Patch Management User Guide for HP-UX 11.x Systems (5900-3011, April 2013)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP-UX patches and patch management
- 2 Quick start guide for patching HP-UX systems
- 3 HP-UX patch overview
- 4 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 5 What are standard HP-UX patch bundles?
- 6 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 7 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 8 Using HP-UX Software Assistant for patch management
- 9 Using Dynamic Root Disk for patch management
- 10 The Patch Assessment Tool
- 11 Support and other resources
- A Patch usage models
- Glossary
- Index
For patch management, directory depots offer the following advantages over tape depots:
• Can be made available to remote users. See “Registering and unregistering directory depots”
(page 74).
• Are optimized for random access by multiple simultaneous sessions.
• Allow for customized access controls. See “Advanced topic: access control lists” (page 75).
• Allow SD-UX verification. See “Verifying directory depots” (page 75).
• Allow modification.
Using these features, you can centrally define and support standardized sets of patches for members
of your organization to use for patch installation.
There are other benefits to using directory depots. Installation from a directory depot on a local or
remote disk is likely to be faster than installing from removable media. You can also install software
onto a remote system without having to physically load the install media onto the system.
For example, consider a company with multiple locations over a large geographical region. This
company creates and maintains a centralized directory depot for companywide use and locates
it on a networked system at location A. Employees at location B can install software from this depot
onto systems at location C without ever leaving their desks.
Tape depots
Tape depots, also known as serial access depots, are primarily used for software transfer. Tape
depots are completely contained within a single file, which is formatted as a tape archive (tar),
and are accessed in a serial manner. Within the archive, directory and file entries are organized
using the same structure as that used for directory depots. Tape depots have the default file extension
.depot. Although you are not required to use this extension, it can help you to easily distinguish
tape depots from other files.
If you download patches or patch bundles from HP, you receive tape depots. These depots might
be contained in another file, such as a tar file or a shell archive (shar) file. Although the tape
depot format was designed to support software delivery on tape, tape depots are not limited to
tape media. You can locate them anywhere a directory depot can be located.
Using depots
As you start identifying uses for depots in your patch management process, you should consider
the intended purpose and use model for each potential depot. There are many appropriate patch
management uses for depots, including the following:
• Periodic patch depot — contains patches that define the current recommended patch level.
These are patches that you have tested as a group on the target configuration. You will generate
periodic patch depots on a regular basis. Here are some possible generation time frames:
◦ Semiyearly or yearly, to coincide with the release of specific-standard HP-UX patch
bundles, such as Quality Pack (QPK) or Hardware Enablement (HWE).
◦ Monthly, to allow more timely inclusion of critical fixes and security patches.
◦ Regularly in advance of scheduled system down time to take advantage of the opportunity
to install new patches.
Many users find it unacceptable to modify the contents of a periodic patch depot after it
has undergone analysis and testing. In this case, you can create a critical patch depot
to supplement a periodic patch depot.
• Critical patch depot — contains critical fix or security-related patches that were not available
when you created the latest periodic patch depot. Use this depot to update any systems that
68 Using software depots for patch management