JetPatch supports custom compliance calculations using Compliance Rules, defined by the user.
Custom compliance supporting the business needs along with the enforcement and technological limitation.
Scenarios for using Custom Compliance can be:
- The environment has Windows endpoint that are running .Net based application and you don't want to update the .Net software to eliminate potential application failures and downtimes.
- The environment is running Docker based applications on Linux endpoints and you don't want to update the Docket application becuase they are not supported by your application.
By defining relevant Compliance rules, you can configure JetPatch to ignore/exclude .Net/Docket patches from compliance calculations and patching operations on specific endpoints.
To define a Compliance Rule, go to "Compliance" page under "System" menu.
Note - the "Compliance" page is visible for admins only.
In a Compliance rule, you can define which patches will be ignored/excluded on a set of endpoints.
- Patches list - defined by saved Patch Filters.
- Example #1: All kernel patches on CentOS 7
- Example #2 All "BugFix" patches for Linux
- Endpoints list - defined by Servers Tags
- Example #1 - All servers that should not update kernel, using "No Kernel" tag.
- Example #2 - All Production servers, using "Prod" tag.
In the Compliance table you will see the configured Compliance rules:
- Name - Compliance rule name.
- Description - Compliance rule description (explain the rule reason in - recommended).
- Tag - the relevant Server tag to specify the affected endpoints.
- Patch Filters - List of patches filters (clickable) representing the patches to exclude from the endpoints.
- Status (Enabled/Disabled) - will decide if JetPatch should consider the rule in the Compliance calculations and patches actions, or not.
- Last Modified - Date of last modification.
- Affected Endpoints - The number of affected endpoints (clickable).
Note - when clicking on the Affected Endpoint count it will redirect to the Management page with the Tag applied. It is likely that the table will show additional endpoints that are not affected from the rule, but are assigned to the relevant tag.
Adding a new Compliance Rule
Clicking on the ADD EXCLUSION RULE will open a window for adding the requested Compliance rule (same properties as above).
Note - The rule is disabled by default and can be enabled from the "Create Compliance Rule" screen (top left switch) or from the Compliance table by clicking on "enable/disable" action on the rule row.
Configure Views based on Compliance Rules
When reviewing the Patches Catalog and Management table, you can decide to see the compliance detailed based on the Compliance rules.
You can go to the "User Settings" configuration, located In the top-right menu of JetPatch, and in the "Compliance" section there is "View compliance inforamtion in Patches Catalog and Management based on Compliance Rules". Turning this on will reflect the compliance information after considering the Compliance rules while disabling thise setting will show total compliance regardless the configured Compliance rules.
Enabling the setting will affect on:
- Needed On - the "Needed On" counter will reflect the number of servers that needs this patch after filtering out the servers that are not allowed to deploy this patch.
- Patching Status - the number of "Not Installed" patches (grey part in the bar) will reflect the number of patches after considering the Compliance rules.
- Endpoint Compliance - Will show the Compliance percentage based on the Compliance rules.