For patch management, directory depots offer the following advantages over tape depots:

Can be made available to remote users. See “Registering and unregistering directory depots” (page 71).

Are optimized for random access by multiple simultaneous sessions.

Allow for customized access controls. See “Advanced topic: access control lists” (page 72).

Allow SD-UX verification. See “Verifying directory depots” (page 73).

Allow modification.

Using these features, you can centrally define and support standardized sets of patches for members of your organization to use for patch installation.

There are other benefits to using directory depots. Installation from a directory depot on a local or remote disk is likely to be faster than installing from removable media. You can also install software onto a remote system without having to physically load the install media onto the system.

For example, consider a company with multiple locations over a large geographical region. This company creates and maintains a centralized directory depot for companywide use and locates it on a networked system at location A. Employees at location B can install software from this depot onto systems at location C without ever leaving their desks.

Tape depots

Tape depots, also known as serial access depots, are primarily used for software transfer. Tape depots are completely contained within a single file, which is formatted as a tape archive (tar), and are accessed in a serial manner. Within the archive, directory and file entries are organized using the same structure as that used for directory depots. Tape depots have the default file extension .depot. Although you are not required to use this extension, it can help you to easily distinguish tape depots from other files.

If you download patches or patch bundles from HP, you receive tape depots. These depots might be contained in another file, such as a tar file or a shell archive (shar) file. Although the tape depot format was designed to support software delivery on tape, tape depots are not limited to tape media. You can locate them anywhere a directory depot can be located.

Using depots

As you start identifying uses for depots in your patch management process, you should consider the intended purpose and use model for each potential depot. There are many appropriate patch management uses for depots, including the following:

Periodic patch depot — contains patches that define the current recommended patch level. These are patches that you have tested as a group on the target configuration. You will generate periodic patch depots on a regular basis. Here are some possible generation time frames:

Semiyearly or yearly, to coincide with the release of specific-standard HP-UX patch bundles, such as Quality Pack (QPK) or Hardware Enablement (HWE).

Monthly, to allow more timely inclusion of critical fixes and security patches.

Regularly in advance of scheduled system down time to take advantage of the opportunity to install new patches.

Many users find it unacceptable to modify the contents of a periodic patch depot after it has undergone analysis and testing. In this case, you can create a critical patch depot to supplement a periodic patch depot.

Critical patch depot — contains critical fix or security-related patches that were not available when you created the latest periodic patch depot. Use this depot to update any systems that encounter known failures and to bring systems up to the latest level of security patches. You can use this depot as the starting point for the next version of the periodic patch depot.

66 Using software depots for patch management

Page 66
Image 66
HP UX Patch Management manual Using depots, Tape depots