Kaseya Community

Patch Management with Lancache

  • Hello. I'm looking for suggestions on how best to handle patching. Our infrastructure is setup so the we have 1 main site that has datacenter and internet access. Connected to the main site by mainly small t1 connections we have some smaller sites. Right now we are using the lancache option for patching the workstations. After patches are downloaded on a windows patching day to the lancache server and then begin to be distributed to the client we get hit very hard on those t1 links and it disrupts other more important traffic. How is the scheduling done to update the machines? Is it just a free for all to get the updates from all clients that are online? I would like to be able to have some control over when all these machines, maybe stagger the sites so not all machines are hitting the lancache at once? Can this be done? Thank You

  • Can you make a seperate Lan Cache at each site? If they aren't already, make the different locations sub groups of your main machine group, then use Policy Management to assign a different Lan Cache machine for each machine group.   If they are all workstations, you can add an external HDD to one of them to minimize impact and store the files there.  Otherwise... The files should be getting pulled when each agent updates... so might need to adjust your patching window to spread them out over more time.

  • Yes i agree about adjusting my patching window but how does one do that in patch mgmt? I'm not finding any where that i can control that? Is there? Thanks

  • ,

    Navigate to Patch Management > Automatic Updates and configure the schedule.  You can use Policy Management to schedule the update cycle, but if you're not yet using Policy, I would recommend doing this directly via patch.

    I also recommend you create yourself an account at university.kaseya.com and check out the Public (free) curriculum available.  Specifically, check out the Technician Learning Path available within the Public Curriculum category.  There are a tremendous number of learning opportunities available to help you with standard technician-related tasks, how the system works, how to use scheduling, patch updates, etc.

  • Thanks Brande. We have been using policy manager to control the update schedule. The settings at set to Run at 12:15am with a distribution window of 8hrs. the schedule is once a week on wed and thur. So what we’re seeing is that we have heavy traffic well beyond the 8 hr. window that the schedule is set for. If it supposed to stop at 8am it’s going until almost noon before it settles down. Is it possible that the lancache server has even downloaded all the patches by 12:15am to even begin distributing them? Seems unlikely to me but not sure? Do you see anything in our settings that might be adjusted to help with the traffic? Thanks

  • The distribution window affect the START time only.  The process will run until complete.  

    I do recommend that the LAN Cache is on the local LAN of each network, otherwise there's little benefit to using a LAN Cache (there are some, but in most cases, not enough to balance the cons).  One of the major drawbacks to using  LAN Cache that's not actually on the LAN is that the traffic will take longer to complete.  You're passing a lot of data over a limited pipe, where if the LAN Cache is on the local LAN, the limited pipe (to the internet) is used just once and then your internal network, which almost certainly has higher transfer speeds, is distributing the patches from the LAN Cache to the individual machines.  Depending on the amount of work, number and size of patches, etc., it is theoretically possible that the downloads are not completing in as timely a fashion as you would expect.

    If your endpoints have access to the internet, and if you cannot configure an on-LAN file share, you might find that setting the file source as "Download from internet" will be faster as the amount of data that needs to transfer may be reduced.

    I do recommend you open a ticket with support (helpdesk.kaseya.com) to eval what options might be available to you given your specific infrastructure and requirements.