Processing

Please wait...

Settings

Settings

Goto Application

1. CA2423175 - NON-INVASIVE AUTOMATIC OFFSITE PATCH FINGERPRINTING AND UPDATING SYSTEM AND METHOD

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]
CLAIMS
1. An automated method for at least attempting to update software in a system having a first target computer in a non-update state connected across a network to an update server in a pre-update state, the system also having a package computer which is inaccessible to the first target computer but accessible to the update server, and a repository component accessible to the first target computer and the update server, the method comprising the steps of: putting at least one patch fingerprint which defines a specific software update into the repository component, the patch fingerprint comprising a patch signature and an existence test; gathering information about the first target computer and sending the information back to the repository component; comparing at least a portion of the gathered information with the patch fingerprint to determine if the specific software update is absent from the target computer; if a known condition is met, then placing at least one task identifier on an update task list, the task identifier specifying the first target computer, the update task list stored at the update server, the task identifier also specifying at least one download address which references a location on the package computer that contains a software update for the first target computer; starting a task in response to the task identifier, the task attempting a first download of the software update from the package computer to the update server; if the first download completes successfully, then attempting a second download of the software update from the update server to the first target computer; and monitoring the attempted downloads for an outcome.
2. The method of claim 1, wherein the known condition is the software update being absent from the target computer.
3. The method of claim 1, wherein information about the target computer comprises at least one of: hardware configuration, current software installed, specific
software updates installed, registry information, file information, services currently running, web information, and configuration information.
4. The method of claim 1, further comprising a patch locating step which monitors at least one patch component database location for a new patch fingerprint, and wherein the putting step further comprises downloading the new patch fingerprint into the repository component after the new patch is located.
5. The method of claim 1, wherein the system further comprises a patch component database which signals the repository component that a new patch fingerprint is available, and wherein the putting step further comprises downloading the new patch fingerprint into the repository component after the new patch is located.
6. The method of claim 1, wherein the patch signature consists of specific computer information, the method further comprises the step of the repository component sending the patch signature to the target computer, and the gathering step further comprises the target computer gathering the specific computer information mentioned in the patch signature, and then sending the gathered computer information back to the repository component.
7. The method of claim 1, wherein the comparing step further comprises using the existence test together with the at least a portion of the gathered information to determine if the specific software update is absent from the target computer.
8. The method of claim 1, wherein the patch fingerprint further comprises patch inventory information, the system includes an inventory database containing target computer information and wherein the gathering step is started only if the target computer information and the patch inventory information match.
9. The method of claim 1, wherein the method further comprises notifying an administrator after the comparing step wherein notifying an administrator comprises sending a message to a predetermined address at least one of: an email message, a pager message, an instant message, a SNMP notification, and a voice mail message.
10. The method of claim 9, wherein the system comprises at least two target computers and the message comprises a list of all target computers from which the software update is absent and wherein the known condition to be met prior to placing the
task identifier on the update task list is a message from the administrator indicating consent.
11. The method of claim 1, wherein the method further comprises suspending the task after the monitoring step detects a download failure and then restoring the first target computer to the non-update state.
12. The method of claim 1, which further comprises removing the software update from the first target computer after the monitoring step detects a failure.
13. The method of claim 1, wherein the system includes at least two target computers both of which have received the download of the software update and wherein the monitoring step records an outcome of failure on at least one of the updated computers, further comprising the step of removing the updates from the at least two updated target computers.
14. The method of claim 1, wherein there are at least two package computers and the offsite update server determines which package computer to download the software update from based on a predetermined criterion.
15. The method of claim 1, wherein between the first and second downloads the method includes a delay step wherein the second download is delayed for a period which is based on a predetermined criterion.
16. The method of claim 15, wherein the delay step specifies a time delay and the specified time delay is based on an estimate of the time needed to download the software update from the package computer to the update server.
17. The method of claim 1, wherein there is at least a second target computer, the offsite update server contains an offsite update server list that lists each target computer that is to receive the software update, and the method further comprises the step of checking the offsite update server list for a target computer that has not received the update and if one is found, adding an update task identifier for that target computer to the update task list.
18. The method of claim 17, wherein the checking step is performed after the monitoring step determines that the outcome is successful.
19. The method of claim 1, wherein an outcome of success in the monitoring step is indicated by the target computer sending a message to the update server after the
second download has completed successfully, and wherein an outcome of failure in the monitoring step is indicated by the update server not receiving a message from the target computer within a time period that is based on a predetermined condition.
20. The method of claim 1, wherein the monitoring step further comprises watching the first target computer, for a time period that is based on a predetermined criterion, to at least attempt to detect abnormal activity associated with running the software update, and if abnormal activity is detected during the time period then declaring the outcome of the monitoring step to be failure.
21. The method of claim 1, wherein the monitoring step further comprises accepting messages from a help desk service, for a time period that is based on a predetermined criterion, to at least attempt to detect abnormal activity associated with running the software update, and if abnormal activity is reported during the time period then declaring the outcome of the monitoring step to be failure.
22. The method of claim 1, wherein the monitoring step further comprises notifying an administrator of the outcome, wherein notifying an administrator comprises sending to a predetermined address at least one of: an email message, a pager message, an instant message, a fax, a SNMP notification, or a voice mail message.
23. A target computer in a non-updated state which is located in a network and which is configured to attempt to receive a software package across the network, and to attempt to install on itself a received software package to update software, at least one update server being accessible to the network through a remote connection, a target computer update list on the update server containing a reference to a software package location; the target computer comprising: memory; a network connection; an update agent that reads the target computer update list from the update server, uses the reference to the software package to locate the software package; an installer that attempts to install the software package on the target computer; an outcome finder that determines if the software package installation was successful; and
a restorer that restores the target computer to a non-updated state if the outcome finder determines that the software package installation was not successful.
24. The target computer of claim 21, in combination with the update server to form a system.
25. The system of claim 24, wherein the update list further comprises a date, and wherein the update agent will wait at least until the date before attempting to download the software package.
26. The target computer of claim 24, wherein there are at least two update servers and the update agent determines which update server to utilize using at least one predetermined criterion.
27. The target computer of claim 26, wherein the predetermined criteria includes at least one of: selecting the first update server that is available, and selecting the least-busy update server.
28. The target computer of claim 23, wherein the target computer cannot directly access the software package, the update server can directly access the software package, and wherein the installer first attempts to download the software package to the update server memory, and if the first download is successful, the installer then attempts to download the software package from the update server memory to the target computer memory.
29. The target computer of claim 28, wherein the software package is kept in the update server memory and then deleted from the update server memory after at least one predetermined criterion is met.
30. The target computer of claim 28, wherein the update agent residing on the target computer initially checks the update server for the software package in the update server memory and if the software package is found there, the target computer downloads the software package directly from the update server.
31. The target computer of claim 23, wherein the software package is owned by an update host and is leased from the update host by a user.
32. The target computer of claim 23 in combination with the update server, wherein the update server is accessible to the target computer through a firewall and
wherein the update server must provide authentication before it can be accessed by the target computer.
33. The target computer of claim 23, further comprising means for notifying an administrator of the outcome finder results wherein the means for notifying comprises at least one of: email messages, pager messages, instant messages, SNMP notification, and voice mail messages.
34. The target computer of claim 23, wherein the location of the software package is specified by at least one of: a Uniform Resource Locator and a fully qualified domain name.
35. The target computer of claim 23, wherein the software package includes at least one of: a software patch to an existing file, at least one file to install a software application that has not previously been installed on the target computer, a data file, a script file, an executable file, and an update of the update agent.
36. The target computer of claim 23, in combination with a repository component which stores information about the target computer, the target computer further comprising a discovery agent that gathers information about the target computer and reports that information back to an inventory library in the repository component.
37. The target computer of claim 36, wherein the information gathered comprises at least one of: usage statistics, hardware configurations, current software installed, specific updates installed, specific patches installed, registry information, file information, services currently running, patch signatures utilized, and configuration information.
38. The target computer and repository component system of claim 36, further comprising at least one patch fingerprint which contains information used to determine whether a software package associated with the patch fingerprint is installed on the target computer, the patch fingerprint comprising a patch signature and an existence test.
39. The system of claim 38, the patch fingerprint further comprising general install information and the system including an evaluator which evaluates at least a portion of the stored inventory library information about the target computer using the general install information to determine if the software package associated with the patch fingerprint can be installed on the target computer.
40. The system of claim 39, wherein the patch signature includes a request for specific install information, the discovery agent first locates in the target computer the specific install information mentioned by the patch signature, and then sends the specific install information back to the repository component.
41. The system of claim 40, wherein the evaluator uses the existence test and the specific install information to determine if the software package associated with the patch fingerprint is installed on the target machine.
42. The system of claim 39, wherein the evaluator determines if the target computer possesses a necessary computer configuration to successfully install the software package associated with the patch fingerprint.
43. The system of claim 42, wherein the necessary computer configuration comprises at least one of: a software package that should be present, a hardware component that should be present, a software package that should be removed, a hardware component that should be removed.
44. The system of claim 39, further comprising a patch component database which includes new patch fingerprints, and wherein a downloader is signaled when a new patch fingerprint is installed on the patch component database.
45. The system of claim 44, wherein there are at least two target computers, the system further comprising a separate target inventory for each of the at least two target computers, wherein a notifier uses the evaluator in combination with the target inventories to create the update list which identifies zero or more target computers wherein the software package associated with the patch fingerprint is absent, and the notifier then notifies at least one administrator of the update list.
46. The system of claim 45, further comprising a report generator which generates reports comprising a list of zero or more computers wherein the patch is absent as well as a list of zero or more computers wherein the patch is present.
47. The system of claim 45, wherein notifying an administrator comprises sending at least one of an email, pager, telephone message, instant message, fax, beeper, or
SNMP notification to a predetermined address.
48. The system of claim 45, wherein the patch component database is owned by an update host, the target computer has an owner, and the downloader is allowed to
replicate the new patch fingerprint and associated patch information only if the target computer owner has permission from the update host.
49. The system of claim 48, wherein the permission consists of at least one of: a purchase agreement, a lease agreement, an evaluation agreement.
50. The target computer of claim 23 in combination with the update server, wherein the target computer further comprises a current configuration, and the update server further comprises a recommended configuration, the system further comprising a surveyor which scans the target computer for its current configuration, compares the current configuration to the recommended configuration, and then prepares a proposed update list utilizing the current configuration and the recommended configuration.
51. The system of claim 50, wherein a new target computer is added to the system, the surveyor scans the new target computer generating an update list, and an administrator is automatically notified of the update list for the new target computer.
52. The system of claim 51, wherein the new target computer usage is restricted until a predetermined condition is met.
53. The system of claim 52, wherein the predetermined condition comprises at least one of: the new target computer is updated to at least partially meet the update list, the administrator gives permission.
54. The target computer of claim 23 in combination with the update server, wherein the update server further comprises a backup creator, and wherein the backup creator creates a copy of the target computer before the installer installs the software package, and wherein the copy of the target computer is used by the restorer to restore the target computer to the non-updated state if the outcome finder determines that the software package installation was not successful.
55. The system of claim 53, wherein the copy of the target computer is stored in a memory of the update server.
56. A configured program storage medium having a configuration that represents data and instructions which will cause at least a portion of a computer system to perform method steps for at least attempting to update software in a system having a first target computer in a pre-update state connected across a network to an update server in a pre-update state, the system also having a package computer which is inaccessible to the
first target computer but accessible to the update server, and a repository component accessible to the first target computer and the update server, the method comprising the steps of: gathering information about the first target computer and sending the information back to the repository component; putting at least one patch fingerprint which defines a specific software update into a repository component, the patch fingerprint comprising a patch signature and an existence test; comparing at least a portion of the gathered information with the patch fingerprint using the existence test to determine if the specific software update is absent from the target computer; if a know condition is met then placing at least one task identifier on an update task list, the task identifier specifying the first target computer, the update task list stored at the update server, the task identifier also specifying at least one download address which references a location on the package computer that contains a software update for the first target computer; starting a task in response to the task identifier, the task attempting a first download of the software update from the package computer to the update server; if the first download completes successfully, then attempting a second download of the software update from the update server to the first target computer; and monitoring the attempted downloads for an outcome.
57. The configured storage medium of claim 56, wherein the known condition is the software update being absent from the target computer.
58. The configured storage medium of claim 56, wherein information about the target computer comprises at least one of: hardware configuration, current software installed, specific software updates installed, registry information, file information, services currently running, and configuration information.
59. The configured storage medium of claim 56, wherein gathered information is placed in a database in the repository component such that the information about the target computer can be accessed by the repository component.
60. The configured storage medium of claim 56, further comprising a patch locating step which monitors at least one patch component database location for a new patch fingerprint, and wherein the putting step further comprises downloading the new patch fingerprint into the repository component after the new patch is located.
61. The configured storage medium of claim 56, wherein the method further comprises notifying an administrator after the comparing step wherein notifying an administrator comprises sending a message to a predetermined address at least one of: an email message, a pager message, an instant message, a SNMP notification, or a voice mail message.
62. The configured storage medium of claim 61, wherein the system comprises at least two target computers and the notifying an administrator message comprises a list of all target computers that lack the software update.