Contents
-
Introducing Tachyon
-
Quick Start
-
Implementing Tachyon
-
Using Settings
-
Using Explorer
-
Using Guaranteed State
-
Using Inventory
-
Using Experience
-
Using Patch Success
-
Troubleshooting
-
Extending Tachyon
-
Training
-
Tachyon Operator v5.0 Lab Guide
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Ex 2 - TCN Opr v5.0 - Installing Tachyon
-
Ex 3 - TCN Opr v5.0 - Exploring the Settings Application
-
Ex 4 - TCN Opr v5.0 - Instruction Sets and Management Groups
-
Ex 5 - TCN Opr v5.0 - Working with Instructions
-
Ex 6 - TCN Opr v5.0 - Working with Patch Success
-
Ex 7 - TCN Opr v5.0 - Working with Inventory
-
Ex 8 - TCN Opr v5.0 - Using Guaranteed State
-
Ex 9 - TCN Opr v5.0 - Microsoft Configuration Manager Integration
-
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS
-
Ex 11 - TCN Opr v5.0 - Working with Experience
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Tachyon Advanced v5.0 Lab Guide
-
Tachyon - Nomad as Content Provider Lab Guide
-
Tachyon Operator v5.0 Lab Guide
-
Reference
Working with Patch Success
In this lab we will learn how to configure and use Patch Success.
Configuring Tachyon for Patch Success
This exercise will show you how to configure Tachyon to use Patch Success. We have already configured our connector to use Tachyon Powered Inventory. We have also already imported the Instruction Set 1E Inventory used by Tachyon Powered Inventory and created the Tachyon Role required and assigned it to the All Devices Management Group.
Create A Custom Role for Patch Success
We need to create a Patch Success user and role and assign to our All Devices Management Group. We also need to assign permissions to our Patch Success Instruction Set which we imported earlier.
- Navigate to Settings – Permissions – Roles. Click on Add
- In the Add Role dialog box Name field type in 1E Patch Success
- Click Add. You will then see the Role in the listing of Roles
- Click on 1E Patch Success
- In the Role: 1E Patch Success page Permissions tab click on Add in the far right
- In the Add Permissions dialog box Type field select Instruction Set. In the Name field choose Patch Success from the drop-down listing. Check the boxes for Actioner, Approver, and Questioner. Click Add
- Click Add again and select Repository:Patch in the type field. Select the box next to Read. Click Add
- Click the Management Group tab. Click Add in the far right. Select All Devices. Click Add
- Click the Members tab. Click Add in the far right. Start typing in Manager and select Manager1 from the list. Click Add
- Navigate to Users and select Manager1 to see that the 1E Patch Success role has been added to that user
- Also add the following roles to our Manager1 account to use for Patch Success
- Add the Patch Success role to the Tachyon Connector account
Inventory Administrators
Log Viewers
Permissions Administrators
Add the Tachyon Server Computer Account to SCCM
- From the Start menu type in Users and launch Edit Local Users and Groups
- Click on Groups – Find ConfigMgr_DViewAccess group and double-click it
- Click Add. Click Object Types and Check the box next to Computers. Click OK
- Type in 1ETRNAP then click Check Names
- Click Ok. Click Ok then close Lusrmgr
Create the SCCM Connector
This connector will pull our patch metadata into Patch Success
- Navigate to Configuration – Connectors
- Click on Add and select System Center Configuration Manager from the Connector Type dropdown
- In the Repository type Inventory will be shown
- In the Connector Name field type in SCCM
- In the SCCM Database Server field type in 1ETRNCM
- In the SCCM Database field type in CM_PS1
- Delete any entries that are in the SCCM SQL Server User Name or Password fields
- Check the box next to Use Windows Authentication
- Check the box next to Run Consoliidation Reports
- Click Add
Test the SCCM Connector
- Select the SCCM Connector that we just created
- Click the Test button on the right
- Navigate to Monitoring – Process Log to see the results
- Wait for it to be successful and then continue on with the exercises
Sync the Connectors Manually
In a production environment you will want to create schedules to run your syncs each week. The proper order is SCCM, Tachyon, then Generate Report – ETL. In our lab we will perform a manual sync of the connectors so that we can wait for them to finish and speed up the process
- Navigate to Configuration – Connectors – Click the Execute button at the top
- In the Execute Action box select Default Inventory in the Repository field
- In the Action field choose Sync Data – SCCM. Click Execute
- Navigate to Monitoring – Process Log and wait for everything to complete
- Navigate to Configuration - Schedules
Reprocess the Cube Data
We need to run our ETL Report manually. This will populate our BI dashboards.
- From Settings – Configuration – Connectors. Click the Execute button at the top
- In the Execute Action dialog box Repository field click the drop down and select Default BI
- In the Action field select Generate Report - ETL
- Click Execute
- Navigate to Monitoring – Process Log for status. Once the Generate Report shows a green check in Status continue with the lab
Tachyon License File Details
To use Patch Success your Tachyon License file must have the Inventory and Patch Success consumers enabled. The license file must also include the pattern for 1E-Inventory* and 1E-PatchSuccess* as these are the names of the instructions that will use for Patch Success. We will look at our lab license file in this task to make sure we are set up correctly.
- In the Settings application navigate to Configuration – License Information
- Within Customer Licence expand Products – expand Features and expand Item 7 and notice that we have TachyonPatchSuccess
- Expand Consumers expand Item 1 and notice that we are also licensed for the PatchSuccess consumer
Exploring Patch Success
Now that we have our lab environment configured for Patch Success in this exercise we will look at the Patch Success pages.
Patch Success Title Bar
The quick look at the state of the environment at the top of the Patch Success Overview page is very useful for determining what state your compliance is in and where you need to focus your effort.
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Navigate to the Patch Success application using Switch App. The page may need to be refreshed if it was already open in order to show Patch Success
- Click on the Overview menu. You will see the status of the environment across the top
- On the far right is the last time we Reprocessed the Cube Data
- We can select different management groups. This allows us to look at the data for only the devices in a management group
- Change to the Windows 7 management group and look at the data. Notice how the tiles change based on the Management Group
- Change to view the results for the Windows 10 Devices Management Group
- Change to view the results for the Server Management Group
- Change back to the Global Management Group
Patch Success Filter Bar
The Filter Bar allows us to look at the detailed information for specific devices or patches. In this task we will look at the filters that are available.
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Click on the Filter button (just below overview and above Patch status per device)
- Notice the different options to Filter the data. Let's look at classification first. In the Value field click the drop-down and look at the options. These are the classifications for the types of patches. Choose Critical Updates and click Add. Click Apply
- Notice how our tiles are now filtered. We could click the x at the end of our filter to remove the filter. Click the View Patches button below the tiles
- Once you finish looking at the patch details, remove the filter. Click View Devices. You will now see the details of each device in our lab.
- Click on Filter again. Let's look at the details for a specific KB. Click on KB and in the value field start typing 3004 select 3004375 from the suggestion list. Click on Add. Click on Apply
- Notice the details for that specific patch
- Navigate to Overview and look at the bottom pane with View Devices selected. Click on the View Patches button to see the details that are available
- In the View Patches listing at the bottom click on the number in the Missing column. This will create our filter to show the devices that are missing that specific patch
- Explore the other filters by looking at the following:
- Create a filter that contains 2 values Patch Status = Missing and the KB from step 58.
- Look at the Patch Performance Tile. Click on Installed and then click on Still Missing to change the focus of the data
- Click the link in the upper right to show that tile in full screen this tile will show you the number of updates installed per day. It isn't very interesting in our lab but in a production environment this will show more details so that you can have better patch performance
-
Click the button in the upper right to exit full screen mode
Operating System = Microsoft Corporation - Windows - 7
Patch Status = Missing
Publish Date = Jan 1, 2019 to today's date
Patch Success Patch Pages
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Click on the Patches menu in the left pane
- Notice our display is still filtered. Clear the filter
- Filter by Classification = Critical Updates
- Click one of the updates in the list to drill into the details
Patch Success Devices Page
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Click on the Devices menu in the left pane
- Notice our filter moved over with us. We can see the status of each of the devices in our lab for the Critical Updates we looked at in the last task
- At the top change to our Windows 10 Devices Management Group. Notice how that filter is added to our data
- Click on 1ETRNW101 to drill into the details of that device. Notice the Explorebutton at the top. Click on Explore
- Click the drop down on coverage and see that it is our 1ETRNW101 device
- Click All Instructions
- Click the Back button in Chrome to return to our Patch Success window
- Click Check Status button. This will issue our 1E-PatchSuccess-Explore instruction with our device defined as the coverage parameter and take us to the Explorer application to monitor the instruction. Look at the details as they are returned
- Click the back button again to return to Patch Success
- Click back again to look at all our devices
- Navigate to Overview – Click the View Devices button (if that view is not selected). Notice the details in the bottom pane for each device. The numbers in the missing column are links to drill into the details
- Click on the Missing column number for 1ETRNW101
- This takes us to the details for each patch that is missing on 1ETRNW101
- Scroll down in the list and select one of the listed titles (by selecting the check box next to the Vendor). Notice that we have Check Status, Update Status, and Deploy buttons active in the right
Deploying Patches
Now that we have Patch Success configured and we have explored the different options, we will learn how to deploy patches.
Deploying a Critical Update to a Device
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- You should still have the page filtered to show Patch Status Missing for 1ETRNW101 and your manually selected update
- Click on Deploy and notice the warning dialog box. Check the box to enable patches to be downloaded directly from the internet (Read the warning that is displayed)
- Click Yes, start deployment
- Navigate to Monitoring – History to view the status
- Still logged into 1ETRNW73 as 1ETRN\Tachyon_AdminG (our Global Approver)
- Open LiveMail and find the email for the Action number in the above task. Click on Go To Approval Page
- Explorer will open to Notifications – click on the Pending Request
- Type something in the Your Comment box
- Check I understand the impact of this instruction and approve this request
- Click Approve
- Still logged in as 1ETRN\User
- Open File Explorer and navigate to c:\ProgramData\1E\Client and open the 1E.Client.log
- Look for Running instruction and the ID from the Approval request
- You will see it setting up a connection to a Remote WSUS Server
- You will see it download the update from Windows Update
- It will record a successfully processed instruction message
- Still in the Explorer application – notice the banner – Responses have been offloaded to consumer PatchSuccess. Click the Back button in Chrome to return to Patch Success
- Navigate to Patches and then filter for the update you deployed. Click on the update to drill into it
- Click on Check Status. Explorer application will launch showing the status of the instruction
- Once that instruction finishes Click the back button in Chrome to return to Patch Success
- Navigate to Overview – Add a Filter for your update and click on View Devices at the bottom
- Notice our device 1ETRNW101 no longer shows in the list and only 1ETRNW102 may be showing as missing for this patch (if the patch you chose was missing from 102. If the patch is not missing then move to step 112 and in those steps choose a patch missing from more than 1 machine to deploy)
- Click on View Patches and it will change you back to the update view
- Click on the 1 in the missing column and deploy this update
- Approve the instruction and check the results
Deploying Other Missing Patches
- In the Overview node apply a filter for Classification = Critical and Patch Status = Missing
- Navigate around and deploy any of the other patches that are missing in the lab
- View your results
Viewing Patch Events on Windows 10 and Windows 7
- Open Event Viewer and Expand Applications and Services Logs
- Expand Microsoft
- Expand Windows
- Expand WindowsUpdateClient
- Click on Operational
- Look at the events in the middle pane
- Event ID 41 will show the download of the patch
- Open c:\ProgramData\1E\Client\1E.Client.log
- Open c:\windows\windowsupdate.log
Lab Summary
In this lab we looked at the Patch Success Application. We looked at the status of our environment and then deployed patches to devices that needed to be patched. We then saw how the Patch Success Application reported on our compliance status in near real-time.