HP's UNIX Patch Strategy

1y ago
17 Views
2 Downloads
919.37 KB
43 Pages
Last View : 7d ago
Last Download : 3m ago
Upload by : Kamden Hassan
Transcription

HP’s UNIX PatchStrategyBruce HendersonHewlett PackardUNIX System Enablement LabMarch 30, 2004

HP’s UNIX Patch StrategyAgenda1. Industry Wide Software Patching2. HP-UX Patch Strategy Overview3. HP UNIX Patching Comparison 3/12/2004HP-UX and Tru64HP's UNIX Patch Strategypage 2

Industry WideCustomer Patching PracticesCustomer behavior varies greatly Some install changes suggested by vendor Others avoid any changes (except fixes to bugsthey have reported) Many prefer to make their own decisions aboutwhich releases and upgrades they adoptTypical to install a patch tentatively to analyze impactbefore committing as permanent part of OS3/12/2004HP's UNIX Patch Strategypage 3

Industry Wide - Best in Class DefectDensity11i has 23.5K Function Pts, compared to industry data for 10KDelivered Defects/Function 0.2000.1350.1000.0600.0330.0150.000Avg All VendorsAvg SystemVendorsTop 1%11.0011iIBM MFApplied Software Measurement, 2nd Edition, Capers Jones3/12/2004HP's UNIX Patch Strategypage 4

HP-UX 11i versus Solaris 8, AIX 5.1First 15 months of shipments3500300025002000H P- U X 1 1 i1500So la ris 8**1000AIX 5 .15000Pa tche sD efe cts** Could not get AIX 5.1 defect data3/12/2004HP's UNIX Patch Strategypage 5

HP-UX Patch Strategy Overview“The patch-management field has been a conservativeone, slow to change. D.H. Brown Associates, Inc.(DHBA) believes that innovation of the kind describedhere is long overdue.”*How did HP-UX get there?*White Paper: HP Improves Patch Management to Reduce System DowntimeD.H. Brown Associates, Inc. , March 20003/12/2004HP's UNIX Patch Strategypage 6

HP-UX Patch Strategy OverviewCustomer Patch RequirementsMinimize down time for patch operationsTo provide the most stable environment possible, I want to chooseexactly which patches I apply.Particularly in the kernel and other sensitive areas, keeppatches small.Patches should only be fixes to defects, not enhancements.Minimize system administration costBut keep patch management simple – I don’t want tospend a lot of time here.Provide me with tools to manage multiple systems – trackwhat is installed, install a golden image on multiplesystems, etc.3/12/2004HP's UNIX Patch Strategypage 7

HP-UX Patch Strategy OverviewKey Improvements1.Label Patches with our confidence rating 1,2 or 3–––2.3.4.3/12/2004Rating 1 has gone through all labs testsRating 2 has significant customer exposure (60% fewerwarnings)Rating 3 has passed our system tests (80% fewer warnings)Keep patches as small as possible, but they must becumulative from the last patch.Use bundles to simplify proactive patch management - QPKEnhancements can only be delivered in patches if they enablenew hardware or add compatible minor features.HP's UNIX Patch Strategypage 8

HP-UX Patch Strategy OverviewTypes of HP-UX 11iv1 Patches32% Deliver EnhancementsSW enable20%HW enable12%Core defect57%App Defect11%Software enablement includes IPV6, Virtual partitions, Processor Sets, InterruptMigration, and Compressed DumpContents of SWPack, and Support Plus – 421 total patches3/12/2004HP's UNIX Patch Strategypage 9

HP-UX Patch Strategy OverviewKey Improvements5.Provide more robust patch management tools and processes–IT Resource Center (ITRC) Recommendations based upon patch ratings Complete dependency management New patch assessment capability–––– –3/12/2004“Ideal system” conceptincorporation of patch setscombination of internal and external toolsremoval of entitlement requirement“HP Live” access to patch support expertsMission Critical Software Change Management (MCSCM)HP's UNIX Patch Strategypage 10

HP-UX Patch Strategy OverviewReactive and Proactive PatchingReactive Patching Solve an existingproblemProactive Patching Preventive maintenanceReliability: Highest priority.Use only most stable testedpatches– Timeliness : Periodic activity,planned in advance, time allottedfor testing– Change: Understand andevaluate– Risk: Larger changes introducegreater risk, however, risk isreduced by more testing.–Timeliness: Highest priority– Reliability: Fix it the first time– Change: Minimize– Risk: Fast delivery of fix maycompromise testing–Find the Best patch to fix theproblem, as quickly as possible.Choose a period for proactive patching.Use standard HP recommendedsources.Timeliness vs. Risk3/12/2004HP's UNIX Patch Strategypage 11

HP-UX Patch Strategy OverviewFor a specific fix not contained in the bundle – use the ITRC3/12/2004HP's UNIX Patch Strategypage 12

HP-UX Patch Strategy OverviewThe ITRC manages dependenciesPatch I askedforDependenciesOn 11i, the Software Distributor product also willwarn when dependencies are not satisfied3/12/2004HP's UNIX Patch Strategypage 13

HP-UX Patch Strategy OverviewSummary HP Patch strategy allows many options– Small patches in most sensitive areas for reactive patching– Patch bundles for proactive patching– Customer choice on how frequently to patch and what to patch– Levels of confidence in patches (lower risk) based on customerusage and HP testing.– Proactive notification of any problem patches, but mostcustomers remove very few of them.3/12/2004HP's UNIX Patch Strategypage 14

HP UNIX patching comparisonScopeHP-UXTru64Core patchesApplication patches3/12/2004Core (OS) patchesHP's UNIX Patch Strategypage 15

HP UNIX patching comparisonIndividual patchesHP-UXTru64CSP (Customer Specific Patch)Site SpecificGR0 (controlled release)No equivalentGR (General Release)patches at level 1-3ERP (Early Release Patch)patches are equivalent to GRat levels 2 & 3.1 – Initial release– 2 – Widely distributed &used– 3 – Greatest amount oftesting–3/12/2004HP's UNIX Patch Strategypage 16

HP UNIX patching comparisonPatch InstallationSW Package InstallerTru64HP-UXSD – SW ll and remove selectedpatches (swinstall,swremove)No equivalent to view patchspecific documentationView patch trackinginformation (swlist)No equivalent to establish abaselineAdding patches to a depot(swcopy)Network support–––––HP's UNIX Patch StrategyInstall and remove all or selectedpatches (-install, -delete)View the patch-specificdocumentation (-help)View patch tracking information (track)Establish a baseline for systemsthat have had manually installedsystem files placed on themNo equivalent to adding patchesto a depotpage 17

HP UNIX patching comparisonPatch InstallationInstall and remove all or selected patches.Tru64HP-UX 3/12/2004 SD – SW DistributorNo knowledge of clustersPatch applicabilityPatch dependencies(11.11)Patch removal, rollbackSystem inventorychanges for patchesCapturing patch activitiesin log filesCombined product patchinstallsdupatch HP's UNIX Patch StrategyCluster awarePatch applicabilityPatch dependenciesPatch removal, rollbackSystem inventory changesfor patchesCapturing patch activitiesin log filespage 18

HP UNIX patching comparisonPatch InstallationViewing the Patch DocumentationTru64HP-UX 1. Retrieve individual patchesusing ITRC, it displays:––––––One line descriptionSymptomsDefect descriptionPatch filesSpecial Installation InstructionsOther information fields for Select the PatchDocumentation item of themain menu, dupatch displays:–––––AnalysisSelectionProblem summariesFull descriptionsSpecial InstructionsReport identifiersRevision control stringsSome patch documentation in theITRC can be updated after thepatch is released.2. Swlist (SD) can view the original,embedded patch documentation.3/12/2004HP's UNIX Patch Strategypage 19

HP UNIX patching comparisonPatch InstallationCold Install OptionsTru64HP-UX ––– graphical & command linepush or pulldesigned for cloningInstall - GUIinterface1.2.3/12/2004 Ignite-UXIgnite-uxIntegrated with SDRemote installationservice (RIS)–curses (text menu)pull only–not integrated with cloning– Install - GUI interface1.HP's UNIX Patch StrategyCollection of command line,RIS, and sysmon sub-menuspage 20

HP UNIX patching comparisonPatch InstallationSW cloning modelTru64HP-UXinstallation cloningIgnite-UX server “config files” Can create definition text Allows definition offiles to be read byconfiguration options to beinstallation engine toset as well as softwarecustomize the system beingcomponents to be loadedinstalledon clientGolden image/OS archive Mechanism to create a tarball of a system’sinstallation image for reinstallation or cloning3/12/2004HP's UNIX Patch Strategypage 21

HP UNIX patching comparisonPatch InstallationSW Update - 04Installupdateperforms updatepreparation stepsexecutes swinstallselection & analysis of swto loadSW load & rebootClean up old information–HP's UNIX Patch StrategySame functionspage 22

HP UNIX patching comparisonPatch InstallationPatch management on clustersTru64HP-UX–3/12/2004No Equivalent – until 11iVersion 3––HP's UNIX Patch StrategyRolling PatchNo-Roll Patchpage 23

HP UNIX patching comparisonPatch management on Tru64 clustersRolling Patch clu-upgrade–––––– llVersion Switch (ifneeded)CleanInstallNo-Roll Patch dupatch–––– Check – cluster & not inrollAnalysisSelectionInstallnoroll script–––HP's UNIX Patch StrategyInstall all other membersPostinstallVersion switch (if needed)page 24

HP UNIX patching comparisonCollections of patches1. Tested together2. Delivered together3. Intended to be installed together3/12/2004HP's UNIX Patch Strategypage 25

HP UNIX patching comparisonCollections of patchesHP-UXTru64KitsBundlesPer OS stream for all currentlysupported Enterprise releasesDefect Fixes––––––3/12/2004QPK (Quality Pack)One bundle per OS versionShare Support Plus CDNo support restriction onprevious bundle versionFirst bundle approximately 6months after releaseSubsequent bundles at 6 monthintervalsBy base level, for designated OSstreamsDefect Fixes–––––––HP's UNIX Patch StrategyInaugural/Aggregate kitsOne kit per supported releaseOne milestone CD containing alllatest base level kitsSupport for current kit and one backGuaranteed 1 year minimum supporton 5.1B-1 forward.IPK:Inaugural kit released at 6 weeksPKn: Aggregate kits released at 4-6month intervals based upon businessneedpage 26

Tru64 UNIXRecent Improvements to Patch KitsPatch Model ComparisonOLD Model All PKs are cumulativeDeficiencies of the OldModel Kits were too bigNEW ModelBenefits of the New Model PK’s are either cumulative or Incremental PK’s are at leastincremental (Note: there is50% smallerno distinction between cumulativeand incremental PK’s with respect Reduced download timeto the PK support policy.) Kits took too long to install Incremental PK’s have packaging Install time reduced over 50%of changed files only More timely/predictable PKdelivery Files are placed into fewerpackages (subsets) Pick and choose on allPK’s3/12/2004 Kits installation was toocomplicated Number of patch packages Reduction in installation time(subsets) is decreased from 300 to below 70 Full qualification was not With cumulative PK’s, all patches Higher quality throughpossible due to the number are installedstandardization of kitsof potential installcombinations Pick and choose feature available Reduced Customer qual time –with incremental PK’s only(items not changed are notincluded in incremental PK’s)HP's UNIX Patch Strategypage 27

HP UNIX patching comparisonCollections ofpatchesTru64HP-UXKitsBundles New Core SW features– – NHD (New Hardware Device)for those requiring boot supportLayered Products by segmentOE (Operating Environment)Products– No equivalentNew HardwareHWE (Hardware Enablement)Application Products–3/12/2004–Application Products bysegment–New Core SW featuresSPK (SW Pack)New Hardware– APCD (Associated ProductsCD)Layered ProductsAR (Application Release)–HP's UNIX Patch StrategySoftware Product Librarypage 28

HP-UX – standard patch bundles3/12/2004HP's UNIX Patch Strategypage 29

Tru64 – standard kits3/12/2004HP's UNIX Patch Strategypage 30

HP UNIX patching comparisonWhat is Factory Installed?Tru64HP-UXFactory Ignition (IUX)1.2.3.3/12/2004Factory Installed Software(FIS)1.Selected OELatest HWELatest QPK2.3.HP's UNIX Patch StrategySelected OS versionLatest NHDLatest Aggregate Patch Kitpage 31

HP UNIX patching comparisonWeb servicesHP-UXTru64ITRCITRC–PatchDB (all GR patches)–CPM (Custom PatchManager), Now PatchAssessmentsoftware.hp.com–3/12/2004Latest version of all bundlesHP's UNIX Patch StrategyNew!–PatchDB Initially Aggregatepatch kits, in the future:NHD’s and individualERPs–No equivalent CPMsupport.compaq.com– Previously for Aggregatekits– Has been replaced withITRCpage 32

Tru64 Kits/ERPs/NHDs on ITRC3/12/2004HP's UNIX Patch Strategypage 33

Tru64 – patch browsing3/12/2004HP's UNIX Patch Strategypage 34

HP-UX Patch AssessmentLoad systeminformationCreate profile or useexisting profileexecute theassessment3/12/2004HP's UNIX Patch Strategypage 35

HP-UX Patch Assessment – setup theprofile3/12/2004HP's UNIX Patch Strategypage 36

HP-UX Patch Assessment - resultsChat live with anHP supportspecialistpatchrecommendationreason forrecommendation3/12/2004HP's UNIX Patch Strategypage 37

HP UNIX patching comparisonSW Support GuidelinesHP-UXTru64All patches arecumulative - customersnot required to install aminimum supportedlevel of sw to obtainpatches Specific support level nolonger required toaccess to CPM/PatchAssessment 3/12/2004 Patches provided oncurrent kit or 1 backonly for releases understandard support Guaranteed 1 yearminimum support on5.1B-1 forward No specific supportlevel will be requiredHP's UNIX Patch Strategypage 38

HP UNIX patching comparisonTru64 Patch Kit Support PoliciesPrevious Policy New PolicyFor releases under standard support,Tru64 UNIX Engineering supports thelatest patch kit and one (1) back.3/12/2004 For releases under standard support,Tru64 UNIX Engineering supports thelatest patch kit and one (1) back. (Nochange for releases or patch kits priorto V5.1B-1(Vail)). In addition, starting with V5.1B-1 (Vail)patch kits will be supported for aminimum of one (1) year after theirrelease. Support for the latest patchkit and one (1) back AND theminimum of one (1) year from the timeof release are both guarantees forV5.1B patch kits and V5.1-Bassociated updates (V5.1B-1, V5.1B2, etc.) only.HP's UNIX Patch Strategypage 39

HP’s UNIX Patch StrategySummaryHP has track record of innovation3/12/2004 Listening to our customers Responding with improved solutionsHP's UNIX Patch Strategypage 40

ITRC Patch Database Homepage3/12/2004HP's UNIX Patch Strategypage 41

find patches for a productpatches for a specified product;includes all operating systems3/12/2004HP's UNIX Patch Strategypage 42

find HP-UX patches in a patch setsame patch sets as found inpatch assessment profile3/12/2004HP's UNIX Patch Strategypage 43

HP-UX Patch Strategy Overview Key Improvements 5. Provide more robust patch management tools and processes - IT Resource Center (ITRC) Recommendations based upon patch ratings Complete dependency management New patch assessment capability - "Ideal system" concept - incorporation of patch sets - combination of internal .

Related Documents:

Unix 101: Introduction to UNIX (i.e. Unix for Windows Users) Mark Kegel September 7, 2005 1 Introduction to UNIX (i.e. Unix for Windows Users) The cold hard truth · this course is NOT sponsored by the CS dept. · you will not receive any credit at all introduce ourselv

P a t c h M a n a g e m e n t 157 Chapter 5 - Patch Management Sadjadi et al. Chapter 5 - Patch Management 8. Missing Manual: The number of approved patches missing that must be installed manually.These patches cannot be processed by Patch Management Automatic Update, Patch Management Initial Update, Patch Management Machine Update, or Patch Management Patch Update.

HP-UX Patch Strategy Overview Key Improvements 5. Provide more robust patch management tools and processes IT Resource Center (ITRC) Recommendations based upon patch ratings Complete dependency management New patch assessment capability "Ideal system" concept incorporation of patch sets

UNIX and POSIX APIs: The POSIX APIs, The UNIX and POSIX Development Environment, API Common Characteristics. UNIT – 2 6 Hours UNIX Files: File Types, The UNIX and POSIX File System, The UNIX and POSIX File Attributes, Inodes in UNIX

PATCH PANEL LABELS A patch panel is a device or unit featuring a number of jacks, usually of the same or similar type, for the connecting and routing of circuits for monitoring, interconnecting, and testing circuits. Patch panels are commonly used in computer networking, recording studios, radio and television.File Size: 2MBPage Count: 9Explore furtherHow to Troubleshoot Patch Panel Connections?www.fiber-optic-transceiver-mo How to Label Patch Cables - YouTubewww.youtube.comProper Cable Labeling Guidelines FS Communitycommunity.fs.comWhat's a reliable way to test patch panel . - Server Faultserverfault.comPatch panel and cabling documentation - Cisco Communitycommunity.cisco.comRecommended to you b

Unix was originally developed in 1969 by a group of AT&T employees Ken Thompson, Dennis Ritchie, Douglas McIlroy, and Joe Ossanna at Bell Labs. There are various Unix variants available in the market. Solaris Unix, AIX, HP Unix and BSD are a few examples. Linux is also a flavor of Unix which is freely available.

This is a standard UNIX command interview question asked by everybody and I guess everybody knows its answer as well. By using nslookup command in UNIX, you can read more about Convert IP Address to hostname in Unix here. I hope this UNIX command interview questions and answers would be useful for quick glance before going for any UNIX or Java job interview.

tank; 2. Oil composition and API gravity; 3. Tank operating characteristics (e.g., sales flow rates, size of tank); and 4. Ambient temperatures. There are two approaches to estimating the quantity of vapor emissions from crude oil tanks. Both use the gas-oil ratio (GOR) at a given pressure and temperature and are expressed in standard cubic feet per barrel of oil (scf per bbl). This process is .