Handling multiple BPURL files

BatchPatch Forums Home Forums BatchPatch Support Forum Handling multiple BPURL files

Tagged: , ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 8, 2023 at 12:26 pm #14005
    DJV@site
    Participant

    I manage several domains that do not have internet access available. We have a WSUS that gets its updates from an upstream corporate server. I have been using BP to manage the installation of patches from our local WSUS to all our nodes for several years. Some of the domains are primarily made up of vendor supplied nodes where the vendor produces a monthly list of approved MS patches that can be installed on their nodes that will co-exist with their applications. This has been managed on our WSUS by creating computer groups and working the patch approvals on that end. My problem has been when I run follow-up verification reports back to the vendor, they often report missing patches and the reason for this is that the upstream WSUS often doesn’t have the patch approved/loaded, so it really doesn’t matter how much I want it, if the upstream WSUS is not going to supply it. So, I want to forego using WSUS and switch to use the cached/offline modes in BP to download all the patches on an internet connected PC and then later transfer this cache directory to the BP residing on the isolated network.

    My first question is, I haven’t figured out how to handle the different BPURL files I’ll get from the different domains since they consist of different vendor nodes and while we can use different BP filtered lists for each group of nodes, the BPURL files will be different in each domain because the nodes will be starting with different installed patch levels. I’m assuming there will be a single cache folder for all the updates that BP will use to download the updates to the nodes.

    One other question, does the downloading BP installation need a separate license beyond the license in use on the distribution BP?

    April 8, 2023 at 3:02 pm #14006
    doug
    Moderator

    First I would just note that, in general, if they are supplying a list of approved updates, it doesn’t mean that an approved update will be applicable to a particular computer. So even if you change to a different update source, you might find that you still have the same result, and you still have to report back that certain “approved” updates are not installed (just because a vendor approved an update doesn’t mean the update is going to be applicable to every computer).

    Second, offline mode may very well result in even fewer of the vendor-approved updates being installed because offline mode only includes security updates.

    If they are giving you a list of updates, then after you go through your normal method to install whatever the WSUS presents, for remaining updates you could then go directly to the Microsoft Update Catalog to get them, and then try to deploy them directly (using the BatchPatch ‘deploy’ feature, if desired). Then see if you can even install all of them or not. My guess is that you’re often going to have updates on the vendor’s list that you can never install on some/all machines for the reason described previously (that is, where a list of vendor-approved updates is not necessarily going to be a list of *applicable* updates).

    If you find that all of their approved updates are actually able to be installed, but that your upstream WSUS is simply not presenting them to the downstream server, then the best option is to just look at the upstream server and make sure it gets all of the approved updates so that the problem goes away. However, maybe you don’t have access to the upstream server, and maybe that’s why you’ve posted here in the first place. I don’t know.

    Anyway… I don’t actually understand what your question/concern is about handling multiple BPURL files. The BPURL file is just a list of updates and update URLs for BP to download those updates. If you have two BPURL files, then you can just load one at a time to download the updates in them. The updates will be downloaded to the cache folder.

    No, the downloading BP installation doesn’t need a separate license. In fact you could even do the downloading in evaluation mode.

    April 8, 2023 at 3:38 pm #14007
    DJV@site
    Participant

    Thank you for the quick response. I understand that some patches may not get installed, even if requested to do so; the patch can decide its not applicable after all. I’ve read that offline mode may result in fewer patches being made available as compared to connecting to a “Live” sourced WSUS. That will not be a problem for the vendor computers, as they are only concerned about security updates and not any of the recommended or feature update patches.

    Another good point is that I could always locate the missing patches from MS’s own download site and use BP to deployed them. I have that option even now with our current setup. This could actually be the easiest solution to consider.

    As for the multiple BPURL files question, this comes from my mistake in believing that applying a BPURL to an existing cache may remove the previously downloaded patches believing they were no longer needed since they were not in this latest download list. I see that’s not the case.

    Thanks for clarifying the licensing details for the downloading station.

    April 8, 2023 at 4:12 pm #14008
    doug
    Moderator

    Excellent. No problem. Sounds like you have a very good handle on everything.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.