In order to improve the Predictive Patching results, JetPatch will collect a dedicated set of information related to any patch transaction and Endpoint Readiness that happened recently.

The data contains only technical information without any plaintext identification (ie: data is anonymized).

How It Works

JetPatch will collect details about any patch transaction that happened recently (since the last file was saved) and the Endpoint Readiness information.

JetPatch can store the data files locally, send them to a remote service, or both.

Send data files to a remote service

Data files will be automatically sent to a remote service/JetPatch data lake without the need to be saved locally. The communication to the remote service will occur :

1. Every time a patch transaction is finished - the patch result and details will be sent 
2. Every time an Endpoint Readiness criterion is changed - the relevant Endpoint Readiness criteria will be sent.

Note - JetPatch has a built-in capability to serve other JetPatch applications as the remote service for sending the data files.

Store data files in a local folder

The Predictive Patching Data Collection can store the data files in a configured local folder.

JetPatch will create an inner folder insider the path, based on the configured format, and will dump any patch transaction details immediately after finishing, to a single file.

Once JetPatch creating a new folder, the previous folder is archived in a tar.gz file to save space.

For example:

• On the 1st of January 2021, a patch transaction is happening. JetPatch will create a folder with the name "2021-01-01" and will store all patch transactions that happened on the same day in the folder.
• Two days after, another Remediation Plan is starting to work. Once the patch transaction completed, JetPatch will:
  • Archived the previous folder "2021-01-01" into a tar.gz file.
  • Create a new folder "2021-01-03"
  • Create a new data file representing the new patch transaction

Cleanup Local Folder

If Data Collection is configured to save the data to a local folder, JetPatch will invoke a cleanup procedure:

Every JetPatch startup or after saving 10000 records of patch transactions, JetPatch will check if the root folder exceeded the configured size limit and in case it passed the limit - JetPatch will clean old files till the size of the folder is 90% of the size limit.

For example:

In JetPatch Startup, the size of the local folder is 120MB while the size limit is 100MB. JetPatch will clean 30MB, starting from the oldest file, to reach 90MB.

Prerequisites

• The JetPatch Server should be able to communicate JetPatch Data-lake. It can be made through proxy configuration (see below) or using a direct network.
• Ports - Outbound communication to port 443 (HTTPS Protocol)

Configuration

All the configurations below should take place in intigua.properties file:

Enable Remote Predictive Patching Data Collection

Note - This is the recommended configuration

# prediction data will be collected from the system
pg.prediction.data-collection.enabled=true

Remote service URL

The remote service that Jetpatch will send the Predictive Patching Data Collection to

# URL for remote service to collect prediction data 
# Setting the URL enables remote saving
pg.prediction.data-collection.service.url=https://datalake.jetpatch.com/vmanage-server/services/prediction-data

Remote service credentials

# user and password for the remote prediction data collection service
pg.prediction.data-collection.service.user=Admin
pg.prediction.data-collection.service.password=q9@xp*Nt3GZ#v5*Ht!NUHW46QNt*#v

Proxy configuration for sending the data files to the remote service

# proxy is enabled for remote prediction data collection service
pg.prediction.data-collection.proxy.enabled=false
# General proxy details for JetPatch
proxy.host=
proxy.port=

You can find the suggested configuration in the attached file data-collection-remote-service.txt

Once configured, restart tomcat

service tomcat restart

Enable Local files saving details (for isolated environments)

Enable saving the data to local files

# prediction data will be saved locally
pg.prediction.data-collection.local.enabled=true #default false

Local path

The path (folder) that JetPatch will save the data files in it.

# local path for prediction data that collected either locally or from the remote service 
# as ex. /usr/share/intigua/prediction-data
pg.prediction.data-collection.local.path=/usr/share/intigua/prediction-data

Note - If JetPatch serves as a remote service (saving the data of a different JetPatch instance) the files will be saved in the same path.

Folder format

By default, the file will be created in a folder with the format of "yyyy-MM-dd" (year-month-day).
Another option is to create a dedicated folder for each hour using the format of "yyyy-MM-dd-HH" (year-month-day-hour)

# date format to create/switch tar.gz file from current date. With the default 
# format (yyyy-MM-dd) the file will be created once a day
# the format (yyyy-MM-dd-HH) the file will be created once a hour
pg.prediction.data-file.date-format=yyyy-MM-dd

Cleanup Max folder size

Check Cleanup Local Folder for more information 

# 100MB limit for all files in the ${pg.prediction.data-collection.local.path}, 
# all exceeding amount will be removed from old to new
pg.prediction.data-collection.clean-up.size-limit.mb=100

You can find the suggested configuration in the attached file data-collection-local-service.txt

Once configured, restart tomcat

service tomcat restart

Data Collection

JetPatch collecting the following information:

Patch Transaction

The data in the saved file will represent any patching operation that happened in the environment.

The information will include:

1. General details:
   1. Timestamp
   2. JetPatch id
   3. Manager version
2. Relevant Endpoint details:
   1. OS version
   2. OS type
   3. OS Architecture
   4. Already installed patches
   5. Already installed agents + version
   6. endpoint_power
   7. endpoint_status
   8. connector status
   9. connector state
   10. CPU Count
   11. CPU utilization
   12. Memory Size
   13. Memory utilization
   14. Disk space
   15. Disk space utilization
   16. AWS / Azure region
3. Remediation details:
   1. Automation activity ID + Mgr' ID
   2. RP ID + Mgr ID
   3. Group ID + Mgr ID
   4. Total number of updates in RP
   5. Remediation Activity parameters
   6. Activity exit code
   7. Activity output
   8. Patch details (for each patch)
      1. Patch title
      2. Patch UID
      3. Patch status including failure reason
4. Process details:
   1. MW ID + Mgr' ID
   2. MW UTC start time / end time

Endpoint Readiness

The information will include:

1. General details:
   1. JetPatch id
   2. Timestamp
2. Readiness Criteria:
   1. PowerShell version
   2. PowerShell Execution Policy
   3. WSUS Automatic Updates
   4. Update Service Location
   5. WSUS URL
   6. Connector Ready
   7. Advisory Ready
   8. Packages Ready
   9. Repositories Ready
   10. Subscription Ready
   11. PowerShell Version Ready
   12. PowerShell Policy Ready
   13. Communication with the WSUS Ready
   14. Readiness percentage
   15. List of repositories
   16. List of required repositories