Patch Management User Guide for HP-UX 11.x Systems (762796-001, March 2014)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP secure development lifecycle
- 2 HP-UX patches and patch management
- 3 Quick start guide for patching HP-UX systems
- 4 HP-UX patch overview
- 5 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 6 What are standard HP-UX patch bundles?
- 7 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 8 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 9 Using HP-UX Software Assistant for patch management
- 10 Using Dynamic Root Disk for patch management
- 11 The Patch Assessment Tool
- 12 Support and other resources
- 13 Documentation Feedback
- A Patch usage models
- Glossary
- Index
then use these depots as your patch source for all patch installations. In this way, you can maintain
the same patch level on all the systems with less overall effort. Using depots also minimizes reboots
when you install new patches. You should be able to install the entire content of a single depot
with only a single reboot.
For more information about these SD-UX software depots, see Chapter 8: “Using software depots
for patch management” (page 67).
Proactive patching strategy
The goal of a proactive patching strategy is problem prevention. Many patches that provide defect
fixes are released long before you need them on your system. The crux of proactive patching is
identifying these patches and applying them in a safe manner. By definition, your starting point
for proactive patching should be a system you believe to be functioning normally. Most proactive
patching can be scheduled and carefully controlled. This is one of the benefits of this approach.
To automate the process of identifying and selecting patches, see Chapter 9: “Using HP-UX Software
Assistant for patch management” (page 89). To reduce the downtime required to perform proactive
maintenance, see Chapter 10: “Using Dynamic Root Disk for patch management” (page 90).
As compared with the reactive patching strategy (see the following section), proactive patching
generally creates more system change and requires regularly scheduled patch installation
maintenance windows. Although the system down time associated with patch installation is a
disadvantage of proactive patching, HP highly recommends proactive patching as the strategy of
choice.
The following benefits can be achieved by implementing a proactive patch management strategy:
• Problem avoidance
• Reduced risk
• Reduced unplanned down time
• Enhanced functionality and tools
• Increased time for testing
Because proactive patching involves installation of patches before a problem occurs, this strategy
allows more time to complete sufficient testing than does reactive patching. For a flow chart of the
high-level steps suggested for proactive patching, see Appendix A (page 99).
Acquiring patches for proactive patching
Although patching is not a one-size-fits-all process, the following generic recommended strategy
embodies many of our customers' best practices:
1. Identify the patches to acquire. You can identify and track these on an ongoing basis, or you
can engage in patch analysis that targets a specific proactive patching cycle.
2. Acquire the latest Quality Pack (QPK) patch bundle and, if you are planning any hardware
changes, the latest Hardware Enablement (HWE) patch bundle.
3. Determine whether the patches included in the standard HP-UX patch bundles cover your entire
list of identified patches. Use the HPSC Patch Database to acquire any missing patches.
4. Scan the patches for warnings and run the HP-UX Software Assistant Tool.
5. Create one depot for the acquired patches and copy them into it. You can choose to copy
the latest Operating Environment (OE) products to the depot.
6. Test the depot content.
7. Create a deployment plan and roll out the new depot within your maintenance window.
The following details apply to acquiring the latest QPK and HWE patch bundles:
• The QPK patch bundle is an excellent vehicle for proactive patching and was created for this
purpose. The HWE patch bundle contains patches required by new hardware products that
HP has released. To enable or pre-enable support for new hardware, you should select this
Patch management and software change management strategies 51