HP UX Patch Management Consideration of HP patch rating, Patch management and software depots

Page 47

hours, and provide an efficient way to back out changes if necessary. See Chapter 9 (page 86) for more details.

Table 4-2 Recommendations based on strategy

Strategy

OS & Applications

Proactive Patching

Reactive Patching

Change

Test Environment

 

 

 

 

Management

 

Restrictive

Stable release,

Use only

Make fewest

Formal plan with

Dedicated

 

available for one

thoroughly tested

changes possible

explicit roles and

equipment that

 

year or more.

patches with the

to restore

responsibilities.

matches

 

 

highest level of

function.

Prepared plan to

production

 

 

exposure.

 

environment,

 

 

Perform full

back out changes,

 

 

 

diagnostic

if necessary.

including

 

 

 

simulated loads.

 

 

 

analysis before

Documented

 

 

 

 

 

 

 

attempting a

 

 

 

 

disaster recovery

 

 

 

 

solution.

 

 

 

 

plan that is

 

 

 

 

 

 

 

 

 

 

updated and

 

 

 

 

 

tested at least

 

 

 

 

 

yearly.

 

Conservative

Stable release,

Use only

Make fewest

Formal plan with

Dedicated

 

available for six

thoroughly tested

changes possible

explicit roles and

equipment that

 

months or more.

patches with

to restore

responsibilities.

matches

 

 

substantial

function.

Prepared plan to

production

 

 

exposure.

 

environment.

 

 

Perform full

back out changes,

 

 

 

diagnostic

if necessary.

 

 

 

 

analysis before

 

 

 

 

 

attempting a

 

 

 

 

 

solution.

 

 

Innovative

Stable release,

Carefully review

Focus on

 

available for two

patches for risks

restoration of

 

months or more.

and benefits.

function.

 

 

 

Limit number of

 

 

 

concurrent

 

 

 

changes.

Established roles

Test or

and

development

responsibilities.

equipment or off

 

hours on

 

production

 

environment.

Consideration of HP patch rating

Regardless of the type of patching strategy you choose to implement, you should include a policy detailing when it is appropriate to select patches for each HP patch rating. Based on rating alone, it is always appropriate to select a patch rating of 3, but under what circumstances will you allow patches rated 2 or 1 to be installed?

For more information about HP patch ratings, see “HP-UX patch ratings” (page 34).

Patch management and software depots

Users with multiple systems generally find that, regardless of the type of patching strategy they choose to implement, patch management is best accomplished by managing patches in centralized software depots. You should maintain one depot for each set of similarly configured systems.

You then use these depots as your patch source for all patch installations. In this way, you can maintain the same patch level on all the systems with less overall effort. Using depots also minimizes reboots when you install new patches. You should be able to install the entire content of a single depot with only a single reboot.

For more information about these SD-UX software depots, see Chapter 7: “Using software depots for patch management” (page 64).

Patch management and software change management strategies 47

Page 46 Page 48
Image 47
Page 46 Page 48
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesShould you use standard HP-UX patch bundles? Quick start guide for patching HP-UX systemsOverview Before you beginAcquiring the bundles Acquiring and installing standard HP-UX patch bundlesStandard HP-UX patch bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD HP-UX software structure HP-UX patch overviewPatch-related concepts Patch identificationSoftware depots and patch depots Patch bundlesPatch state Patch statusSwlist -l fileset -a state grep patchid StateCategory tags Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependencies$ swlist -l fileset -a ancestor PHSS29183 Ancestors and supersessionAncestors $ swlist -a appliedpatches Xserver.AGRM SupersessionSwlist -a appliedpatches filesetname Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Corequisites and prerequisites Patch dependenciesTypes of dependencies Swlist -vl fileset -a dependencytype fileset Enforced and unenforced manual dependenciesImpact of dependencies on acquiring patches Patch commitment Patch rollback and commitmentPatch rollback HP-UX patch ratings Advanced topic patch cleanup utilityCleanup -p -c number Rating details HP patch rating$ swlist -l product -a categorytag PHSS30011 Critical and noncritical patchesFinding information for a specific patch Patch documentationSubset of fields in patch text file and patch details Swlist -l product -a readme patchid more Obtaining information using the ItrcPatch warnings Advanced topic the readme attributeCritical and noncritical warnings Advanced topic finding patches with warnings How to handle patch warningsQuestions to ask Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedStandard HP-UX patch bundles Key featuresWhat are standard HP-UX patch bundles? Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Find individual patches Using the IT Resource CenterObtaining an Itrc user account Useful pages on the ItrcAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Ask your peers in the forums Standard patch bundlesCustom patch bundles run a patch assessment Support information digestsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsSwlist -l depot Viewing depotsChoosing depot type and depot location $ swlist -l depot @ swdepot.xyz.com $ swlist -l depotSwlist -l depot @ remotesystem Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsCopying products with patch dependencies to depots Registering and unregistering directory depotsAdvanced topic HP-UX Software Assistant $ swreg -u -l depot /depot/patches/2003-07periodicdepot Advanced topic access control listsExamples of registering and unregistering depots $ swreg -l depot /depot/patches/2003-07periodicdepot$ swverify -d \* @ /mydepots/newdirectorydepot Verifying directory depotsExamples of verifying directory depots $ swverify -d \* @ /mydepots/PHSS30278depot Verification had errorsRemoving software from a directory depot Verification succeededExecution succeeded $ swlist -l product -d @ /mydepots/patchdepot $ /usr/sbin/cleanup -d /mydepots/patchdepotAdvanced topic removing superseded patches from a depot $ swreg -u -l depot /mydepots/PHCO27780depot Installing patches from a depotRemoving a directory depot $ swlist -l product @ /mydepots/patchdepotReboots the system when required Analysis succeeded Examples of installing patches from a depotAnalysis and Execution succeeded Installing products with patch dependencies from a depotCustom patch bundles Rev Bundle Description Examples of listing patches and bundlesRev Patch description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Benefits of the Patch Assessment Tool Using the Patch Assessment ToolPatch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Related information Support and other resourcesContacting HP Non-HP websites Typographic conventionsHP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index
Top Page Image Contents