Patch Management User Guide for HP-UX 11.x Systems (5900-3011, April 2013)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP-UX patches and patch management
- 2 Quick start guide for patching HP-UX systems
- 3 HP-UX patch overview
- 4 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 5 What are standard HP-UX patch bundles?
- 6 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 7 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 8 Using HP-UX Software Assistant for patch management
- 9 Using Dynamic Root Disk for patch management
- 10 The Patch Assessment Tool
- 11 Support and other resources
- A Patch usage models
- Glossary
- Index
You should keep all similarly configured production systems at the same patch level.
5. Managing patch-related changes to systems.
• You might find it helpful to log all patch-related system changes.
• You might find it helpful to document the results of patch testing and installation.
• Many customers find it helpful to have a formal change-request process associated with
their patch management process.
HP service contracts
If you would like assistance with your patch management work, you can purchase a Mission Critical
level HP service contract. This entitles you to a proactive service called patch analysis. In patch
analysis, an HP support engineer furnishes you with a custom list of recommended patches. At the
Mission Critical (highest) contract level, your assigned HP engineer even helps you define a patch
management strategy based on the software change management principles defined in this chapter.
For more information, visit the HP Software Support Services website at http://www.hp.com/hps/
software.
Patch management and software change management strategies
Patch management is a complex topic. Because of the complexity, there is not one right way to
perform patch management. If you ask 10 patching experts to describe their approach to patch
management, you will likely get 10 different answers. You must determine which approach to
patch management works best in your situation based on your particular environment and your
constraints.
This section discusses software change management and recommendations, as well as the three
basic patch management strategies among others:
• Proactive patch management strategy
• Reactive patch management strategy
• Security patch management strategy (Advanced Topic)
You might find that one of these strategies is a good fit for your organization. In most cases, a
customized combination works well. For example, you could select a reactive patching strategy
for most patching, but proactively patch your most update-sensitive areas. Security patch strategies
often do not fit within the proactive or reactive strategies. In these cases, you need to follow a
different strategy. Again, there is more than one path to creating an acceptable patch management
strategy.
For your convenience, HP has created six Patch Usage Model flow charts that illustrate the high
level steps you would follow for six basic patch management strategies. These Patch Usage Models
can be found in Appendix A (page 97).
Establishing a software change management strategy
This section outlines a set of patch management strategies based on use and tolerance for down
time. There is always a risk that software patches that have been successfully tested in a controlled
environment will cause problems when applied to a new configuration. For this reason, it is important
to limit the number of changes made to a target system.
The first step in defining your strategy is to determine what level of software change management
you want to implement. HP has developed three strategies for dealing with software change
management in mission critical environments. These strategies are based on operational
requirements. The same concepts apply just as well to non-mission critical environments.
HP service contracts 47