Patch Management User Guide for HP-UX 11.x Systems (5900-3011, April 2013)

Table Of Contents
Questions to ask
If you must deal with a patch that has a warning, consider the following questions in deciding
whether or not to use, or continue to use, the patch:
Is the system environment susceptible to the problem?
A patch with a warning might not cause problems for every customer. Exposure depends on
the system-use models, and whether you have any of the affected configurations. The previous
screen is a good example of this situation. Unless the system is configured with greater than
32 GB of device swap and meets all the other conditions listed, the patch warning given for
patch PHKL_30065 will have no impact on the system.
Is a replacement patch available, and, if so, is its HP rating acceptable for the system?
A replacement patch might be available. You can use the HPSC Patch Database to attempt
to locate such a patch. Simply search using the explicit patch ID of the patch that has a
warning. If there is a replacement patch, it will be displayed in the search results page. If a
replacement patch exists, you must take into account its advantages and disadvantages. This
includes consideration of the patch's HP rating. See “HP-UX patch ratings” (page 36).
After answering the previous two questions, you must consider the following questions in order to
develop an appropriate course of action for your situation:
What is the severity of the problem associated with the patch?
If the patch is already on the system, has it caused any problems?
What is your tolerance for down time if a reboot is necessary?
What is the timing of the next maintenance window?
What are your company's system administration policies?
As a final point, if you choose to remove a patch with a warning from a system, make sure that
the patch is not contained in any of the depots used for patch installations. For more information
about patch depots, see Chapter 7: “Using software depots for patch management” (page 66).
Advanced topic: finding patches with warnings
HP provides the HP-UX Software Assistant (SWA) tool at no charge. SWA can perform a number
of checks including published security issues, installed patches with warnings, and missing patches
with critical fixes. Once an analysis has been performed, you can use SWA to download any
recommended patches or patch bundles and create a depot ready for installation. For more
information, see Chapter 8: “Using HP-UX Software Assistant for patch management” (page 88).
Backup and recovery
Always perform a backup of the system before making patch-related system changes. You should
have a backup in the event that unacceptable behavior occurs as a result of patching.
This section provides some resources that you can investigate for recovery strategies. It does not
provide the details needed for recovering from patch-related problems.
Ignite-UX
Ignite is an HP-UX administration toolset that allows the simultaneous installation of HP-UX on
multiple clients, the creation and use of custom installations, the creation of recovery media,
and the remote recovery of clients. For more information, see the Ignite-UX web page at http://
www.hp.com/go/ignite-ux. The make_net_recovery and make_tape_recovery features
of Ignite can be good starting points for investigating recovery tools.
Data Protector is an HP product that you can use for data protection and disaster recovery.
For more information, see the HP OpenView Storage Data Protector website at http://
h18006.www1.hp.com/products/storage/software/dataprotector/index.html.
42 HP-UX patch overview