HP UX Software Assistant (SWA) 4 Patch management overview

4 Patch management overview

Patch management is a process used to ensure that the appropriate patches are installed on a system. Patch management is becoming increasingly important for users of all types of systems, from desktop systems to mission-critical servers.

Industry experience has shown that failures in patch management can lead to financial loss, loss of data, exploitation of security vulnerabilities, and other negative consequences. Problems such as these can damage an organization's reputation, and can even result in legal consequences.

Because of this, many organizations are finding that having a robust patch management process in place is no longer optional. Additionally, many of these organizations require their overall patching strategy to include a proactive patching component similar to the one presented in this chapter.

Although patch management should be a topic of concern to all users, a robust patch management strategy is especially important if the environment includes any of the following:

•Mission-critical systems

Can lessen exposure to a variety of risks.

•Large number of systems

Can result in more efficient and effective patching.

This chapter presents some basic patch management strategies and concepts. Some of the concepts are general in nature, whereas others are specific to patching HP-UX systems.

Patch management life cycle

The following list presents the primary functions of a patch management life cycle:

1.Following a formal patch management strategy.

You should develop and follow a formal patch management strategy, incorporating the appropriate concepts to meet your availability needs. Ideally, your strategy should include proactive patching, reactive patching, and a separate plan for security patches. These topics are described later in this chapter.

2.Identifying and acquiring patches.

First, determine which patches you need in various circumstances:

•If you encounter a problem, you must determine which patches you need to resolve it.

•Monitor the systems regularly to determine whether there are security patches or critical patches available for a system, or whether warnings have been issued against installed patches.

—The HP-UX Software Assistant (SWA) Tool can help you identify security patches applicable to systems, as well as patches with warnings. For more information, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 85).

—If you download patches using the HP IT Resource Center (ITRC), you will be sent an email notification if a warning is issued against any patch you downloaded. For more information, see Chapter 6: “Using the IT Resource Center” (page 55).

•Determine whether the patches chosen for installation require additional patches or other software to satisfy dependencies. The ITRC Patch Database can help you with this task.

42 Patch management overview