KBI 311719 New Product: Argent Patch Manager-How It Works

Version

Argent Advanced Technology 5.1A-1810-A and above

Date

Monday, 8 October 2018

Summary

The new Argent Patch Manager product has been bundled in the Argent Guardian Ultra for now

Technical Background


Common Questions

Here are the answers to some of the most common questions regarding the Argent Patch Manager product

Argent is installed at a customer site having five independent data centers worldwide consisting of a total of 2,800 servers

When Argent first starts, how long does it take before the central Argent SQL database has been loaded, and how much disk space does each of the 2,800 machines consume in the central Argent SQL database?

Unlike Event log archiving, information of installed hotfix and software is gathered as a whole each time the Relator runs

The typical machine has about 500 installed software products and less than 100 hotfixes

Argent will generate about 100KB raw data, and about 600 rows for each machine in the central Argent SQL database – one row for each installed product

The information is almost static – it rarely changes; how many products do you install or upgrade per week on your own laptop?

This is why Argent recommend to run the Argent Patch Manager Rules once a day and gather information from all 2,800 servers

For suspicious machines, the Argent Patch Manager Rules can be run more frequently

After initial load flurry, what is the additional daily maintenance load per server?

There is no initial flurry

Each time, the whole queried information is sent from the Monitoring Engine to central server for processing

There is no benefit collecting differential information

In order to figure out differential data, the previously collected list of installed products and hotfixes would have be made available at the Monitoring Engine from the central server

The bandwidth usage is same — if not more – than downloading the whole and performing the comparison at the central site

However the database insert/update is differential

Argent is optimized to handle only the newly installed or de-installed software products and hotfixes when the central Argent SQL database is updated

How will this differ from all 2,800 servers being in one location?

The difference is an Argent Daughter uploads the information about the installed hotfixes and software products to Argent Mother Engine

The upload file is typically compressed down to 8% of the original size

Thus each machine will account for about 50 kilobytes of data, uploaded once a day or an hour


Implementation Details

Here are the details of how the Argent Patch Manager in implemented

The new Argent Patch Manager product is implemented as a single Super-Rule and can do following:

  • Automatically build a master proposed whitelist of all valid products on all servers worldwide
  • Find and list all new Hotfixes installed in past x days
  • Find and list all new MSIs installed in past x days
  • Find and list all machines where Hotfix xxxx has not been installed
  • Find and list all machines with pending Windows Updates

The Rule saves installed hotfixes or MSI software in SQL tables for later reporting

Optionally, the Super-Rule can save the count of pending Windows Updates as Argent Predictor data




Click For Full Size

By default, Argent reads information hotfix, MSI or pending update remotely

It is generally the fastest option

However, it must be allowed by the network configuration

It is usually not an issue when servers are in the same domain and service account is a Domain Admin

When the information is not accessible remotely, the Rule option ‘Use PowerShell Remoting to Connect’ should be used

This is especially useful if the remote machine is in a workgroup or a different domain

Of course, it requires the remote machine allows PowerShell Remoting

See KBI 311178 Enabling PowerShell Remoting for details


Generating Global Hotfix Statistics Worldwide

Here is how to get Hotfix statistics for a Monitoring Group




Click For Full Size

The information is stored in SQL Table ARGSOFT_ARGENT_GUARDIAN_ULTRA_HOTFIX




Click For Full Size

It is simple to retrieve Hotfix statistics on hardcoded individual or multiple machines

Simply run following SQL query:

select installed_on, count(uuid) from argsoft_argent_guardian_ultra_hotfix

where node_name in (‘machine1’, ‘machine2’, ‘machine3’)

group by installed_on

order by installed_on

The SQL query shows the count of installed hotfixes each day for the selected machines

When the request is to retrieve statistics for a Monitoring Group, it becomes much more complicated

The difficulty is because the Monitoring Group could be ODBC query based and column ‘NODES’ is included machines separated by carriage return and newline

To address the issue, user should take following steps:

  1. Install User Defined Function ‘fnSplit’, which can parse multiple-line text and return a row set of individual lines

    To do so, run query in script file fnSplit.sql.txt

    fnSplit.sql.txt

  2. Install Stored Procedure ‘GetHotFixCount’, which takes Monitoring Group name as parameter, and returns rows of two columns ‘INSTALLED_ON’ and ‘HotFixCount’

    To do so, run query in script file get_mg2hotfix.sql.txt

    get_mg2hotfix.sql.txt

An example of using such a Stored Procedure is shown as follows:




Click For Full Size

With this Stored Procedure in place, it is easy to present the data either in list report or chart with Argent Report




Click For Full Size



Click For Full Size

Resolution

Upgrade to Argent Advanced Technology 5.1A-1810-A or above