CA Client Automation

I'm trying to deploy patches without having full internet access, is there any solution for this?

Hi Pankaj,

CIC Offline patching is  supported in 12.8 version. If you want to

go for offline patching the version on UPM and ITCM should be on 12.8.

Offline patching will allow you export content and patch files remotely when your

CA ITCM environment has no internet access.

Export the content and patch files to a portable media device from

separate computer that has internet access(Testing machie which has ITCM,UPM installed for

using Offline patching).

Use CA Patch Manager to import the exported content to the CA ITCM

Production environment.

Regards

Vimal

CA Support.

Hi Vimal,

You mean offline patching is not supported in 12.5 version.

If this is supported in 12.8 how patch manger will be able to export files from other machine, is there requirement of internet connectivity in the other machine.

Regards,

Pankaj

Hi Pankaj,

      Yes .. Offline Export/Import is not supported in 12.5 .You need to have machine with internet access to setup offline Export then import those singatures on production ITCM/UPM.

Regards

Vimal

CA Support.

Hi Vimal,

If i'll import the signature in 12.5 from another machine will that work for me or not?

Regards,

Pankaj

Hi Pankaj,

              Import/Export machines should be on same version 12.8 . You can not install Offline Export on 12.5 machine since the package will only support 12.8.

Regards

Vimal

CA Support.

HI,

We are on 12.5 and what we have to do is from an internet connected server with ITCM DM and UPM installed Select the Packages you wish to download...  you will need a SQL script file to make the required Patches Available to download in UPM (I have a copy but not at my desk today, if you need this then let me know), Once you have selected the Patch in UPM it will be downloaded and imported into ITCM DM...  You can then Export the ITCM Package and then transfer via USB onto your Non Internet Connected ITCM DM...  From there you will need to manually setup the job to deploy (After testing first of course) to the required devices.

We just completed a migration so 12.8 was on the back burner and we are now looking to wait to 12.9 next year.

Hope this helps

Regards

Colin Wink

Hi Colin,

Thanks for the information provided , but as in our environment here there is no internet connectivity on the ITCM DM to download the packages.

Regards,

Pankaj

HI,

Yes our environment is not connected to the internet, we have a standalone server which is connected to a network with internet connection to allow the downloads from UPM, we then have to manually transfer (air gap) between the standalone server and our confidential environment.

Regards

Colin Wink

Hi Colin,

Than can you please share me the steps and commands what you have followed so I can also test the same.

Regards,

Pankaj

HI,

Our Setup is as follows, also at present we are only using this for Microsoft Patches (Windows 7, 2008 and MS Office) but as long as you have a list of required patches you could follow the same procedure (Just change the filter in No. 6)

DM on Confidential Network

DM and UPM on Standalone Server Connected to Internet.

1) Logon to Standalone Patch Manager Server.

2) Open SQL Studio and Select New Query.

3) Run following Query on MDB (this needed to be run at least once a month to change status from "Not Avaliable" to "Pending Accptance")

               Update ca_install_package SET status=3

               WHERE status=2

4) Open UPM

5) Select Patches Tab

6) Search for Patches Pending for Acceptance "Filter by Patch Name"

               i.e.      %2008 R2%%1407%     Windows Server 2008 R2 patches for July 2014

                         %Win 7%%1407%         Windows 7 patches for July 2014

                         %Office EN%%1407%    Office English Patches for July 2014

7) Select the require patches (Tick Box) and Change Drop down box to approve and Select "GO"

               Note: You can only download a Delta if you have the previous months Full.

8) You will receive a confirmation message and Patch will download and be packaged into ITCM.

               Note: this can take a while and advised not to download too many (ie Full) at once.

9) Once complete Open CA Client Automation DM

10) Open Software > Software Package Library > Unicenter Patch Manager

11) Select New Package <Right Click> and select Export > Software Package

12) Select Software Download Path <Chose> <OK>

13) Close DM

14) Copy Exported Patch from Download Directory to USB

15) Logoff Standalone Patch Manager Server

16) Air Gap (AV checks, etc. if required)

17) Logon to Connected CA Client Automation DM Server

18) Copy Patch from USB to a Temp Area on Server.

19) Open Client Automation DM

20) Open Software > Software Package Library > Unicenter Patch Manager (First instance you may need to create "Unicenter Patch Manager"

21) In Windows Explorer Select new Patch folder and <Right Click> Copy.

22) In Client Automation DM "Unicenter Patch Manager" Folder <Right Click> Paste

23) New patch will be Imported (any issues you could try the Import rather than Copy and Paste)

New Patch is now ready to be Tested or Deployed via Software Delivery.

Hope this Helps

Regards

Colin Wink

Hi Colin

Thanks for sharing this workaround for 12.5. As Vimal has advised earlier in 12.8 we support offline patching by allowing you to export the signatures and patches from a standalone UPM server that has internet connectivity and import these on the production UPM server

Rich

Hi

Is this thread now answered or do you need additional info? If answered please can you mark it as such.

thanks

Rich