Scenario
Environment contains at least 1 core server (named "Test LANDESK Core in diagram below) that has full access to the intenet so it can download patches from the various vendor websites (Microsoft, Apple, Adobe, Google, etc). This core is used for testing new patches and has a small number of test clients connected to it for testing purposes.
The second core, "Production LANDESK Core Server", only has access to LANDESK.com and can't download patches directly from the vendors. This is the core that client systems connect to for Patch Management.
Access to LANDESK.com allows the production core to activate and download patch definitions.
This is not a true “air-gap” dark core, as the prod core can “see” patch.landesk.com to pull the XML patch vulnerability content, but not the patches. The test core will pull the patches, but does not have the “detected vulnerabilities” list - that is on the production core.
Challenge: Which Patches to Download if the Test Core Doesn't Have Client Detection Information?
It is possible to download ALL of the patches and replicate it to both cores. However this is a lot of diskspace that probably isn't needed.
Overview of Solution
By first copying detected definitions from the Production core to a custom group, we can target which patches need to be downloaded. Then only the needed patches can be copied to the production core.
Preparation
Before starting it is important to only scan devices for vulnerabilities that are current. Scanning for replaced definitions will cause unneeded patches to be downloaded.
Please see this document that outlines how to disable replaced rules: http://community.landesk.com/support/docs/DOC-24633
Setup on Production Core
- On Production core - Select all “Detected Vulnerabilities” and export as .ldms file
2. Copy exported .ldms file to test core. Create new public custom group, in this example "Exported Product Vulnerabilities". Import the .ldms file into this new group using “Insert items into selected group or owner”.
3. Select all vulnerabilities in this this custom group and “Download associated patches…”. Select “Show all associated patches”. You can chose to download all patches, any that have already been downloaded will be automatically skipped by the downloader.
4. Copy patch files from the test core server ldlogon\patch folder to the production server ldlogon\patch folder.
This can be automated by using Content Replication. See this doc: http://community.landesk.com/support/docs/DOC-20779
Special thanks to LANDESK SE, John Wycoff, for his help on this document.