HPE Community
Operating System - HP-UX
1848270 Members
2382 Online
104022 Solutions
New Discussion

Why should(n't) I install HP patches?? Enlighten me...

 
Greg Roberts
Advisor

‎03-15-2001 03:30 PM

‎03-15-2001 03:30 PM

Why should(n't) I install HP patches?? Enlighten me...

I know this is a silly question on a big subject. I have my companies test environment wanting to install the latest HP quarterly patches for 10.2 and 11.0. I have to test them first in development. I'm thinking if everything is working fine as far as anybody knows why should I install the patches and risk "stuff" getting broke??? Please enlighten me, yes or no.
Thanks
0 Kudos
Reply
7 REPLIES 7
Brian Markus
Valued Contributor

‎03-15-2001 03:56 PM

‎03-15-2001 03:56 PM

Re: Why should(n't) I install HP patches?? Enlighten me...

In some cases you gain performance, in some you gain functionality, some new features. Each patch I do on an indivdual basis. I don't personally do the quartelys on my production boxes. However I do read what each new patch does. If it's a level 3 patch it's pretty safe to install. You really only have to worry about the lower level patches.
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
Philip Chan_1
Respected Contributor

‎03-15-2001 04:14 PM

‎03-15-2001 04:14 PM

Re: Why should(n't) I install HP patches?? Enlighten me...

To me, applying patches are aimed at improving performance and stability, in a proactive manner.

0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-15-2001 05:04 PM

‎03-15-2001 05:04 PM

Re: Why should(n't) I install HP patches?? Enlighten me...

Hi,

If possible, try to be selective in your selection of HP patches where possible, even though match-what-target-has already does a pretty good job.

Though rare, there had been cases whereby HP patches were recalled. These patches turned out to be buggy. Generally, this happens across vendors. Take Microsoft. They had sp4-fixes and post-sp4-fixes.

The other concern is kernel rebuilts. Some patches increase your kernel size. That causes loading of the kernel to be slightly slower and takes up a bit more of your memory.

Take an example of a security patch that resolves a root compromise by any local user. If your system runs solely as an Oracle or Sendmail server such that the system has no local user accounts and does not allow remote host access of normal users, then you are not vulnerable to such loopholes. In this case, it is not necessary to install such a security patch.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Karthik_2
Regular Advisor

‎03-15-2001 05:16 PM

‎03-15-2001 05:16 PM

Re: Why should(n't) I install HP patches?? Enlighten me...

Greg,
As highlighted patches are installed for increased performance ,stability and features.
It is a good idea to update the patches to the latest recommended by HP .

For I was in a similar situation where everything was working fine and we decided to freez the patch level across all systems running similar apps. But we did face problems
while we needed to install a new application or hardware which will require some additional drivers/patches.

And we need to install those patches and others dependencies then reboot the production host.Also HP has a default way of dealing with problems and will come up with a list of patches to install when u raise a call with HP.

If i were you I woudnt mind spending some time/effort in updating the patches

Cheers
Karthik...
Its ALL in the MATRIX
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎03-16-2001 02:37 AM

‎03-16-2001 02:37 AM

Re: Why should(n't) I install HP patches?? Enlighten me...

There is a document I had a look at before from docs.hp.com called patching mission critical systems. It will contradict all you understand about patching!
I for one do training and recommend allong the guidelines of that document, which I find makes sense.
Before installing a patch verify first if the patch is worthwhile. Read the .text file to understand if it requires a reboot, service restart and if it will fix any problem or potential problem.
If the patch is a performance related fix, figure out if you are suffering from performance problems before possibly causing downtime.
You should also always test the patch first on a test environment to ensure that no side effects are seen or that your particular site will not runinto trouble.
I'm on,e to think that if your system works fine, be very selective about patching it.
The only patch I recommend putting on is
Ignite. software.hp.com/products/IUX/ and
creating a backup of VG00 before applying any
patches to it.

Securrity patches are a different scenario
alltogether, this depends on the sensitivity of your data and your lan configuration. I'd recommend getting a firewall rather than risking taking a system down.

I am however more sensitive to patches that require reboots than those that require service restarts...

Hopefully that document will give you a good approach to patching.

Later,
Bill
It works for me (tm)
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎03-16-2001 04:40 AM

‎03-16-2001 04:40 AM

Re: Why should(n't) I install HP patches?? Enlighten me...

I kind of agree with Bill Mac! There are several scenarios which have to be considered when talking about patches.

A production CAD/CAE workstation is less effected by patches than a production oracle server or a mail server.

On Oracle, and other App servers.
When possible, install full bundles. (on the media the critical release) You will find that not only do many of these patches relate to hardware enhancements/fixes but you will find oracle recommends them as well. If you had to call either Oracle or HP for support, one of the first things you are asked is your patch level.

Inet servers(mail,proxy). Look mainly for security patches or patches dealing with your application. As Bill said, dont worry about performance patches unless your suffering in some way.

CAD/CAE/FEA Install everything in the General release using match-what-target-has. This is required by CATIA, UG, SDRC, Macneil Schweindler, UES, Altair, Abacus, and more!
The GR has lots of nice X performance patches, graphics patches, and you may notice a great performance diff....

I recommend before installing any patches, you have a known good backup. I have had many instances (I support over 150 workstations and servers) where a patch disables/cripples a system. The percentage is less than 1% but if it happens it's tragic!

I also use ignite to golden image servers and generic configs for workstations. After patching make sure you update your image after you know it works.

Also, I patch a set of workstations to see what problems their are. If the batch patched have no problems, I update one of my depots, and install from their on the rest.

Hope this helps!
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎03-16-2001 05:00 AM

‎03-16-2001 05:00 AM

Re: Why should(n't) I install HP patches?? Enlighten me...

Hi Greg:

This subject has come to light several times in different forms. If you haven't seen these threads, you might find them interesting.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x899c0559ff7cd4118fef0090279cd0f9,00.html

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x79f4f841489fd4118fef0090279cd0f9,00.html

In the second post, Cheryl Griffin sums it all up quite well: "What you do depends on your patch philosophy and the risk that you are willing to take."

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.