

To enable

  • Navigate to Patch Mgmt -> Deployment -> Disable Automatic Update. Search for the "Enable agent to directly download patches" template and Create configuration for this template.

  • Choose the target machines on which you want to enable direct patch download from vendor websites and deploy the above template to these machines.

  • This behavior will not be automatically disabled once the machine comes back into the network. You need to manually disable the option by following the step below. However, this has been automated in build versions 100646 and above.

 

To disable

  • Change the value to 0 in same template ("Enable agent to directly download patches") and then deploy to target machines.

 

On macOS clients

 

To enable

  • Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with Patch ID "602357 - Direct Download Enabler for MAC Patches". This patch will be listed in Server build 100546 and above.

  • Select the patch and deploy it to the target macOS machines in which you want to enable the direct download feature.

 

To disable

  • Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with Patch ID "602358 - Direct Download Disabler for MAC Patches". This is Patch will be listed in Server only in build 100546 and above.

  • Select the patch and deploy it to the target macOS machines in which you want to disable direct download.

 

For any other queries reach out to our Support team 

 

Cheers,

The ManageEngine Team