Patch Management User Guide for HP-UX 11.x Systems (762796-001, March 2014)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP secure development lifecycle
- 2 HP-UX patches and patch management
- 3 Quick start guide for patching HP-UX systems
- 4 HP-UX patch overview
- 5 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 6 What are standard HP-UX patch bundles?
- 7 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 8 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 9 Using HP-UX Software Assistant for patch management
- 10 Using Dynamic Root Disk for patch management
- 11 The Patch Assessment Tool
- 12 Support and other resources
- 13 Documentation Feedback
- A Patch usage models
- Glossary
- Index
Second, use standard HP-UX patch bundles as your starting point:
• HP provides standard HP-UX patch bundles including the Quality Pack (QPK), Hardware
Enablement (HWE), and Feature Enablement Patch Bundle (FEATURE11i) patch bundles.
The QPK consists of defect fixes and the HWE consists of patches that are required for
new hardware products.
The FEATURE11i bundle enables new features and enhancements to the HP-UX operating
system and applications by providing the complete, minimal set of patches required.
◦ New HP-UX operating system features and enhancements sometimes require the
selection of a “key patch.” For example, to enable the Locality-Optimized Resource
Alignment (LORA) feature you must select the key patch PHKL_38980, which will
then automatically select all dependent patches. See the Feature Enablement Patch
Bundle section in the HP-UX Release Notes for a list of enhancements and features
included in your FEATURE11i bundle.
◦ When installing applications from AR media, patches satisfying those applications'
dependencies are automatically selected from the FEATURE11i bundle on the AR
media. This process works with any application that lists patch dependencies as
corequisites. For this reason, FEATURE11i is the only standard patch bundle included
on the AR media, as well as the OE media.
The patches in these patch bundles are tested extensively with the latest OE Update
Release, so HP can recommend these patch bundles as a starting point when acquiring
patches for your needs. Simply download the bundles from the HPSC or your latest HP
media.
FEATURE11i, HWE, and QPK bundles are delivered on the HP-UX 11i v3 OEUR media.
HP-UX 11i v3 and v2 AR media also include the FEATURE11i bundle. QPK bundles can
be found on the 11i v2 Support Pack media and the HP-UX 11i v1 Support Plus media
.
For more information about standard HP-UX patch bundles, see Chapter 6: “What are
standard HP-UX patch bundles?” (page 55).
• If you have constructed a list of patch needs, compare that with the patches in your
selected bundles. If you are missing patches from your list, obtain them individually using
the HPSC Patch Database.
3. Deploying patches.
• Patch testing.
You should install the patches on one or more levels of preproduction systems and perform
testing. Testing is discussed in more detail later in this chapter.
• Planning deployment.
Determine the details regarding how the installation of the patches will occur on production
systems. The frequency and timing of patch installation maintenance windows must be
chosen to meet with particular system down time limitations and the need to install the
new patches. You might choose the timing of patching to coincide with your current
maintenance windows. However, for reactive patching, you might be required to use
unscheduled maintenance. For proactive patching, common intervals are quarterly, every
other quarter, and yearly. You should also consider the availability of new patches and,
if you are using standard HP-UX patch bundles, you will likely want to choose a schedule
that in some way coincides with the release dates of new bundles.
46 Patch management overview