Red Hat Linux Patching

Hello,

I am pretty new at BigFix and i was asked to deploy patches to our Linux Red Hat servers (5,6,7).
I am trying to find as much information as I can about the Red Hat updates installation process via BigFix.
How does the BESClient call yum ? If only the BigFix server and the relays have access to the Internet, can I use them as repositories or does a repository need to be a Linux server ?
Is there any best practices ?
…anything that would be helpful to know about Red Hat Patching.

Thanks in advance.

These links are a good place to start

Only the Bigfix server needs access to RHN.

Official Documentation: http://www-01.ibm.com/support/docview.wss?uid=swg21964132

RedHat Patching Guide: IBM Documentation

Note, there are FAQ’s at the end of the guide as well.

If you want to have the depdency logs hang around after the patch deployment has completed on an endpoint for one of the fixlets, remove these lines from the action script of one of the patch fixlets during action execution:

This will prevent cleanup of the files and you can look into them on the endpoint and can see what the dependency plugin did during dependency resolution. This is a good procedure for troubleshooting any problems involving failed patch actions as well.

Thanks.
We use BigFix 9.5 and I tried to deploy the updates to a Red Hat 7 and the behavior is a little bit inconsistent.
It seems to only work if I have the computer setting _BESClient_RHEL_AllowYumDownloads but I can’t find much information about this setting.
Do you know if that’s mandatory and what does this setting do ?

Thanks,