Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | clinton-daniel |
View: | 237 times |
Download: | 6 times |
HP-UX Patch
Program
1
HP-UX Customer Patch Panel
HP-UX Successful Patching Strategies
HP-UX Patch
Program
2
HP World – HP-UX Customer Patch Panel
presented by:
HP (Laurie Schoenbaum)Nestlé (Terri Mando)Brigham Young University (John Payne)Philips Research Labs (Donie Collins)Beckman Coulter ( Chris Maehara)
HP-UX Patch
Program
3
Nestlé
Presented by: Terri Mando
HP-UX Patch
Program
4
backgroundNestlé is Switzerland's largest industrial company and the world's largest food company.Nestlé USA headquartered in Glendale, CAtechnology used to stay competitive in the market place135 HP servers
HP-UX 10.20, 11.0 and 11.11D, K, L, N, and V-class serversLocated in Arizona, California, and Ohio
Nestlé
background
HP-UX Patch
Program
5
background (Cont.)
all remote system administrationservers assigned to application groups
Per application: Test, Development, QA, and Production servers
SA assigned to application group24x7x356 supportprimary and backup5-16 servers per SA
CSS support on SAP, mostly PSS support
customized ASE, no onsite support
Nestlé
background
HP-UX Patch
Program
6
patching strategy
twice a year proactive patchingstringent formal change management processphased rollout“12 step program”patch depot management strategy
one patch depot per OSuse of make_bundlesuse of “cleanup”
Nestlé
patch strategy
HP-UX Patch
Program
7
patching strategypatch selection
Mission Critical (CSS) support contract delivers proactive patch bundles quarterly“conservative” change strategy (MCSCM) custom patch bundles are “delta” bundles
added to existing patch depots quarterly
only select patches applicable to environmentpatch dependencies handled by HP support (RASE)
Nestlé
patch strategy
HP-UX Patch
Program
8
patching strategypatch warnings
HP support personnel track and provide recommendations on patch warnings
recommendations are individually assessed for applicability to environment
rarely has a patch been removed due to a patch warning
handled in next proactive patch cycle
Nestlé
patch strategy
HP-UX Patch
Program
9
change management
documented change management processchange requests requiredformal approval processbusiness critical systems have a 4 hour maintenance window
Nestlé
change managemen
t
HP-UX Patch
Program
10
patching strategypatch application/12 step program
pre patching change managementscheduling conflicts?health checkcommit patches and cleanup SD log filesswinstall –p (review logs, resolve issues)
patch applicationstop applicationsswinstall (Do it!)
Nestlé
patch application
HP-UX Patch
Program
11
patching strategypatch application/12 step program
post patching review logshealth checkverify applicationschange management
Nestlé
patch application
HP-UX Patch
Program
12
conclusions-recommendations
Nestlé
conclusions
written proceduresprovides consistency
pre-patching, patching, post-patching plan (12 step program)
provides a frameworkallows tasks to be automatedminimize time spent patching
proactive patching!!definition of success is not having a problem
HP-UX Patch
Program
13
conclusions-recommendations
Nestlé
conclusions
available on the Interex Patch SIG website (http://www.interex.org/advocacy/mcgs/patch/index.html)
“Patching: A 12-Step Program”patch_preview.shpatch_do-it.sh“Patch Depot Management” document
HP-UX Patch
Program
14
Brigham Young University
Presented by: John Payne
HP-UX Patch
Program
15
backgroundBrigham Young University has grown from a small pioneer academy to one of the world’s largest private universities, with more than 29,000 students from 100 countriesIT supports payroll, student information, courses online and other content related to the university50 HP-UX systems
HP-UX 10.20, 11.0 and 11.11A500/rp2470s, rp8410, K-class, R-class, L-class, N-class
Brigham Young
University
background
HP-UX Patch
Program
16
background (Cont.)
1primary system administrator24x7 with 4 hour responseno on-site HP support
Brigham Young
University
background
HP-UX Patch
Program
17
patching strategyphilosophy
quarterly proactive patchingHP-UX 10.20 exceptionbased on release of SupportPlus media
goal: no unscheduled downtimeswitch from reactive to proactive maintenance to improve supportability3 month test cycle in lab before rolling to production
Brigham Young
University
patch strategy
HP-UX Patch
Program
18
patching strategypatch warnings
QPK bundles reduce probability of a patch warningsecurity patches may be applied reactively
Brigham Young
University
patch strategy
HP-UX Patch
Program
19
patching strategypatch application
clusters of redundant applications
maximizes system availability
non-redundant applications require off hour planned outagesproblems generally logged with the ITRC call manager
Brigham Young
University
patch strategy
HP-UX Patch
Program
20
change management
formal change request processall system changes are logged
Brigham Young
University
change managemen
t
HP-UX Patch
Program
21
conclusions-recommendations
quarterly proactive patching as virtually eliminated unscheduled downtime and reactive patchingquality of patches in QPK helps to stabilize systems – reduces riskadequately test before rolling to productioneliminating the need for system administers from working nights would be a plus!
Brigham Young
University
conclusions
HP-UX Patch
Program
22
Philips Research Labs
Presented by: Donie Collins
HP-UX Patch
Program
23
background
division of Philips Electronicstechnical computing support for 3000 users
1600 are researchers of various sciences1400 are from product division R&D departments
work in partnership with other IT departments within Philips
Philips Research
Labs
background
HP-UX Patch
Program
24
Philips Research ICT Infrastructure: Philips Research ICT Infrastructure: Server Based Computing (NXA)Server Based Computing (NXA)
fileservers
H.A.
GigaBit Ethernet
Ethernet100BaseT/10BaseT
Networkswitches
Unix batch- and compute-servers for compute and memory intensive CAD
applications
Unix login-server(gateway to Unix for PC desktops)
Windows NT/2000 PC with X-server
Laptop W2000 with X-server
X-terminal(decreasing)
Windows Terminals Serversfor PC based applications
Unix Admin/license servers
Unix Backup servers
load balancing &redundancy
load balancing &redundancy
load balancing &redundancy
load balancing &redundancyNFS/CIFS
HP-UX Patch
Program
25
background(Cont.)
150 HP9000 servers and workstations
standard system models and configurations
10 system administratorsPersonalized System Support (PSS)HP on-site hardware engineer99.97% uptime goal
Philips Research
Labs
background
HP-UX Patch
Program
26
patching strategyphilosophy
if its not broken, don’t fix it; reactive patch philosophyexecute security_patch_check weekly
proactive with security patches
keep all systems at same patch level per OSone patch depot per OSstrive for only 3 patches; highest rated patchesuse QPK bundles to reduce individual point patches
Philips Research
Labs
patch strategy
HP-UX Patch
Program
27
patching strategy(cont)
moving in direction of proactive maintenance with a “Enterprise Technical Server Environment (ETSE)”
includes QPK, HWE bundles and TCOE6 month delivery cycle
reduces management of point patches
Philips Research
Labs
patch strategy
HP-UX Patch
Program
28
patching strategy patch selection
Philips Research
Labs
patch strategy
use IT Resource Center subscribe to patch digestuse patch database to download patchesITRC tools identify dependencies
QPK and HWE bundles
HP-UX Patch
Program
29
patching strategypatch warnings
ITRC tools send proactive notification of patches with warnings warnings are examined for applicability and action is taken
do nothingturn off functionalityinstall superseding patchremove patch
Philips Research
Labs
patch strategy
HP-UX Patch
Program
30
patching strategypatch application
SD-UX tools manage depots and installation3 step rollout
install on test systemroll to a few production systemscomplete rollout
system redundancy reduces planned and unplanned downtime
Philips Research
Labs
patch strategy
HP-UX Patch
Program
31
change managementPhilips
Research Labs
change managemen
t
proactive configuration management
cfg2html tool
in-house monitoring tools and EMS component monitoring
HP-UX Patch
Program
32
conclusions-recommendations
successful with ITRC tools and security_patch_check tool for
patch selectionpatch proactive notifications
looking to ETSE to reduce system administration time for patch management
make better use of QPK
take advantage of the continuous improvements with ITRC patch toolspatch installation is labor intensive and time consuming across 150 systems
Philips Research
Labs
conclusions
HP-UX Patch
Program
33
Beckman Coulter
Presented by: Chris Maehara
HP-UX Patch
Program
34
background
Beckman Coulter makes products that are used in hospital laboratories, physicians' offices and group practices. The company provides a variety of systems for medical research, drug discovery and biotechnology applications.business supported by various HP-UX and NT serversOracle applications, SAMBA, and Veritas for system backupMC/ServiceGuard used for high availability and to reduce planned downtime.
Beckman Coulter
background
HP-UX Patch
Program
35
background (Cont.)
13 HP-UX serversL-class, N-class, two V2600sHP-UX 11.0 and 11.11
2 system administrators24x7 Critical System Support (CSS)
No onsite support
100% uptime goal
Beckman Coulter
background
HP-UX Patch
Program
36
patching strategyphilosophy
quarterly proactive patchingrolling upgrades using MC/ServiceGuard4 stage rolloutmaster depot of patches for each supported OS release
cleanup command used patches kept for 1 yeartext file kept in separate directory for all patches ever applied
standard configurations minimize complexity
Beckman Coulter
patch strategy
HP-UX Patch
Program
37
patching strategypatch selection
CSS contract delivers proactive patch bundleCPM (ITRC tool) delivers proactive notifications
CPM sends notifications of newly released patches based on system configurations
weekly review of CPM notificationspatches added to patch depot
matrix of patch dependenciesuse of SD master patch depot minimizes issues with patch dependencies
Beckman Coulter
patch strategy
HP-UX Patch
Program
38
patching strategypatch warnings
patch warnings reviewed prior to patch applicationgenerally, patches with warnings left as is
Beckman Coulter
patch strategy
HP-UX Patch
Program
39
patching strategypatch application
perform rolling upgradescopy all patches to be applied to a software depot, regardless of whether or not the patches are from a download or a CD.
ensures no corrupted patches
keep two versions of patch in depot
only latest patch will install
Beckman Coulter
patch strategy
HP-UX Patch
Program
40
patching strategypatch application
use SD GUI to installmore user friendlycan make modifications if necessary without exiting the operation
after installation, review log filesverify successful installationverify configured
cleanup patches
Beckman Coulter
patch strategy
HP-UX Patch
Program
41
change management
change requests requiredsign-off by business leadsMeasureWare and ITO monitors systems and changes
Beckman Coulter
change managemen
t
HP-UX Patch
Program
42
conclusions-recommendations
Beckman Coulter
conclusions
well planned/tested rolloutsregular scheduled proactive patch applications
proactive better than reactive
always read “special installation” instructionsdo not “force install” a patchuse SD to resolve patch dependencies
HP-UX Patch
Program
43
summaryall customers had some kind change management process for patchingall customers did some level of testing of patches prior to rolling into productionall customers are using some level of proactive patchingcustomers used a combination of HP support services, ITRC tools, and SupportPlus patch bundles (QPK)HA and/or redundant environments aid with reducing downtimesecurity patches are “classed” differentlypatches with warnings are rarely removed from a system
all customers
summary
HP-UX Patch
Program
44
questions?HP (Laurie Schoenbaum)Nestle (Terri Mando)Brigham Young University (John Payne)Philips Research Labs (Donie Collins)Beckman Coulter (Chris Maehara)
all customers
summary