(Note: 0patch Enterprise subscription is required.)
With traditional software updates that replace large chunks of the product, it is all too common that an update breaks some critical functionality and disrupts production. Because of that, organizations often apply updates to a group of testing computers first, wait for some time to see if anything broke, and only then proceed with applying said updates to more critical systems.
While micropatching minimizes this risk by only changing the exact vulnerable code while literally leaving everything else in place, 0patch Central can still be configured to use the testing-production model described above:
- Create a group called Testing under the All Computers group and move all testing computers to that group.
- In the Testing group, under the SETTINGS tab, set the Default state for new patches setting to Enabled.
- Create a group called Production under the All Computers group and move all production computers to that group.
- In the Production group, under the SETTINGS tab, set the Default state for new patches setting to Disabled.
When we issue new patches, these will be automatically and immediately enabled on, and thus applied to, computers in the Testing group. In contrast, they will be initially disabled on computers in the Production group and will have to be manually enabled at 0patch administrator's discretion via the PATCHES tab in the Production group.