On-Demand Deployment

On-demand deployment is intended for immediate rollout of specific patches. Use it for urgent security fixes, critical bugs, or targeted updates without waiting for scheduled runs.

This section walks through how to create an on-demand deployment for targeted endpoints.

Navigate to Patch Management > Deployments and select Create On-Demand Deployment to begin.

Deployment Information

Provide these details to identify and track the deployment.

  • Title: Enter a brief, memorable name.
  • Description: Specify the target, purpose, and expected outcomes.
  • Tags: Add tags for easy categorization and filtering.

Deployment Schedule

Define the start and end time for the patching window.

  • Date: Select the run date (e.g., 3/11/2026).
  • Start time: Set the exact future start time.
  • End time (optional): The time deployment automatically stops. You can add an end time by clicking Add end time.
    • If no end time is specified, the deployment will only be marked as completed after all endpoints have finished their patching process and reported their results back to My OPSWAT Central Management.
    • Offline endpoints during the window are marked Unreachable.

Deployment Timezone

Choose execution timing across locations.

Fixed Timezone

A fixed timezone uses a single, consistent reference time such as UTC−7 or UTC+0 for all targeted devices. All endpoints begin the patching process at the exact same moment globally.

For example, a deployment scheduled from 5:00 PM to 7:00 PM (UTC-7) runs as:

  • 5:00 PM–7:00 PM on UTC-7 endpoints.
  • 10:00 AM–12:00 PM on UTC+0 endpoints.
  • The window shifts accordingly for all other timezones to align with UTC-7 anchor.

Use fixed timezone when you need to:

  • Align with a primary data center’s maintenance window.
  • Comply with regulatory requirements mandating off-hours in a specific jurisdiction.
  • Coordinate changes with a central operations team in one region.
  • Stage rollouts region-by-region based on a standard time like UTC.

Local Timezone

A local timezone ensures that every endpoint executes a deployment at the same wall-clock time, based on its own geographic location.

Devices wait until their internal clock hits the scheduled start, creating a sequential global rollout rather than simultaneous execution.

For example, a 5:00 PM–7:00 PM (Local Time) window triggers:

  • 5:00 PM–7:00 PM in UTC-7 Pacific Time.
  • 5:00 PM–7:00 PM in UTC+0.
  • 5:00 PM–7:00 PM in every other local timezone.

The system prevents "same-day" starts if that time has already passed in the earliest timezone (e.g., UTC+14), ensuring feasibility worldwide.

Use local timezone when you need to:

  • Run patches consistently "after-hours" in every region.
  • Minimize user disruption for a globally distributed workforce.
  • Deliver predictable maintenance windows tailored to regional IT leads.

Reboot Options

Customize reboot behavior to ensure patches are finalized with minimal disruption to users.

  • You can set how often the endpoint prompts the user to restart (e.g., every 1 or 2 hours).
  • You can set the number of prompts a user can skip before the system triggers an automatic reboot to enforce the updates.

Targeted Devices

Select the endpoints to receive this deployment.

Note Deployments support Windows devices only.
  • All Devices: Deployment will be performed on all devices.
  • Specific Groups: The deployment will be performed only on the selected groups.
  • Specific Devices: The deployment will be performed only on the selected devices.

Patch Selection

Choose the patches you want to install.

Note Deployment supports Windows patches only.

  • Automated Patch Selection: Includes patches that match your criteria (e.g., "critical severity"). If you set multiple conditions, a patch only needs to match one to be included.
  • Specific Patches: Manually select the exact patches you want to deploy in this on-demand deployment.
  • Rejected and unsupported patches are automatically excluded from the deployment, even if they match your selection criteria.

Report

Configure notifications for deployment completion.

Add one or more email addresses (e.g., admins, security teams). Recipients get a summary with per-device status: Success, Failure, or Unreachable.

Once a deployment is created, navigate to Patch Management > Deployments to monitor patching process. Refer to Deployment Management guideline for detailed instructions.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Patch Management Policy
On This Page
On-Demand DeploymentDeployment InformationDeployment ScheduleDeployment TimezoneFixed TimezoneLocal TimezoneReboot OptionsTargeted DevicesPatch SelectionReport