How do I configure Patch Management 7.0 to run without Internet connection?

Article:HOWTO9724  |  Created: 2009-02-04  |  Updated: 2013-09-23  |  Article URL http://www.symantec.com/docs/HOWTO9724
Article Type
How To



Question
What are the required steps to configure Patch Management Solution 7.0 to run without an Internet connection?

Answer
 

There are Policies that need to be configured to allow Patch Management solution to function in a environment with no internet connectivity.  Following is the process required to setup a server without internet. 

PMImport

Note: It is important that the servers have the same languages enabled in the 'Patch Management Core Solution' policy.

  1. Run the 'Microsoft Patch Management Import' task on a server with internet access. Note: The internet facing NS can be a different version of PM 7.0, for the .cab file release is the same for all PM 7.0 releases (Example: PM 7.0 SP2 MR3's .cab file can be staged for a DMZ NS that has PM 7.0 SP1 installed).
  2. Copy the files downloaded during this process (<Install Dir>:\Program Files\Altiris\Patch Management\Downloads) to location that destination server will be able to access.
  3. Open the 'Patch Remediation Center' on the server with Internet access and Stage the bulletins that will be staged on the destination server.
  4. Modify the 'Patch Management Core Solution' policy.  Specify the location that the Software Update Packages will be downloaded from, as well as the credentials that will be used to access the files.  This must be a valid FTP, HTTP, HTTPS, UNC or LOCAL path, that the server can access.

     
  5. Modify the 'Microsoft Patch Management Import' task.  Specify the location that the PMImport.cab file will be downloaded from, as well as the credentials that will be used to access the PMImport file.  This must be a valid FTP, HTTP, HTTPS, UNC or LOCAL path, that the server can access.

    NOTE: The credentials will only be applied to UNC or Local paths, FTP and HTTP will always use anonymous.

     
  6. Open the 'Microsoft Patch Management Import' task and run the task or wait for the default schedule to run at 4:30 AM.
  7. Open the 'Patch Remediation Center' on the server with NO internet access and stage the needed bulletins.


Software Update Packages

  1. Open the Altiris Console for the internet facing Notification Server
  2. Go to Actions > Software > Patch Remediation Center
  3. Highlight the Bulletins in this table. Right-click / Stage to create the Software Update Package.
  4. Drill down on the internet facing NS to C:\Program Files\Altiris\Patch Management\Packages\Updates (default location - View KB 45904 to change this location on this NS).
  5. Copy the Updates File from the internet facing NS to media and transfer it to the DMZ Notification Server, or to a share that the DMZ NS can access.
  6. Go to the DMZ NS Altiris Console > Settings > All Settings > Software > Patch Management > Core Settings: Input the path/network share and use AP ID Credentials (May need other credentials, but the AP ID should perform this process without any problems). This must be a valid FTP, HTTP, HTTPS, UNC or LOCAL path, that the server can access.

 

QChain:

  1. Run the 'Download QChain' task on a server with internet access.
  2. Copy the files downloaded during this process (<Install Dir>:\Program Files\Altiris\Patch Management\Downloads) to location that destination server will be able to access.
  3. Modify the 'Download QChain' policy on the non internet facing server.  Specify the location that QChain will be downloaded from. This must be a LOCAL path, that the server can access.
  4. Open the 'Download QChain' task and run the task or wait for the default schedule to run.

Caution: This process can be implemented in a Hierarchy; however, the process must be implemented on all levels, for the Parent and each Child SMP will draw from the same download locations regardless of internet access.



Legacy ID



45442


Article URL http://www.symantec.com/docs/HOWTO9724


Terms of use for this information are found in Legal Notices