hp-ux patch program 1 hp-ux customer patch panel hp-ux successful patching strategies

44
HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

Upload: clinton-daniel

Post on 03-Jan-2016

248 views

Category:

Documents


6 download

TRANSCRIPT

Page 1: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

1

HP-UX Customer Patch Panel

HP-UX Successful Patching Strategies

Page 2: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

2

HP World – HP-UX Customer Patch Panel

presented by:

HP (Laurie Schoenbaum)Nestlé (Terri Mando)Brigham Young University (John Payne)Philips Research Labs (Donie Collins)Beckman Coulter ( Chris Maehara)

Page 3: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

3

Nestlé

Presented by: Terri Mando

Page 4: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

4

backgroundNestlé is Switzerland's largest industrial company and the world's largest food company.Nestlé USA headquartered in Glendale, CAtechnology used to stay competitive in the market place135 HP servers

HP-UX 10.20, 11.0 and 11.11D, K, L, N, and V-class serversLocated in Arizona, California, and Ohio

Nestlé

background

Page 5: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

5

background (Cont.)

all remote system administrationservers assigned to application groups

Per application: Test, Development, QA, and Production servers

SA assigned to application group24x7x356 supportprimary and backup5-16 servers per SA

CSS support on SAP, mostly PSS support

customized ASE, no onsite support

Nestlé

background

Page 6: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

6

patching strategy

twice a year proactive patchingstringent formal change management processphased rollout“12 step program”patch depot management strategy

one patch depot per OSuse of make_bundlesuse of “cleanup”

Nestlé

patch strategy

Page 7: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

7

patching strategypatch selection

Mission Critical (CSS) support contract delivers proactive patch bundles quarterly“conservative” change strategy (MCSCM) custom patch bundles are “delta” bundles

added to existing patch depots quarterly

only select patches applicable to environmentpatch dependencies handled by HP support (RASE)

Nestlé

patch strategy

Page 8: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

8

patching strategypatch warnings

HP support personnel track and provide recommendations on patch warnings

recommendations are individually assessed for applicability to environment

rarely has a patch been removed due to a patch warning

handled in next proactive patch cycle

Nestlé

patch strategy

Page 9: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

9

change management

documented change management processchange requests requiredformal approval processbusiness critical systems have a 4 hour maintenance window

Nestlé

change managemen

t

Page 10: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

10

patching strategypatch application/12 step program

pre patching change managementscheduling conflicts?health checkcommit patches and cleanup SD log filesswinstall –p (review logs, resolve issues)

patch applicationstop applicationsswinstall (Do it!)

Nestlé

patch application

Page 11: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

11

patching strategypatch application/12 step program

post patching review logshealth checkverify applicationschange management

Nestlé

patch application

Page 12: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

12

conclusions-recommendations

Nestlé

conclusions

written proceduresprovides consistency

pre-patching, patching, post-patching plan (12 step program)

provides a frameworkallows tasks to be automatedminimize time spent patching

proactive patching!!definition of success is not having a problem

Page 13: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

13

conclusions-recommendations

Nestlé

conclusions

available on the Interex Patch SIG website (http://www.interex.org/advocacy/mcgs/patch/index.html)

“Patching: A 12-Step Program”patch_preview.shpatch_do-it.sh“Patch Depot Management” document

Page 14: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

14

Brigham Young University

Presented by: John Payne

Page 15: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

15

backgroundBrigham Young University has grown from a small pioneer academy to one of the world’s largest private universities, with more than 29,000 students from 100 countriesIT supports payroll, student information, courses online and other content related to the university50 HP-UX systems

HP-UX 10.20, 11.0 and 11.11A500/rp2470s, rp8410, K-class, R-class, L-class, N-class

Brigham Young

University

background

Page 16: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

16

background (Cont.)

1primary system administrator24x7 with 4 hour responseno on-site HP support

Brigham Young

University

background

Page 17: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

17

patching strategyphilosophy

quarterly proactive patchingHP-UX 10.20 exceptionbased on release of SupportPlus media

goal: no unscheduled downtimeswitch from reactive to proactive maintenance to improve supportability3 month test cycle in lab before rolling to production

Brigham Young

University

patch strategy

Page 18: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

18

patching strategypatch warnings

QPK bundles reduce probability of a patch warningsecurity patches may be applied reactively

Brigham Young

University

patch strategy

Page 19: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

19

patching strategypatch application

clusters of redundant applications

maximizes system availability

non-redundant applications require off hour planned outagesproblems generally logged with the ITRC call manager

Brigham Young

University

patch strategy

Page 20: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

20

change management

formal change request processall system changes are logged

Brigham Young

University

change managemen

t

Page 21: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

21

conclusions-recommendations

quarterly proactive patching as virtually eliminated unscheduled downtime and reactive patchingquality of patches in QPK helps to stabilize systems – reduces riskadequately test before rolling to productioneliminating the need for system administers from working nights would be a plus!

Brigham Young

University

conclusions

Page 22: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

22

Philips Research Labs

Presented by: Donie Collins

Page 23: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

23

background

division of Philips Electronicstechnical computing support for 3000 users

1600 are researchers of various sciences1400 are from product division R&D departments

work in partnership with other IT departments within Philips

Philips Research

Labs

background

Page 24: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

24

Philips Research ICT Infrastructure: Philips Research ICT Infrastructure: Server Based Computing (NXA)Server Based Computing (NXA)

fileservers

H.A.

GigaBit Ethernet

Ethernet100BaseT/10BaseT

Networkswitches

Unix batch- and compute-servers for compute and memory intensive CAD

applications

Unix login-server(gateway to Unix for PC desktops)

Windows NT/2000 PC with X-server

Laptop W2000 with X-server

X-terminal(decreasing)

Windows Terminals Serversfor PC based applications

Unix Admin/license servers

Unix Backup servers

load balancing &redundancy

load balancing &redundancy

load balancing &redundancy

load balancing &redundancyNFS/CIFS

Page 25: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

25

background(Cont.)

150 HP9000 servers and workstations

standard system models and configurations

10 system administratorsPersonalized System Support (PSS)HP on-site hardware engineer99.97% uptime goal

Philips Research

Labs

background

Page 26: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

26

patching strategyphilosophy

if its not broken, don’t fix it; reactive patch philosophyexecute security_patch_check weekly

proactive with security patches

keep all systems at same patch level per OSone patch depot per OSstrive for only 3 patches; highest rated patchesuse QPK bundles to reduce individual point patches

Philips Research

Labs

patch strategy

Page 27: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

27

patching strategy(cont)

moving in direction of proactive maintenance with a “Enterprise Technical Server Environment (ETSE)”

includes QPK, HWE bundles and TCOE6 month delivery cycle

reduces management of point patches

Philips Research

Labs

patch strategy

Page 28: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

28

patching strategy patch selection

Philips Research

Labs

patch strategy

use IT Resource Center subscribe to patch digestuse patch database to download patchesITRC tools identify dependencies

QPK and HWE bundles

Page 29: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

29

patching strategypatch warnings

ITRC tools send proactive notification of patches with warnings warnings are examined for applicability and action is taken

do nothingturn off functionalityinstall superseding patchremove patch

Philips Research

Labs

patch strategy

Page 30: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

30

patching strategypatch application

SD-UX tools manage depots and installation3 step rollout

install on test systemroll to a few production systemscomplete rollout

system redundancy reduces planned and unplanned downtime

Philips Research

Labs

patch strategy

Page 31: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

31

change managementPhilips

Research Labs

change managemen

t

proactive configuration management

cfg2html tool

in-house monitoring tools and EMS component monitoring

Page 32: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

32

conclusions-recommendations

successful with ITRC tools and security_patch_check tool for

patch selectionpatch proactive notifications

looking to ETSE to reduce system administration time for patch management

make better use of QPK

take advantage of the continuous improvements with ITRC patch toolspatch installation is labor intensive and time consuming across 150 systems

Philips Research

Labs

conclusions

Page 33: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

33

Beckman Coulter

Presented by: Chris Maehara

Page 34: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

34

background

Beckman Coulter makes products that are used in hospital laboratories, physicians' offices and group practices. The company provides a variety of systems for medical research, drug discovery and biotechnology applications.business supported by various HP-UX and NT serversOracle applications, SAMBA, and Veritas for system backupMC/ServiceGuard used for high availability and to reduce planned downtime.

Beckman Coulter

background

Page 35: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

35

background (Cont.)

13 HP-UX serversL-class, N-class, two V2600sHP-UX 11.0 and 11.11

2 system administrators24x7 Critical System Support (CSS)

No onsite support

100% uptime goal

Beckman Coulter

background

Page 36: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

36

patching strategyphilosophy

quarterly proactive patchingrolling upgrades using MC/ServiceGuard4 stage rolloutmaster depot of patches for each supported OS release

cleanup command used patches kept for 1 yeartext file kept in separate directory for all patches ever applied

standard configurations minimize complexity

Beckman Coulter

patch strategy

Page 37: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

37

patching strategypatch selection

CSS contract delivers proactive patch bundleCPM (ITRC tool) delivers proactive notifications

CPM sends notifications of newly released patches based on system configurations

weekly review of CPM notificationspatches added to patch depot

matrix of patch dependenciesuse of SD master patch depot minimizes issues with patch dependencies

Beckman Coulter

patch strategy

Page 38: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

38

patching strategypatch warnings

patch warnings reviewed prior to patch applicationgenerally, patches with warnings left as is

Beckman Coulter

patch strategy

Page 39: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

39

patching strategypatch application

perform rolling upgradescopy all patches to be applied to a software depot, regardless of whether or not the patches are from a download or a CD.

ensures no corrupted patches

keep two versions of patch in depot

only latest patch will install

Beckman Coulter

patch strategy

Page 40: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

40

patching strategypatch application

use SD GUI to installmore user friendlycan make modifications if necessary without exiting the operation

after installation, review log filesverify successful installationverify configured

cleanup patches

Beckman Coulter

patch strategy

Page 41: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

41

change management

change requests requiredsign-off by business leadsMeasureWare and ITO monitors systems and changes

Beckman Coulter

change managemen

t

Page 42: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

42

conclusions-recommendations

Beckman Coulter

conclusions

well planned/tested rolloutsregular scheduled proactive patch applications

proactive better than reactive

always read “special installation” instructionsdo not “force install” a patchuse SD to resolve patch dependencies

Page 43: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

43

summaryall customers had some kind change management process for patchingall customers did some level of testing of patches prior to rolling into productionall customers are using some level of proactive patchingcustomers used a combination of HP support services, ITRC tools, and SupportPlus patch bundles (QPK)HA and/or redundant environments aid with reducing downtimesecurity patches are “classed” differentlypatches with warnings are rarely removed from a system

all customers

summary

Page 44: HP-UX Patch Program 1 HP-UX Customer Patch Panel HP-UX Successful Patching Strategies

HP-UX Patch

Program

44

questions?HP (Laurie Schoenbaum)Nestle (Terri Mando)Brigham Young University (John Payne)Philips Research Labs (Donie Collins)Beckman Coulter (Chris Maehara)

all customers

summary