A patch is a fix, provided by a supplier as a temporary solution to a problem. It is temporary in that it fixes a problem, which will be integrated with a future release of the software, in the same way as a homeowner might plug a leaking pipe until the plumber arrives. A patch can be for both software and hardwareit might provide support for a new type of hard disk device, but it is implemented through the software. This is an important part of the installation and, although the system administrator will install the patch, the system manager will decide on the correct policy to adopt on patch installation. Sun provides access to its patches via two media: the Sunsolve Web site on the Internet, and on regularly updated CD-ROMs. The Internet option provides security and recommended patches for all customers. For customers who have a support agreement, there is access to many other patches and a database of patch information, bug reports , a searchable symptoms and resolution database, and a comprehensive range of white papers and early warning notices. The CD-ROM distribution (currently at four CDs per month) is available to customers with a support agreement and contains the same information as mentioned, along with a periodic updated CD containing archived patches, mainly for older revisions of SunOS. In recent years , three main patching policies have been identified within businesses. These are listed along with the advantages and disadvantages of each:
The next two sections outline the application of patches for both the Solaris operating environment and for unbundled/third-party-supplied patches. Operating System PatchesSun Microsystems delivers operating system patches in a consistent format, similar to that of a software package in that they can be easily installed or uninstalled (the latter being known as " backed out"). Patches are provided both separately and as clusters. The recommended patches are often delivered in a cluster to aid installation. This means that all the necessary patches can be installed in one go rather than having to do them one at a time. After deciding on a patching policy as outlined in the previous section, the system manager should ensure that the systems that he is responsible for are patched accordingly . Installation of the actual patches themselves will be carried out by the system administrator, but the system manager may have to decide on particular issues when there are possibilities of conflict. An up-to-date list of the patches already applied to the system should be readily available as part of the system documentation (see Chapter 8, "Strategic Management," for a discussion of this aspect) so that any potential discrepancies or conflicts can be easily identified. A sample of the output from the command patchadd -p for an Intel box running Solaris 7 with the recommended patch cluster installed is shown in Listing 5.2. Listing 5.2 Sample Output Listing the Patches Already Applied to a System# patchadd -p Patch: 107545-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcsr SUNWcsu Patch: 106542-08 Obsoletes: 106833-03 106914-04 106977-01 107440-01 107032-01 107118-05 107447-01 Requires: 107545-02 Incompatibles: Packages: SUNWarc SUNWatfsr SUNWcar SUNWcsl SUNWcsr SUNWcsu SUNWdpl SUNWesu SUNWhea SUNWipc SUNWkvm SUNWpcmci SUNWpcmcu SUNWscpu SUNWtnfc SUNWtoo SUNWvolr Patch: 106794-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu SUNWhea Patch: 106961-01 Obsoletes: Requires: Incompatibles: Packages: SUNWman Patch: 107039-01 Obsoletes: Requires: Incompatibles: Packages: SUNWdoc Patch: 108375-01 Obsoletes: 107882-10 Requires: Incompatibles: Packages: SUNWdtbas SUNWdtdte SUNWdtinc SUNWdtmad Patch: 107023-05 Obsoletes: Requires: 108375-01 Incompatibles: Packages: SUNWdtdmn SUNWdtdst SUNWdtma Patch: 107457-01 Obsoletes: Requires: Incompatibles: Packages: SUNWcsr Patch: 107588-01 Obsoletes: Requires: Incompatibles: Packages: SUNWaccu Patch: 107637-03 Obsoletes: Requires: Incompatibles: Packages: SUNWxi18n SUNWxim Patch: 107888-08 Obsoletes: 107002-01 Requires: Incompatibles: Packages: SUN Wdtdst SUNWdtdte SUNWdtma Patch: 108344-02 Obsoletes: Requires: 108375-01 Incompatibles: Packages: SUNWdtezt Patch: 107201-11 Obsoletes: Requires: 108375-01 107888-08 Incompatibles: Packages: SUNWdtdst SUNWdtma Patch: 106945-02 Obsoletes: Requires: Incompatibles: Packages: SUNWcsr Patch: 106953-01 Obsoletes: Requires: Incompatibles: Packages: SUNWbnuu Patch: 106979-09 Obsoletes: Requires: 107457-01 Incompatibles: Packages: SUNWadmap SUNWadmc Patch: 107116-03 Obsoletes: Requires: Incompatibles: Packages: SUNWpcu SUNWpsu Patch: 107260-01 Obsoletes: Requires: Incompatibles: Packages: SUNWvolu Patch: 107452-02 Obsoletes: Requires: 107118-03 Incompatibles: Packages: SUNWcsu Patch: 107455-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu Patch: 107685-01 Obsoletes: Requires: Incompatibles: Packages: SUNWsndmu Patch: 107793-01 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu Patch: 107973-01 Obsoletes: Requires: Incompatibles: Packages: SUNWsutl Patch: 108302-01 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu Patch: 106737-03 Obsoletes: Requires: Incompatibles: Packages: SUNWoldst Patch: 107339-01 Obsoletes: Requires: Incompatibles: Packages: SUNWkcspg SUNWkcsrt Patch: 107894-04 Obsoletes: 108123-01 108238-01 Requires: Incompatibles: Packages: SUNWtltk Patch: 106935-03 Obsoletes: Requires: Incompatibles: Packages: SUNWdtbas Patch: 107181-12 Obsoletes: Requires: Incompatibles: Packages: SUNWdtdte Patch: 108220-01 Obsoletes: Requires: Incompatibles: Packages: SUNWdtbas Patch: 108222-01 Obsoletes: Requires: Incompatibles: Packages: SUNWdtdmn Patch: 107886-06 Obsoletes: 107220-02 Requires: 106935-03 Incompatibles: Packages: SUNWdtdst SUNWdthev SUNWdticn SUNWdtma Patch: 108483-01 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu Patch: 108663-01 Obsoletes: Requires: Incompatibles: Packages: SUNWadmfw # This sample output clearly shows whether a patch conflicts with any other patch (in the "Incompatibles" section, which in this case are none) and also whether a patch obsoletes another patch. This information is valuable to the system manager if a specific problem requires a patch to resolve it. If a conflict is identified, a call to Sun will obtain the necessary advice on how to proceed. If the patch were to just be installed, then the system could suffer adverse affects and further complicate the problem. Each patch supplied by Sun contains important installation information, including any dependenciesthat is, any other patches that must be installed before this oneas well as the information relating to potential conflicts. Always ensure that this information is read and checked against the list of patches currently installed on the system. It could save a lot of time. A final noteworthy point about operating system patches is that, when using the Jumpstart utility to install Solaris on a number of systems, it is possible to prepatch the Solaris image on the install server. This means that each system installed will already contain the necessary patches and so does not have to be done individually. In the same way, servers providing operating system resources to diskless or AutoClient systems can also be patched at the server level once and then replicated to each of the clients. For example, a server supporting 25 diskless clients and 25 AutoClients can apply the patches once to a spool directory and then synchronize all the clients so that they are also using the patches. These clients do not physically store the operating system software on local disks; it is kept in a file system on the server and is accessed over the network. (See the Appendix for further information on the Jumpstart utility.) Testing Patches Any operating system patch should be installed first in a test environment that mirrors the live environment as closely as possible. The patch should be thoroughly tested before being deployed operationally to ensure that there are no unforeseen problems. Unbundled and Third-Party Application PatchesPatches supplied by Sun Microsystems for unbundled and application products are normally supplied in the same format as the operating system patches. They should be subjected to the same treatment as outlined in the previous section. Patches from third-party suppliers, however, can be slightly different. They may or may not be supplied in the package-type format. Decisions on whether to install these patches need to be given particular attention because there might not be enough information provided on potential conflicts with either other patches or other applications. A patch from a third-party software supplier should be subjected to the following procedures:
Failure to carry out these procedures could seriously jeopardize the integrity of the system and possibly the network. Of course, it is the system manager's responsibility to ensure that these duties are carried out and that the company is not exposed to any unnecessary risk. Third-party Suppliers The term third party refers to any software supplier that is not part of Sun Microsystems. It should be noted that this includes software from a licensed software house as well as that available in the public domain. |
Top |