Method, apparatus, and program product for autonomic patch deployment based on autonomic patch risk assessment and policies
First Claim
Patent Images
1. A computer implemented method for automatic patch deployment, the method comprising:
- receiving, by a hardware processor, a patch to be installed for a software component on an endpoint device;
receiving, by the hardware processor, a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used;
identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be applied;
retrieving, by the hardware processor, a policy; and
deploying, by the hardware processor, the patch according to the level of risk and the policy.
0 Assignments
0 Petitions
Accused Products
Abstract
An automatic patch deployment system is provided that deploys a patch according to an assessed risk and a policy. The policy may specify actions to be taken to deploy the patch for different categories of risk. The automatic patch deployment system receives a patch notification, an assessment of the risk, and the policy and deploys the patch accordingly. For example, installation of a patch may be indefinitely delayed for high risk patches, rescheduled for medium risk patches, or installed immediately for low risk patches.
38 Citations
20 Claims
-
1. A computer implemented method for automatic patch deployment, the method comprising:
-
receiving, by a hardware processor, a patch to be installed for a software component on an endpoint device; receiving, by the hardware processor, a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used; identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be applied; retrieving, by the hardware processor, a policy; and deploying, by the hardware processor, the patch according to the level of risk and the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An automatic patch deployment system comprising:
-
a managing server comprising a hardware processor executing computer usable program code, wherein the managing server receives a patch to be installed for a software component on an endpoint device and receives a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used; a policy engine that identifies one or more policies for the patch, wherein the policy is identified based on a service level agreement for the software component and a geographical location of where the patch is to be applied and sends the one or more policies to the managing server, wherein the managing server deploys the patch at the endpoint device according to the level of risk and the one or more policies. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product comprising:
-
a non-transitory computer usable medium having computer usable program code for automatic patch deployment, the computer program product including; computer usable program code for receiving a patch to be installed for a software component on an endpoint device; computer usable program code for receiving a risk assessment for the patch identifying a level of risk for installing the patch on the endpoint device, wherein the risk level is a probability that installing the patch into the application will result in a hang of the endpoint device or require a reboot of the endpoint device, and wherein the risk level is based on activity information from a monitor of the endpoint device, wherein the activity information is a percentage of resources of the endpoint device being used; computer usable program code for identifying a policy that is applicable to the patch from a policy storage, wherein the policy is applicable to the patch based on a service level agreement for the software component and a geographical location of where the patch is to be applied computer usable program code for retrieving a policy; and computer usable program code for deploying the patch according to the level of risk and the policy. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification