Patching practices

Usage and Config Patch
1

Hi I need to know some of the best practices regarding the patching. I’m unable to find those. Does anyone have the any document available? Can someone provide a link?

Thanks in advance.

Regards
Vicky

2

I imagine it will vary from organization to organization.

Common threads …

  • Patch in a Timely Manner
  • Test patches before installing on Critical Systems
  • Track/Document any Excpetions to Patch Installations
2 Likes
3

Whilst these aren’t specifically best practice references you might find them useful anyway…

http://www-01.ibm.com/support/docview.wss?uid=swg21506050

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Baselines%20-%20Best%20Practices

http://www-01.ibm.com/support/docview.wss?uid=swg21636385

Search youtube for BigFix Baselines - Wizard you’ll get a page that has a number of patching baseline videos.

2 Likes
4

Thanks guys. I’ve already gone through that links. Any how thanks again :slight_smile:

5

Can you provide more specific detail of what kinds of practices you want feedback on?

6

Hi @jgstew

I just want to know about client and relays settings recommended by bigfix. We do have 300 servers to patch so what should be the recommended best practices?

7

you have create clientsetting.cfg file deployed the below all setting

_BESClient_Log_Days=15
_BESClient_Comm_UseUrlMoniker=1
_BESClient_Comm_SkipInternetActiveTest=1
_BESClient_Register_IntervalSeconds=3600
_BESClient_Download_MinimumDiskFreeMB=200
_BESClient_Comm_CommandPollEnable=1
_BESClient_Comm_CommandPollIntervalSeconds=3600
_BESClient_Download_DownloadsCacheLimitMB=200
_BESClient_Download_UtilitiesCacheLimitMB=20
_BESClient_Report_MinimumInterval=300
__RelayServer1=http://wwwwwwwwwww.com:52311/bfmirror/downloads/
__RelayServer2=http://wwwwwwwwwww1.com:52311/bfmirror/downloads/

We have to do the basic setting on the client side

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

8

Hi,

Yes I’m able to set some of aforementioned client settings.

Thanks for your response

9

Here are some of the settings I use for non-servers:

1 Like
10

Thanks

@jgstew what settings will be for the server endpoints?

11

Some settings I would recommend for BOTH clients and servers. Let’s start there.

All endpoints, except for the root server and top level relays should have the following setting:

_BESClient_Download_RetryMinutes=1

This used to be the default setting, but it was changed in later versions. I highly recommend setting it back to 1.

The following should ALWAYS be used in a clientsettings.cfg file in all cases:

_BESClient_Resource_StartupNormalSpeed=1

This tells the client to be much more aggressive on its very first run through when it is first installed. This will be set back to 0 immediately after it finishes a first pass. This GREATLY increases the speed of initial provisioning of the client.

All endpoints should be set to retain at least 30 days worth of client logs:

_BESClient_Log_Days=30

This will have minimal impact on the endpoint and will greatly help with troubleshooting and reporting.

This is a good idea to reduce the load on your relays and root server ingestion, but is otherwise optional:

_BESClient_Report_MinimumInterval=90

This will reduce the frequency of reporting by the endpoint to its relay and beyond.

All endpoints should have the utility cache set to at least 500 mb:

_BESClient_Download_UtilitiesCacheLimitMB=500

All endpoints should have the download cache set to at least 2000mb:

_BESClient_Download_DownloadsCacheLimitMB=2000

If you install a very large amount of software with BigFix, then I would make this even higher. 10GB or so makes sense on systems with a lot of free space.

1 Like
12

Thanks for the useful suggestion.