Proactive patching strategy

The goal of a proactive patching strategy is problem prevention. Many patches that provide defect fixes are released long before you need them on your system. The crux of proactive patching is identifying these patches and applying them in a safe manner. By definition, your starting point for proactive patching should be a system you believe to be functioning normally. Most proactive patching can be scheduled and carefully controlled. This is one of the benefits of this approach. To automate the process of identifying and selecting patches, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 85). To reduce the downtime required to perform proactive maintenance, see Chapter 9: “Using Dynamic Root Disk for patch management” (page 86).

As compared with the reactive patching strategy (see the following section), proactive patching generally creates more system change and requires regularly scheduled patch installation maintenance windows. Although the system down time associated with patch installation is a disadvantage of proactive patching, HP highly recommends proactive patching as the strategy of choice.

The following benefits can be achieved by implementing a proactive patch management strategy:

Problem avoidance

Reduced risk

Reduced unplanned down time

Enhanced functionality and tools

Increased time for testing

Because proactive patching involves installation of patches before a problem occurs, this strategy allows more time to complete sufficient testing than does reactive patching. For a flow chart of the high-level steps suggested for proactive patching, see Appendix A (page 94).

Acquiring patches for proactive patching

Although patching is not a one-size-fits-all process, the following generic recommended strategy embodies many of our customers' best practices:

1.Identify the patches to acquire. You can identify and track these on an ongoing basis, or you can engage in patch analysis that targets a specific proactive patching cycle.

2.Acquire the latest Quality Pack (QPK) patch bundle and, if you are planning any hardware changes, the latest Hardware Enablement (HWE) patch bundle.

3.Determine whether the patches included in the standard HP-UX patch bundles cover your entire list of identified patches. Use the ITRC Patch Database to acquire any missing patches.

4.Scan the patches for warnings and run the HP-UX Software Assistant Tool.

5.Create one depot for the acquired patches and copy them into it. You can choose to copy the latest Operating Environment (OE) products to the depot.

6.Test the depot content.

7.Create a deployment plan and roll out the new depot within your maintenance window.

The following details apply to acquiring the latest QPK and HWE patch bundles:

The QPK patch bundle is an excellent vehicle for proactive patching and was created for this purpose. The HWE patch bundle contains patches required by new hardware products that HP has released. To enable or pre-enable support for new hardware, you should select this bundle. New HP-UX core enhancements are introduced as part of the Software Pack

48 Patch management overview