HPE Community
Operating System - HP-UX
1836796 Members
2688 Online
110110 Solutions
New Discussion

Patching the system

 
jason thompson_1
Frequent Advisor

‎05-15-2003 01:29 PM

‎05-15-2003 01:29 PM

Patching the system

Forgive the simplicity of this question. After using the C.P.M. there are several "Recommended" and "Latest" patches listed that are not installed on our system. My question is, how should I select which patches to install and which to skip? Are the "Recommended" all that I should worry about or should I also install the "Latest" as well?
What's that smell?
0 Kudos
Reply
7 REPLIES 7
Uday_S_Ankolekar
Honored Contributor

‎05-15-2003 01:33 PM

‎05-15-2003 01:33 PM

Re: Patching the system

I would go for Recommended patches and it's better to have receommended pathces. If you want to install latest patches then install it on a Test server and monitor for couple of months then install it on production server.

Before installing any patches it is advisable to cut a fresh ignite tape

Good luck,

-USA..
Good Luck..
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎05-15-2003 01:34 PM

‎05-15-2003 01:34 PM

Re: Patching the system

Hi:

The choice of "recommended" or "latest" is one that you need to make based on your experience, philosophy, tolerance for problems, etc. Use this documention from HP as a basis for decision:

http://www1.itrc.hp.com/service/patch/wrap.do?pageKey=patch.html.patchDBCandidateListHelp#evaluating

Regards!

...JRF...
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎05-15-2003 01:35 PM

‎05-15-2003 01:35 PM

Re: Patching the system

I would start with the "3 star" recommended patches. Avoid installing the latest patches as much as possible, unless it's unavoidable due to patch dependencies.

Then, of course, apply these patches to test/dev systems and let them burn in for at least a few days.

I find the quarterly CD-based Gold paks a good starting point, and then I supplement those with custom patch bundles
Remember, wherever you go, there you are...
0 Kudos
Reply
Helen French
Honored Contributor

‎05-15-2003 01:37 PM

‎05-15-2003 01:37 PM

Re: Patching the system

I would suggest you to go for the recommended and any other *latest* critical patches listed. You can always check the patch description and see if any *latest* patch is required for your environment. Remember to have a make_tape_recovery tape creation before installing your patches.
Life is a promise, fulfill it!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-15-2003 01:39 PM

‎05-15-2003 01:39 PM

Re: Patching the system

Your question is far from simple. If I didn't have a sandbox and a test box to deploy on before production then I would really be scared.

In your case, "Recommended" is the safer choice but you should read the "Latest" patch notes and see if might apply to your environment. In a few cases, you might even have to apply SSP's (site specific patches - or pieces of patches) to fix something urgent.

Remember, in many (most) cases, the risks of not patching exceed those of patching.

It's generally safe to apply the HWE and GOLDQPK patchsets and just "let 'em rip". Some prefer to stay one release behind.

If you get a chance, attend HPWorld. Patch Management is one of the more lively groups.


If it ain't broke, I can fix that.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-15-2003 01:39 PM

‎05-15-2003 01:39 PM

Re: Patching the system

Your question is far from simple. If I didn't have a sandbox and a test box to deploy on before production then I would really be scared.

In your case, "Recommended" is the safer choice but you should read the "Latest" patch notes and see if might apply to your environment. In a few cases, you might even have to apply SSP's (site specific patches - or pieces of patches) to fix something urgent.

Remember, in many (most) cases, the risks of not patching exceed those of not patching.

It's generally safe to apply the HWE and GOLDQPK patchsets and just "let 'em rip". Some prefer to stay one release behind.

If you get a chance, attend HPWorld. Patch Management is one of the more lively groups.


If it ain't broke, I can fix that.
0 Kudos
Reply
Francesco Campalastri
Frequent Advisor

‎05-15-2003 01:53 PM

‎05-15-2003 01:53 PM

Re: Patching the system

Not so easy to answer.

You can patch three ways:
1) individually
i.e. an application requires a patch
2) Patch bundle
You want to upgrade your patches to december 2002 ones. HP issues four bundle a year (March, June, Sept., Becember).
3) Custom patch bundle
You want to install exactly the patches you need on your hardware. You have to go use "Custom Patch Manager" on ITRC. Download a schell script named as collector.sh or similar, run it on your computer and ftp the result following instruction.


In any case individual patces are rated by HP with one, two or three stars based on patch age.

So, try to install the fewer single patches you can. Use, if possible, patch bundle. Try to avoid too recent bundle. I mean, try to have an your system only three star patches, stable, consolidate and "secure".
But, if you have a problem and there is only a two star patch or a single star patch, use it, if it solve the problem.

When you will be more experienced on patch and your system will be heavily patched, begin to use the personal patch manager.


Bye
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.