HP UX Patch Management manual Recommendations for software change management

Page 46

Table 4-1 Operational factor and patch management strategy matrix

Patch Management

New Features

Unplanned Down Time

Impact on Core

Self-Maintenance

Strategy

 

 

Business

 

Restrictive

No

Unacceptable

High

No

Conservative

No

Unacceptable

Medium

No

Innovative

Yes

Acceptable

Low

Yes

The process of selecting an appropriate software change management strategy seeks to align behavior with the key business objectives of the systems involved. The goals of evaluating an operation and choosing an appropriate strategy include:

Reduced risk

Increased system and application availability

Reduced maintenance time

There are four operational factors that should determine your appropriate strategy:

New features

Do you need to introduce new operating system or application features into the operating environment?

Unplanned down time

What is your tolerance for the operation being unavailable outside the scheduled maintenance windows?

Impact on core business

How are business functions affected by down time?

Self-maintenance

This is an indication of whether or not all system planning and maintenance activities are performed inhouse without vendor or third-party involvement.

Recommendations for software change management

The following are recommendations for software change management that correspond to each software change strategy. They cover the following five areas:

Operating System and Applications

Includes versions of the operating system as well as the applications running in the environment.

Proactive Patching

Includes all patching activities for which no symptoms or problems are currently evident.

Reactive Patching

Performed in response to a visible system problem.

Change Management

Covers all processes and standards used to manage data center operations.

Test Environment

Includes systems, software, and equipment used to support the production operations. The test environment is used to evaluate changes before they are put into production.

Table 4-2: “Recommendations based on strategy” (page 47) offers recommendations to help you implement your chosen software change management strategy. Consider using DRD for all three strategies listed in Table 4-2to reduce downtime, perform maintenance during regular business

46 Patch management overview

Image 46
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startBefore you begin Quick start guide for patching HP-UX systemsOverview Should you use standard HP-UX patch bundles?Standard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD Patch identification HP-UX patch overviewPatch-related concepts HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateCategory tags StateSwlist -l fileset -a state grep patchid Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystemAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings HP patch rating Rating detailsPatch documentation Critical and noncritical patchesFinding information for a specific patch $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Advanced topic the readme attribute Obtaining information using the ItrcPatch warnings Swlist -l product -a readme patchid moreCritical and noncritical warnings Questions to ask How to handle patch warningsAdvanced topic finding patches with warnings Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Useful pages on the Itrc Using the IT Resource CenterObtaining an Itrc user account Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Support information digests Standard patch bundlesCustom patch bundles run a patch assessment Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Advanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots $ swreg -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -u -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Verification succeeded Verification had errorsRemoving software from a directory depot $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot $ swlist -l product @ /mydepots/patchdepot Installing patches from a depotRemoving a directory depot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index