Hello everyone,
Downloading and deploying patches to remote machines is one of the significant problems faced by IT administrators during the transit to remote work. Remote agents connecting to the server and downloading patches cause significant consumption of Internet and VPN bandwidth in the server hosted network. In order to ensure regular patching in networks with bandwidth constraints, we have introduced a feature called the Direct Download option in Windows, Mac and Linux agents.
How does it work?
Once the Direct Download option is enabled on the client machines (Vulnerability Manager Plus agents), the agents can directly download the patches from the vendor websites, without depending upon the Patch Manager Plus server for patch download.
For build versions between 100646 and 100715
Upgrade to the latest build version available between 100646 and 100715, configure settings to enable the direct download of patches in remote agents.
To configure the direct download option, follow the steps below. Once the option is configured (one-time process), your remote machines (agents) will download the patches from the vendor websites, when they are out of your network or connected to VPN. Once the machines come back into the network (Intranet), the agents will automatically download patches from the Patch Manager Plus Server.
Open https://<hostname>:<port>/webclient#/patch-mgmt/internal-settings
Key : addMetaParams
Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "0"}
To disable the direct download option, follow the steps below
Open https://<hostname>:<port>/webclient#/patch-mgmt/internal-settings
Key : addMetaParams
Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "1"}
The procedure is same as given above, with only change in the Internal settings URL. To enable the direct download option, follow the steps below
Open https://<hostname>:<port>/webclient#/uems/patch-mgmt/internal-settings
Key : addMetaParams
Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "0"}
To disable the direct download option, follow the steps below
Open https://<hostname>:<port>/webclient#/uems/patch-mgmt/internal-settings
Key : addMetaParams
Payload : {"addParam":"Patch_Direct_Download_DC", "option" : "1"}
For build versions between 100546 and 100645
Direct Download option is also available for users on build versions between 100546 and 100645. The users however, have to manually enable the option when the machines are roaming and disable the option once they come inside the network (Intranet). The following steps have to be followed to enable/disable the direct download option respectively:
On Windows clients
To enable
Navigate to Patch Mgmt -> Deployment -> Disable Automatic Update. Search for the "Enable agent to directly download patches" template and Create configuration for this template.
Choose the target machines on which you want to enable direct patch download from vendor websites and deploy the above template to these machines.
This behavior will not be automatically disabled once the machine comes back into the network. You need to manually disable the option by following the step below. However, this has been automated in build versions 100646 and above.
To disable
Change the value to 0 in same template ("Enable agent to directly download patches") and then deploy to target machines.
On macOS clients
To enable
Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with Patch ID "602357 - Direct Download Enabler for MAC Patches". This patch will be listed in Server build 100546 and above.
Select the patch and deploy it to the target macOS machines in which you want to enable the direct download feature.
To disable
Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with Patch ID "602358 - Direct Download Disabler for MAC Patches". This is Patch will be listed in Server only in build 100546 and above.
Select the patch and deploy it to the target macOS machines in which you want to disable direct download.
Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with the Patch ID "890001-Enables direct download of Linux Patches". This patch will be listed in the server, only in build 10.0.716 and above.
Select the patch and deploy it to the target Linux machines in which you want to enable the direct download feature.
To disable
Go to Patch Mgmt -> Patches -> Supported Patches. Search for the patch with the Patch ID "890002 - Disables direct download of Linux Patches". This patch will be listed in the server, only in build 10.0.716 and above.
Select the patch and deploy it to the target Linux machines in which you want to disable the direct download feature.
For any other queries reach out to our Support team
Cheers,