hours, and provide an efficient way to back out changes if necessary. See Chapter 9 (page 86) for more details.
Table
Strategy | OS & Applications | Proactive Patching | Reactive Patching | Change | Test Environment |
|
|
|
| Management |
|
|
|
|
|
|
|
Restrictive | Stable release, | Use only | Make fewest | Formal plan with | Dedicated |
| available for one | thoroughly tested | changes possible | explicit roles and | equipment that |
| year or more. | patches with the | to restore | responsibilities. | matches |
|
| highest level of | function. | Prepared plan to | production |
|
| exposure. |
| environment, | |
|
| Perform full | back out changes, | ||
|
|
| diagnostic | if necessary. | including |
|
|
| simulated loads. | ||
|
|
| analysis before | Documented | |
|
|
|
| ||
|
|
| attempting a |
| |
|
|
| disaster recovery |
| |
|
|
| solution. |
| |
|
|
| plan that is |
| |
|
|
|
|
| |
|
|
|
| updated and |
|
|
|
|
| tested at least |
|
|
|
|
| yearly. |
|
|
|
|
|
|
|
Conservative | Stable release, | Use only | Make fewest | Formal plan with | Dedicated |
| available for six | thoroughly tested | changes possible | explicit roles and | equipment that |
| months or more. | patches with | to restore | responsibilities. | matches |
|
| substantial | function. | Prepared plan to | production |
|
| exposure. |
| environment. | |
|
| Perform full | back out changes, | ||
|
|
| diagnostic | if necessary. |
|
|
|
| analysis before |
|
|
|
|
| attempting a |
|
|
|
|
| solution. |
|
|
|
|
|
|
|
|
Innovative | Stable release, | Carefully review | Focus on |
| available for two | patches for risks | restoration of |
| months or more. | and benefits. | function. |
|
|
| Limit number of |
|
|
| concurrent |
|
|
| changes. |
Established roles | Test or |
and | development |
responsibilities. | equipment or off |
| hours on |
| production |
| environment. |
Consideration of HP patch rating
Regardless of the type of patching strategy you choose to implement, you should include a policy detailing when it is appropriate to select patches for each HP patch rating. Based on rating alone, it is always appropriate to select a patch rating of 3, but under what circumstances will you allow patches rated 2 or 1 to be installed?
For more information about HP patch ratings, see
Patch management and software depots
Users with multiple systems generally find that, regardless of the type of patching strategy they choose to implement, patch management is best accomplished by managing patches in centralized software depots. You should maintain one depot for each set of similarly configured systems.
You then use these depots as your patch source for all patch installations. In this way, you can maintain the same patch level on all the systems with less overall effort. Using depots also minimizes reboots when you install new patches. You should be able to install the entire content of a single depot with only a single reboot.
For more information about these
Patch management and software change management strategies 47