I help run a large and varied network supporting a number of customers. We’re looking at Ansible to replace CA’s ITCM as our patch management tool.
Since most of our customer estates have no internet access we need to replicate our current setup as closely as possible.
Online Patching Server - downloads patches and sends to offline server
Offline Patching Server - Receives patches from offline server.
Customer patching servers - One server per customer. Receives patches from the Offline Server. Installs patches on all customer servers, including itself
Can Ansible work as follows.
-
The Online patching server downloads all patches needed for all platforms, windows, linux, etc.
-
The downloaded patches are SFTP’d from the Online patching server to the Offline patching server. This server has no internet access.
-
The downloaded patches are copied to the Customer patching servers, using ITCM’s built-in tools.
-
The Customer patching server install patches on all customer servers, delivering them from its own storage.