We have a requirement to patch a set of client-facing servers on a bi-monthly schedule, at specific times and dates. We aim to fully automate this bi-monthly patching process—either using the BigFix WebUI or by utilizing refreshed baselines containing the latest monthly updates—with no manual intervention.
Are there built-in options within BigFix to schedule bi-monthly patching (every two months), or any recommended automation approaches, such as via the REST API or other methods? We would appreciate any guidance or suggestions to achieve this automated bi-monthly patching requirement.
You might consider doing a trial of Patch Policy in WebUI. Using Baselines is a little more challenging in that it still requires some intelligence to select the Patch Fixlets to add to the Baseline. Patch Policy has built in scheduling options and Patch Fixlet refresh, whereas you’ll have to decide on an automation solution to drive the REST API calls…. cron/Task Manager/policy action, etc.
I’m sure the community will offer additional thoughts on this.
In my opinion, BigFix offers several ways to automate patching. Based on my experience I would not recommend baselines running without an end.
There are situations, where a baseline on some servers will fail (assuming you have more than a fistful to patch…). In such cases, the server ends up with status failed in the action and will never be patched again.
Looking at maintenance times, Bigfix has a built in maintenance window mechanism.
One way might be to use this maintenance window. In case of need, automated creation based on eg. ucmdb data via API is possible.
Then it’s just scheduling the baseline using “run only if maintenance window active contains true” in action, maybe select the first day of month as start and the last as end.
Or schedule the baseline via API. Of course, this would be full automation:
Automatically created baselines
Automatic run based on maintenance window information
Personally I would suggest to start step by step to catch up issues one by one and have a final solution in some month.
Thank you for your response. We currently use the BigFix WebUI to automate and schedule patching activities. However, the available scheduling options are limited to daily, weekly, or monthly intervals. Our requirement is to implement a bi-monthly patching schedule. Are you aware of any methods or workarounds to achieve bi-monthly automation using the WebUI, or do you have any suggestions to address this need?
Ah right, I lost focus of the explicit bi-monthly requirement. If you want a no-human touch automation, then you will need to create a script or something that executes session relevance to find the current Patch Fixlets you want, and then create a new MAG (it’s simpler than a Baseline which would require additional REST API work) via REST API. The scripts that do this could be scheduled via Windows Task Scheduler, or by a Policy Action that runs bi-monthly.
At least that’s my view on it.