Use > Server patching > Patch management for Solaris > Patch management process

Patch management process

There are two main use cases in Solaris patching:

Patching selected servers

The following figure shows the steps required when you know which Solaris servers you want to patch and how you identify which patches those servers need. These steps include downloading and installing patches on your Solaris managed servers.

Patching Selected Servers

 

  1. A policy setter determines which Solaris servers need to be patched. For example, you may want to patch one specific Solaris server, all your servers running 5.10, all servers used by a particular department, or some other subset of your Solaris servers.
  2. A policy setter uses the solpatch_import command to download the patches from Oracle that are required by the selected Solaris servers. The solpatch_import command determines which patches are required by the selected servers, resolves all patch dependencies, and includes all applicable patches.
  3. A policy setter adds the patches to a Solaris patch policy.

    This step can be completed by running the solpatch_import command as part of step 2 (excluding patch bundles) or you can manually place the Solaris patches into a patch policy by using the SA Client.

  4. A system administrator attaches the patch policies to managed servers.

    Your system administrator can test the patches by attaching the patch policy to one or more test servers, to make sure they behave as expected. If problems occur, you can add or remove patches from the patch policy and then test the patches again. After testing is complete, your system administrator can attach the patch policy to all other Solaris servers.

  5. A system administrator remediates patch policies. The remediate process installs the patches on your managed servers.

  6. A compliance manager performs a compliance scan to determine which servers do not have the required patches installed.

Installing selected patches

The following figure shows the steps required when you know which Solaris patches you want to install and how you identify all dependent patches. These steps include downloading and installing one or more Solaris patches.

Installing selected patches

  1. A policy setter determines which Solaris patches need to be installed. You might be required to install one specific Solaris security patch or one specific patch that fixes a known problem on your managed servers.
  2. A policy setter uses the solpatch_import command to download specific patches, patch clusters, or patch bundles from Oracle.
  3. A policy setter adds the patches to a Solaris patch policy.

    This step can be completed by running the solpatch_import command as part of step 2 (excluding patch bundles) or you can manually add the Solaris patches to a patch policy by using the SA Client.

  4. A policy setter uses the button in the SA Client to resolve all dependencies for patches in the patch policy, including determining dependent patches, superseding patches, obsolete patches, incompatible patches, and withdrawn patches.
  5. A system administrator attaches the patch policies to managed servers.

    Your system administrator can test the patches by attaching the patch policy to one or more test servers, to make sure they behave as expected. If problems occur, you can add or remove patches from the patch policy and then test the patches again. After testing is complete, your system administrator can attach the patch policy to all other Solaris servers.

  6. A system administrator remediates patch policies. The remediate process installs the patches on your managed servers.
  7. A compliance manager performs a compliance scan to determine which servers do not have the required patches installed.