0patch Central (https://central.0patch.com) is a web application that allows 0patch users to centrally monitor and manage their 0patch Agents. Available features depend on whether the account is Enterprise-enabled or not.
Computers
The Computers page allows you to monitor and manage 0patch Agents across your computers.
Groups
In an Enterprise-enabled account, computers can be organized in an arbitrary number of groups, subgroups, sub-subgroups, etc., built on top of the root group called All Computers. Computers can be moved from one group to another, either individually or as a bulk operation. Each newly registered 0patch Agent lands in the All Computers group.
In a non-Enterprise account, there is just one group, All Computers, where all computers with 0patch Agent reside.
The Computers page shows some high-level data about the currently selected group on top, and group content and configuration - such as computers in the group, the group's patching policy, and group settings - on the bottom. This is where most of the action is.
COMPUTERS Tab
The COMPUTERS tab lists computers in the chosen group with 0patch Agent installed. The Status column shows whether the agent is enabled (green dot) or disabled (red dot), and the Patches column provides the number of currently relevant patches for this computer.
This tab also allows you to perform actions on listed computers, such as:
- moving selected agents to another group (Enterprise accounts only)
- updating selected agents to the latest version (Enterprise accounts only)
- enabling or disabling selected agents (Enterprise accounts only)
- deleting selected agents from 0patch Central
You can search computers by their name, Windows version, or IP address, and you can filter them by agent version, last agent sync time, and agent status.
The Hide Computers in Subgroups checkbox allows you to select whether you want to see computers from the current group only, or also from all subgroups. This comes especially handy in the All Computers group where you may want to perform actions on all computers in your organization regardless of which groups they are in (uncheck the Hide Computers in Subgroups checkbox).
To perform actions on computers, you can select any number of those listed, or check the Select All checkbox and select all computers that match the search and filter criteria.
Clicking on the computer name opens up a window showing details about the computer, including all patches currently relevant for it, i.e., patches that are currently getting applied on this computer whenever some process loads a module we have a patch for.
PATCHES Tab
The PATCHES tab lists all patches that are currently relevant on at least one computer in the group, including all subgroups. The Status column shows whether the patch is enabled (green dot) or disabled (red dot), and the Modules column provides the name of the executable module (e.g., awt.dll) the patch applies to
This tab also allows you to decide which patches you want to be enabled or disabled on all computers in this group. This effectively presents an important part of the patching policy for this group. You can't enable or disable patches individually for each computer, only for an entire group. (If you need to enable or disable certain patches on a single computer, you can always put it in a temporary subgroup, make the changes there, and later return the computer to the original group.)
On this tab, you can search patches by their CVE ID, executable module name, or description; or filter them by their enabled/disabled state.
To perform actions on patches, you can select any number of those listed, or check the Select All checkbox and select all patches that match the search and filter criteria. Available actions are:
- Enable
- Disable
- Inherit from parent group (not available in the All Computers group)
By selecting the Inherit from parent group option, selected patches will be enabled when they're enabled in the parent group, and disabled when they're disabled in the parent group. Should any of such patches also be set to Inherit from the parent group in the parent group, their state will be inherited from the grandparent group, and so forth up to the All Computers group.
SETTINGS Tab
The SETTINGS tab allows you to configure two settings for the current group:
- Default state for new patches: This setting applies to new patches that will be issued by 0patch in the future and may be relevant to computers in this group. If set to Enabled, any future patches we issue will be enabled in this group, and therefore immediately applied to computers in this group. If set to Disabled, future patches will start off being disabled and will have to be manually enabled via the PATCHES tab to start getting applied to computers in this group. Finally, if set to Inherit from the parent group, the Default state for new patches setting from the parent group will be honored.
-
Update agents automatically: This setting specifies whether 0patch Agents in this group are to immediately and automatically self-update as soon as 0patch issues a new agent version (approximately once a year). While we recommend automatic agent updating when possible, we understand that some organizations prefer to more closely manage software updates. When automatic updates are disabled for a group, agents in this group can be updated in one of these ways:
- Manual update via 0patch Central: Select computers you want to update, then under ACTIONS, select "Update Agent(s) to new version".
- Re-enable automatic updates for this group again; agent will update upon their next sync to the server.
- Update agents directly by installing the new agent MSI package over existing agents on your computers.
Note: when 0patch Agent is deployed via Group Policy Objects, we recommend disabling automatic agent updates and updating the agent only via Group Policy, because self-updating may get blocked by Windows, potentially leaving the agent in a dysfunctional state.
Account
The Account page provides information relevant to your account.
- Account name: You can edit your account name, which is displayed in 0patch Console on all computers in your account.
- Account key: Account key is a unique string assigned to your account, and can be used for automatic registration of newly-installed 0patch Agents during silent installation. (See 0patch Agent User Manual for details.)
- SINGLE SIGN-ON tab: Configure single sign-on for your account
USERS Tab
The USERS tab (Enterprise accounts only) allows you to manage users who can access your account. Each user is identified by an email and is assigned a role that can be:
- Owner: Has access to all features, cannot be deleted, can login to 0patch Central even if Enterprise license expires
- Administrator: Has access to all features
- Agent Manager: Can manage computers, 0patch agents, groups, patching policies
- Billing Manager: Can manage billing information
- Auditor: Has read-only access to everything
SECURITY Tab
The SECURITY tab (Enterprise accounts only) allows you to manage various security settings for your account:
- Authentication Options: Select which authentication methods can be used for logging in to 0patch Central; choose between "Email and Password" and "Single sign-on", and specify whether multi-factor authentication ("MFA") is required for all users in the account.
- Password Policy: Set the password policy for users in the account; users will be forced to change their password upon next login if needed.
- IP Address Restrictions: Specify a set of IP addresses or subnets from which your 0patch Central account can be accessed. This setting does not affect 0patch Agents - they can always sync from anywhere.
SINGLE SIGN-ON Tab
The SINGLE SIGN-ON tab allows you to set up SAML-based sign on and SCIM-based provisioning.
Billing
The Billing page provides information relevant to your billing.
- License use: This chart shows you how many valid licenses you currently have in your account ("Bought") versus the number of agents that are assigned these licenses ("Used"). If the latter exceeds the former, you need to purchase additional licenses or delete some agents from 0patch Central.
- SUBSCRIPTIONS tab: View and edit your subscriptions
- INVOICES tab: List all your invoices
- SETTINGS tab: View and edit your payment method and billing address, and set up additional emails for billing-related notifications
Dashboard
The Dashboard shows current notifications and various high-level data about your 0patch Agents. The dashboard is only available in Enterprise-enabled accounts.
Notifications
Notifications are currently relevant messages that alert you about some situation or state you might want to address, such as some agents haven't synced in a long time, some agents are disabled (you might have disabled, and forgot to re-enable them), or some agents haven't been upgraded to the latest version yet.
Statistics
High-level statistics tell you how many agents you have in how many groups, and how many different patches have been applied across your agents since you opened the account.
License Use
The License Use chart shows you how many valid 0patch licenses you currently have in your account versus how many registered agents you have.
Active Agents
The Active Agents pie chart shows you how many of your active agents (those regularly syncing) are enabled, and how many are disabled.
Agent Activity
The Agent Activity pie chart shows you how your agents are syncing. Normally, an agent on an Internet-connected computer should be able to sync once every hour (green). Agents on computers that got shut down overnight appear blue, while those that last synced in the last 30 days appear orange - which can be normal for computers that only get turned on once every few weeks for special operations, or laptops that aren't used every day. Agents that haven't synced in over 30 days appear red, indicating that there may be a connectivity problem there preventing 0patch Agent from contacting the server, or that the computer has been decommissioned and should therefore be deleted from 0patch Central to release its license.
Agent Versions
The Agent Versions chart shows you versions of your 0patch Agents. Agents of the latest version are marked green, agents of non-latest but still supported version are shown in orange, and agents that are not supported anymore appear in red. We recommend keeping 0patch Agents updated to the latest version to maintain access to the latest features and bug fixes.
Find answers to frequently asked questions about 0patch Central here.
1 Comments