Purpose

The purpose of this document is to provide information about the Software Distribution feature in the Protect application.

Description

What is the Software Distribution feature?

Shavlik Protect has the ability to push out software installations for many Microsoft, Adobe, Java, and other 3rd party products with a 'Software Distribution' feature. This allows you to deploy this software throughout your environment quickly.

Process for setting up Software Distribution scanning and deployment

The first thing you need to do to get started with software distribution is create a scan template. Best practice is to create one that is used solely for software distribution scanning.

1. Go to New > Patch Scan Template

2. On the Filtering tab, name your template accordingly and deselect any Patch Type Filters in the lower right section. It is recommended that you don't rely on filtering when using software distribution.

3. On the Software Distribution tab, ensure to check the 'Software Distribution' box to enable software distribution scanning for this template.

    *Note: The text box below is not interactive. It only acts as a list of products that can be pushed out with software distribution.

4. Go to the machine group you wish to scan for software distribution. Click the 'Run Operation' box. Then in the configuration for run operation, set step '4.Select/Confirm Operation' to use your software distribution scan template.

*Best practice: It's best to use run now for software distribution. NEVER set up a software distribution scan with an autodeploy. This will result in all software installing on target systems.

5. View the scan result. Highlight any systems you want to deploy software to in the upper pane. Then in the lower pane (Patches) highlight any software that you wish to deploy. Protect shows software distribution scan results just as it shows security patch scan results - which can make it a little confusing. The easiest way to view what the products are is by the "Bulletin Title" column.

You can use CTRL+Left Click to highlight multiple items. Then right click on any of the highlighted area, and choose Deploy > Selected Patches. The example below shows how it would appear if I wished to deploy the latest Adobe Air and Adobe Flash Player software.

*Best Practice: NEVER select Deploy > All Missing patches from a software distribution scan result. This will result in all software installing on target systems.

Q&A

Is it ok to use Product or Patch Group filtering for Software Distribution?

Yes, you can use filtering. However, the caveat is that if you use a Product Filter - not all software distribution items are linked to the main product you would assume that they would be. Example: In the image above you can see that Adobe Air is obviously an Adobe product, however, the Product listing in Protect shows Windows 7 Professional. This is because of how we detect the software - which sometimes depends on what the operating system is.

This means that if you select the 'Adobe' Product Filter in your scan template it will not necessarily offer Adobe Air in your scan result.

A better way to set up filtering if it is to be used with software distribution is to use a Patch Group that contains specific Bulletins or Qnumbers to be scanned. Finding what Bulletin ID or Qnumber correpsonds to the software distribution product can be tricky. Many can be found by using View > Patches within Protect, and this can be made easier by creating a "Smart Filter". Here's how to set up the smart filter to display only software distribution items:

1. Go to View > Patches.

2. In the upper right click the button for 'New Smart Filter'. The caption will display if you hover over the icon.

3. Set up the rules for the filter. The rule for this filter is very simple - set the following:

     -1st drop down can be left to "any".

     -2nd drop down set to "Patch Type Description".

     -3rd drop down set to "contains"

     -Text: "Software Distribution"

Once the smart filter is set up, make sure it's selected in the Patch View, Smart Filters drop down. This will display all items that are of the patch type "Software Distribution" which makes it easier to pick and choose the items you want to place into your patch group.

Is it best practice to set up automation using recurring scheduled scan/deployment with software distribution?

No, the best practice is to use the method laid out in the steps above and deploy software based on selected items from the scan result. If you plan to attempt to automate software distribution you will need to ensure that you at least use a patch group for filtering so that you are not accidentally pushing out unwanted software.

Can Protect rollback or uninstall any software items I have accidentally deployed using software distribution?

No. There is no rollback function for a deployment from Protect. Protect does have the ability to perform an uninstall of some patches, however, the majority of software distribution items have no uninstall function that can be run from Protect. This is why you need to be especially careful not to deploy all the software that Protect has the ability to push out when using the software distribution feature.

Affected Product(s)

Shavlik Protect 9.x

vCenter Protect 8.x