Windows patches are managed by linking to WSUS. The following diagram shows the overall flow of Windows patch management:

Figure 2.4 Overview of Windows patch management

1. Download patches [processing by WSUS]

   Use the WSUS function to synchronize with the Microsoft Update site and obtain the latest patch information.

2. Send email notifications to the infrastructure administrator [processing by WSUS]

   By setting up the WSUS email notification function, an email will be sent from WSUS to the infrastructure administrator, informing him or her that a new patch has been downloaded from the Microsoft Update site.

3. Authorize new patches [operation by the infrastructure administrator]

   The infrastructure administrator performs authorization processing for the new patches using WSUS.

4. Obtain patch information [processing by Systemwalker Software Configuration Manager]

   Systemwalker Software Configuration Manager extracts information about new patches from WSUS and the management information on WSUS, and stores both sets of information in the CMDB.
   Patch information can be obtained either automatically or manually (using a command).

5. Send a new patch application request [processing by Systemwalker Software Configuration Manager]

   When a new patch is authorized on WSUS, an email is automatically sent to each tenant user and each tenant administrator requesting that they apply the new patch. This email is sent to the email addresses in the user information managed by ServerView Resource Orchestrator.

6. Execute patch application [operation by the tenant user or the tenant administrator]

   Either the tenant user or the tenant administrator logs in to the management console and applies the new patch.

   Point

   • Patches are distributed by WSUS. Once patch application completes, application information is sent to WSUS.

   • Even if a new patch is displayed in the management console, a notification about the new patch may not have been sent to business servers, or the patch may not have been downloaded to business servers, depending on the schedule settings for WSUS. Check the schedule settings for WSUS.

7. Obtain patch application information [processing by Systemwalker Software Configuration Manager]

   Systemwalker Software Configuration Manager extracts patch application information from WSUS and stores it in the CMDB.

8. Look up the patch application status

   The infrastructure administrator, dual-role administrator, tenant administrator and tenant user log in to the management console and check the patch application status.