I am not sure if anyone has posted this request already. I know there were some users that have a similar situations as we do here.
We need to be able to Copy/Cache/Stage patches to clients so that when we have a window to patch servers we dont have to wait for all the patches to download first and then install.
Here are a couple of options that I received but these seem more of a workaround and are tidious to implement -
Here are a couple of options for precaching files to the endpoints prior to deploying a Fixlet or Baseline. All of these options will require you to increase the size of the local download cache first because it defaults to only 20 MB:
Each option below will force the agent(s) to download the files locally and keep them according to a “Least Recently Used” (LRU) caching scheme so that when you deploy the Fixlets or baselines later, the agent will have the file locally and won’t need to redownload it.
Option 1
• Deploy the actions of the Fixlets with files you want to pre-cache and edit the action to remove everything after the download/continue if statements.
Option 2
• Put the Fixlets in a baseline, export the baseline to edit all actions as described in option 1 above, then reimport the baseline and deploy it to the target computers.
Option 3
• Run the download cacher tool and edit the relevance to remove the restriction that applies it to only relays … keep in mind this will cache all files from the Fixlets you select in the download cacher to the targeted computers and not just the files for the relevant Fixlets on each computer.
There should be a feature already where you shouldnt have to download the patches and just sit around and wait while that happens. Server patch window is very small, so we need that time to perform the patching.
I downloaded the BigFix Download Cacher onto one of our local relays and used the command
BESDownloadCacher.exe -e -f
Downloading only Enterprise Security Updates and Windows Software Updates.
My question is, if I were to run this same command again next month after Microsoft’s Patch Tuesday, will I only download the patches that I need, or will I download patches that I already downloaded?
Ok… I am not supposed to do this, but I grabbed the development copy of the next major release and grabbed a screenshot to illustrate the up-and-coming features in this area… The key thing I want to illustrate is the feature requested above to make the agent pre-download the files before running the action (just so you know it is coming):
Ben, was searching for this request to answer another forum post and saw you had request input on the wording. My vote would be something along the lines of “Pre Cache Fixlets on client before running the Action Script”
Will the option be there to ONLY download? We have many servers that require scheduled downtime. To keep uptime at a maximum, we would like the ability to have an action that just downloads the content, and then we can run all relevant fixlets at one time.
Ben, was searching for this request to answer another forum post and saw you had request input on the wording. My vote would be something along the lines of “Pre Cache Fixlets on client before running the Action Script”
I definitely agree that “constaints” is too arbitrary a word. And I like jspanitz’s suggestion, but I’d change it slightly to:
Pre-cache Downloads from the fixlet on targeted Clients before running the Action.
Does this functionality evaluate fixlet relevancy first, or just skip straight to download actions and perform them asap?
Thanks for the screenshot. It’s exciting to see the future.
I think our developers like ‘Constraints’ because it specifically references the section of the dialog above labeled ‘Constraints’. I agree though that it sounds arbitrary if you don’t notice the section label.
These are the types of decisions we tend to spend way to much time considering and it can be hard to abstract ourselves into the customer view, so it’s good to get outside perspective. Please keep providing suggestions if you have them.
What ever it is called, the action to actually start the installation must be able to be triggered from the console, and (since the download is already on the client) it should start immediately.
Perhaps I misunderstand the option wording, and forgive me if I do, but it appears that with this option the installation is not manually triggered, it is just that all downloads are completed before running the installation. If the downloads take 3 hours, you might need to request 4 hours of downtime. For production servers, you have to be able to schedule the downtime, the downtime needs to be as small as possible - for this you would need to trigger the install.
The idea is that if you have a maintenance window at 3am, you will set your action to run at 3am and click this box to pre-download the files. What will happen is that the files will be downloaded ASAP and then wait until 3am (or wait for whatever constraints are on the dialog in the screenshot above) and then will run.
The idea is exactly as you said to keep the maintenance windows very small by pre-downloading the files and then waiting until later to run the actions.
I think we are thinking along the same lines as some of the others here. We’d like to be able to have a seperate action to cache with the ability to know the cache is done and be able to report on it (realtime progress per client with estimates of time to completion). Being able to issue another action the kicks off the install would be preferred. Perhaps there could be three options: precache, run (the existing way, download and run sequentially), run from precache, cache and run (the way Ben described it).
Ideally we could issue one action to cache a week or so in advance and other actions to deploy.
Ben, the way you describe it, what happens if the caching does not complete and the window expires?
Also, to prevent cache tampering, will the files be hashed on cache and on execute? And how easy will it be to report on tampered files?
Couldn’t you create a fixlet/action that only downloads the files you want to cache. That is, it doesn’t run it afterwards? I think you would need to move the file to a certain location on the disk to be able to use it from another later action. That later action would just test for the files existence, then run it. At the end of install you would delete the install files.
You could verify that the download completed by looking at the success of the first action.
I guess hand-coding a fixlet is kind of a pain, and it would be nice to have a gui do this.
When we were doing planning for our next major release, we discussed all these options in detail… but we ran into a few issues:
1.) We had a very hard time organizing these options in a usable and non-confusing way in the limited real-estate available in the take-action dialog.
2.) We only had limited time to work on this feature since there were so many other requests and features.
3.) We had a very hard time picking cache behaviors that would work well and not lead to issues filling up the disk, keeping unwanted files around, etc.
At the end of the meeting, we had lots of concerns about time needed to implement this feature and ability to get the behaviors correct. So rather than abandon the feature until a later release date when we figured all this out, we decided to go with extending the behavior to “cache and run” but hold on the “precache and run later with another action”. This was the best we could do… Hopefully the new functionality is very useful even if we don’t yet have all these options…
Note that today, you can accomplish the precache and run later if you manually separate the built-in download/install Fixlet action to a two-part action: 1) download 2) install. Here is another similar thread on this:
we usually create 2 tasks (one to pre-cache the software install on the disk and one to install it from local disk). This way our helpdesk can reinstall without having to retrieve the install (sometimes several 100 mb) from the network. Will there be a way to pre-cache it into a certain directory? Also when is this next version due?