HP UX Patch Management manual Reactive patching strategy, Advanced topic HP-UX Software Assistant

Page 49

(SPK). If you want to install one of these new features, see the Software Pack documentation on the HP Business Support Center website at http://www.hp.com/go/spb-docs.

All the standard HP-UX patch bundles can be downloaded from the ITRC and are available on media from HP. For more information, see Chapter 5: “What are standard HP-UX patch bundles?” (page 52).

If you have a support contract at the Mission Critical level, you are entitled to a regular customer patch analysis from HP. This analysis results in the creation of custom patch bundles for your distinct computing environments.

Use the ITRC Patch Database to acquire any patches that you have not yet obtained. Compare the entire list of patches that you identified specifically for an environment with the content of the patch bundles.

If you are missing just a few patches, use the ITRC Patch Database to acquire them. For more information about using the ITRC, see Chapter 6: “Using the IT Resource Center” (page 55).

If you are missing numerous patches, you should use the SWA Tool to acquire them. See “Using HP-UX Software Assistant for patch management” (page 85).

The following details apply to patches with warnings, and security patches.

Although HP attempts to include only the highest-quality patches in the standard HP-UX patch bundles, occasionally a warning is issued for a patch in one of those bundles. You can review individual patch bundles for warnings using the ITRC Patch Bundles page.

You can acquire more up-to-date patches individually. Security patches are good examples of patches that you might obtain individually rather than as a part of a bundle. HP-UX Software Assistant can help you identify any security patches missing from a system. The ITRC should be your primary resource for downloading these individual patches.

Advanced topic: HP-UX Software Assistant

HP-UX Software Assistant (SWA)

manages a lot of the patch management complexity for you.

does not require an upload of your information to HP – SWA runs local to your system.

For information, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 85).

Reactive patching strategy

Reactive patching involves installing patches to restore system functionality after a problem occurs. The goal of reactive patching is to fix the problem as quickly as possible and with as little user disruption as possible.

Because reactive patching is so disruptive, typically only the most critical problems: panics, failures, and corruption are reactively patched. Your action depends on the software change management strategy you use. When you use a restrictive strategy (see “Recommendations for software change management ” (page 46)), the fewer critical problems you will need to reactively fix.

More granular changes are generally safer. While proactive patching usually involves the installation of many patches at one time, reactive patching involves installing only the patches believed to be necessary. Another difference between these two approaches is that reactive patching is likely to be performed under greater pressure and urgency than proactive patching. Even customers who typically use a proactive patch strategy might at times find it necessary to patch reactively.

The following are benefits of reactive patching:

Timely problem resolution

Controlled, minimal changes

Patch management and software change management strategies 49

Page 48 Page 50
Image 49
Page 48 Page 50
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 107 104Patch management strategies HP-UX patches and patch managementWhere to start How to get patchesOverview Quick start guide for patching HP-UX systemsBefore you begin Should you use standard HP-UX patch bundles?Standard HP-UX patch bundles Acquiring and installing standard HP-UX patch bundlesAcquiring the bundles As root, run the createdepothp-ux11script Installing the bundlesSwlist Advanced topic using Dynamic Root Disk DRDAcquiring the patches Acquiring and installing individual patchesQuick start guide for patching HP-UX systems Swverify -d \* @ /tmp/somepatchdirectory/depot Installing the patchesAdvanced topic using Dynamic Root Disk DRD Patch-related concepts HP-UX patch overviewPatch identification HP-UX software structureSoftware depots and patch depots Patch bundlesPatch state Patch statusCategory tags StateSwlist -l fileset -a state grep patchid Swlist -l product -a categorytag patchid Which patches are on a system?For example Examples of the swlist command$ swlist -l product *,c=patch $ swlist -l bundle @ somesystem $ swlist -l product *,c=manualdependenciesAncestors Ancestors and supersession$ swlist -l fileset -a ancestor PHSS29183 Swlist -a appliedpatches filesetname Supersession$ swlist -a appliedpatches Xserver.AGRM Showpatches -s Swlist -l patch -x showsupersededpatches=trueSwlist -a patchstate -x showsupersededpatches=true patchid $ swlist -l fileset -a supersedes PHSS28681HP-UX Patch Supersession Chain Patch-related attributesSee Category tags Types of dependencies Patch dependenciesCorequisites and prerequisites Impact of dependencies on acquiring patches Enforced and unenforced manual dependenciesSwlist -vl fileset -a dependencytype fileset Patch rollback Patch rollback and commitmentPatch commitment Cleanup -p -c number Advanced topic patch cleanup utilityHP-UX patch ratings Rating details HP patch ratingFinding information for a specific patch Critical and noncritical patchesPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Patch warnings Obtaining information using the ItrcAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings Questions to ask How to handle patch warningsAdvanced topic finding patches with warnings Considerations Backup and recoveryPatch management life cycle Patch management overviewPatch management life cycle Patch management overview Restrictive Conservative Innovative Establishing a software change management strategyOperational factor and patch management strategy matrix Recommendations for software change managementPatch management and software depots Consideration of HP patch ratingAcquiring patches for proactive patching Proactive patching strategyAdvanced topic HP-UX Software Assistant Reactive patching strategyAcquiring patches for reactive patching Advanced topic security patching strategyAdvanced topic scanning for security patches Testing the patches to be installedWhat are standard HP-UX patch bundles? Key featuresStandard HP-UX patch bundles Standard HP-UX patch bundle use and release dates Obtaining standard HP-UX patch bundlesQuick start guide for patching HP-UX systems Obtaining an Itrc user account Using the IT Resource CenterUseful pages on the Itrc Find individual patchesAccessing the patch database and finding an individual patch Key featuresClick the add to selected patch list button Using the IT Resource Center Check for patches with dependencies Advanced topic checking for all patch dependenciesUsing the IT Resource Center Click the add to selected patch list button Custom patch bundles run a patch assessment Standard patch bundlesSupport information digests Ask your peers in the forumsSearch knowledge base Common software distributor commands for patching Using software depots for patch managementDirectory depots Depot typesTape depots Using depotsChoosing depot type and depot location Viewing depotsSwlist -l depot Swlist -l depot @ remotesystem $ swlist -l depot$ swlist -l depot @ swdepot.xyz.com Creating and adding to a directory depot Depot/patches/11.11 Copying patches to depotsAdvanced topic HP-UX Software Assistant Registering and unregistering directory depotsCopying products with patch dependencies to depots Examples of registering and unregistering depots Advanced topic access control lists$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepotExamples of verifying directory depots Verifying directory depots$ swverify -d \* @ /mydepots/newdirectorydepot Removing software from a directory depot Verification had errorsVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded Advanced topic removing superseded patches from a depot $ /usr/sbin/cleanup -d /mydepots/patchdepot$ swlist -l product -d @ /mydepots/patchdepot Removing a directory depot Installing patches from a depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Analysis succeeded Examples of installing patches from a depotCustom patch bundles Installing products with patch dependencies from a depotAnalysis and Execution succeeded Rev Patch description Examples of listing patches and bundlesRev Bundle Description $ swlist -d @ /mydepots/temporarydepot Creating a custom bundleAnalysis succeeded Finally, remove the temporary depot For more information Using HP-UX Software Assistant for patch managementUsing Dynamic Root Disk for patch management Drd1m Patch Assessment Tool Using the Patch Assessment ToolBenefits of the Patch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Contacting HP Support and other resourcesRelated information HP websites Typographic conventionsNon-HP websites Times Patch usage models Components in test Image Then production Patch usage model 1 hardware/application software changeDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Create clone Patch usage model 5 proactive patchPassed? System Patch usage model 6 reactive patchAncestor GlossaryIPD SWA Index Index See also HWE Index
Top Page Image Contents