JP1/Software Distribution enables you to use the managing server to obtain patches provided by Microsoft, such as security updates and service packs. You can then use the remote installation facility to apply the obtained patches to clients. You can also obtain information about the patches (patch information) that have already been applied to the clients (or not applied to clients). This means that you can use JP1/Software Distribution for centralized management of the entire operation flow from obtaining patches to managing their application status.

Thus, by using JP1/Software Distribution to manage the application status of patches, you can maintain system security based on the timely and accurate application of patches, without having to deploy WSUS.

To obtain patches, you first obtain a patch information file. For details about how to obtain the current patch information file, see the Readme file for JP1/Software Distribution Manager.

The patch information file contains information about patches available from Microsoft. You use this file to decide which patch data you wish to obtain. The patch information file is updated based on the patches that are currently being provided by Microsoft.

The following figure shows the operation flow for centralized management of patch application status.

Figure 1-16 Operation flow for centralized management of patch application status

Management of patch application status is separated into the following three operations:

• Obtaining patches to be applied to clients
• Distributing the obtained patches
• Detecting client patch information

The following subsections explain these operations.

(a) Obtaining patches to apply to clients

You obtain patches based on the information in the patch information file. JP1/Software Distribution enables you to manage patch acquisition status and to configure your system to obtain patches automatically. You can also automatically package the patches you have obtained.

For details about the patch acquisition feature, see 2.7.1 Obtaining patches to apply to clients.

(b) Distributing the obtained patches

You use the software distribution facility to apply the obtained patches to the clients. A package can be created automatically when patches are obtained, which relieves you of having to perform the packaging work.

For details about the software distribution facility, see 2.1 Software distribution (remote installation).

(c) Detecting client patch information

You use WUA or MBSA 1.2.1 to detect information about patches at clients. Client patch information can be collected and managed as software information.

For details about the patch information detection feature, see 2.7.2 Detecting client patch information.

Some WSUS security update management tasks can be distributed from JP1/Software Distribution.

By linking with WSUS, you can use JP1/Software Distribution to create a WSUS computer group and update the approval status of security updates, which reduces the burden of managing security updates.

For details about the functions that can be linked with WSUS, see 2.7.3 Linking with WSUS to manage security updates.

If a problem occurs with the available capacity in a hard disk or in memory at a client, the client system monitoring facility can send an alert to the central server and the system administrator can check the alert log file or use the Event Viewer to check the situation. This enables the system administrator to monitor the status of the entire client system.

The client user can also be alerted to a problem by a means such as a pop-up message, thus facilitating local system management.

To implement alerts, you start the system monitoring facility at each client and set it up so that alerts will be sent to a higher JP1/Software Distribution system. The alert information will be relayed if there is a relay system between the client and the managing server. This enables the managing server and relay system to monitor for any alert status in any of the lower-level clients.

The following figure gives an overview of client system monitoring.

Figure 1-17 Client system monitoring

Managing server and relay system can check CSV files and the Windows NT Event Viewer for alert information. They can also send messages to JP1/IM.

For details about monitoring client systems by means of alert reports, see 2.7.4 Monitoring client systems.

To send information, such as notes and warnings, to a client, the administrator can execute the Report message job to send a message to the client at the job destination. Any information can be specified as the message. You can select whether to send the message in text format or in HTML format. This does not take up space in the client's PC memory because there is no need to send a package, and the message is deleted once it is read by the client. This facility is useful for sending a warning message to a specific client where there is a security problem, or for sending system maintenance information to multiple clients in the batch mode.

The following figure shows an overview of message transmission to a client.

Figure 1-18 Message transmission to a client

For details about sending messages to clients, see 2.7.5 Sending messages to clients.

AMT Linkage, which is provided as a component of JP1/Software Distribution, enables you to use AMT power control to control any of your client computers that support AMT. Note, however, that you cannot use this power control on clients that are in a wireless LAN environment.

You can also set up AMT Linkage so that a client will always be recognized as the same asset, even after you have re-installed it. By remotely controlling a client whose power is turned off, you can set up its BIOS, or execute a diagnostic program from a floppy disk inserted in the central manager's computer.

For details about controlling clients that use AMT, see 2.7.6 Using AMT to control clients.