Update vs patching (267 Views)
Reply
Occasional Visitor
jberube
Posts: 3
Registered: ‎11-30-2010
Message 1 of 14 (267 Views)
Accepted Solution

Update vs patching

Hi everyone,

I'm looking for some opinions in regards of risks assessment to perform an OE release update (with update-ux) within the same OS version (ie. 11.31) versus just applying patch bundles?

I'm just trying to get some convincing arguments that we better update our boxes rather than just patching them, and maybe being able to prove it's not more risky to plan a downtime for an update vs patching.

For example, some of our servers are at base 11.31 MCOE (uname -r = B.11.31) but always been patched with the latest patch bundles. Wouldn't it be better not patching them at all compare to increasing the gap between the OE and the patch bundles? I noticed 11.31 update 7 release is now available... We're pretty far behind.

All our servers are hosting oracle DBs.

Hopefully, everything is clear... :)
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 2 of 14 (267 Views)

Re: Update vs patching

Hi:

Using 'update-ux' will update your installed *products* as well as apply patches. Therein lies the advantage to that course.

See Torsten's test case in this thread:

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1241964

Regards!

...JRF...
Honored Contributor
VK2COT
Posts: 921
Registered: ‎01-17-2006
Message 3 of 14 (267 Views)

Re: Update vs patching

Hello,

a) Full update-ux process is strongly
recommended and that is what I ask
customers to do. If they start talking about
risks to the business, I simply remind them
about Dynamic Root Disk and boot disk
cloning features.

The update-ux method is safe and there are
no "loose points". If possible, I also
encourage customers to use SWA on a regular
basis.

b) Patch bundles will patch existing
software, but update-ux will update products
(the core OS, all the drivers and even
independent software units that will not be
updated during patching).

c) update-ux is not only used to update from
a lower to a higher version (for example,
11.23 to 11.31), but also to update from an
older to a newer release within the same
version.

d) For many reasons, I strongly encourage
usage of update-ux with DRD. If the process
fails, only DRD environment is damaged - the
production side is not affected.

In one of the older emails that I keep, I
preserved a statement that I always like to
quote (I do not remember from which HP
document I got it from):

QUOTE
Cautions: HP strongly recommends that only a
complete OE be installed and that no
additions or removal of products in the OE
occur.

HP-UX 11i OEs have been packaged and tested
as complete solutions.

A mechanism for handling OE subsets is not
available. Installing applications delivered
with an OE separate from the entire OE will
not include those applications in the OE
bundle wrapper, preventing some operations
from identifying them as part of the OE.
Installing or removing individual products
in the OE may also impact the quality of the
OE. If you choose to add or remove
individual OE products to an 11i system or
remove a product from an installed OE, be
sure to specify all filesets listed in this
paper for the target product.

Omitting a fileset will prevent the product
(or other products that depend upon that
fileset) from functioning and could hang the
system.
END QUOTE

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Acclaimed Contributor
Torsten.
Posts: 23,451
Registered: ‎10-02-2001
Message 4 of 14 (267 Views)

Re: Update vs patching

See my test in the thread above.


Patching does patch and fix what you already have - you don't get updates.

Get new functionality and features by updating (only)!


This is the only way.


Use DRD and use update-ux.

Hope this helps!
Regards
Torsten.

__________________________________________________

There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________

No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Visitor
jberube
Posts: 3
Registered: ‎11-30-2010
Message 5 of 14 (267 Views)

Re: Update vs patching

I appreciate you folks talking the time to comment my post but you kinda explained to me the difference between update and patch but this is not what I was asking.

I was interested to know some convincing arguments that it is NOT more risky to update as opposed to just patch. I have to convince the business there are not more risks doing so.

DRD seem a good idea but requirements on the download page (https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=DynRootDisk) is saying for 11.23 we have to be at Sept 2004 release which is not our case since we're at the base level as I mentioned earlier. Systems never been updated, just patched... For our 11.31 boxes, I would have to uninstall SWM and reinstall, also install the lastest SWA (havent't read install doc yet...) and finally install DRD, so I'm far for being able to use it. Not even sure all these will be done without a reboot. So basically DRD is not an option for me now. Ignite is the only option we have now. Hence I'd like to know your opinion based on this.

So what is more acceptable in terms of risks, keep patching our systems but not updating them, or stop patching them... I mean there is also some risks to patch them...

Are the risks to break our systems while updating them about the same as just patching them?
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 6 of 14 (267 Views)

Re: Update vs patching

Hi:

> Are the risks to break our systems while updating them about the same as just patching them?

I would say "yes". In all cases, having an Ignite backup beforehand is probably the best insurance you have for catastrophic problems.

Regards!

...JRF...
Honored Contributor
Bob E Campbell
Posts: 764
Registered: ‎03-31-2004
Message 7 of 14 (267 Views)

Re: Update vs patching

If you only patch be aware that a significant amount of functionality does not release patches. This means that many critical fixes and resolutions to security vulnerabilities will never make it to your system.

* Use DRD or IUX to limit the risk of change

* Use an OE update as a base, adding patches and minor updates important in your environment

* Test your final selections

* Roll out to the least sensitive systems first
Honored Contributor
Tim Nelson
Posts: 3,727
Registered: ‎06-01-2000
Message 8 of 14 (267 Views)

Re: Update vs patching

There are also cases where another product requires a specific "update" version.

My example is IVM 4.x. It requires 11.23.0907 (I made up this number)

you must "update" hpux with this release in order to install/upgrade IVM 4.x.

patching your existing installation will not meet the requirements.



Occasional Visitor
jberube
Posts: 3
Registered: ‎11-30-2010
Message 9 of 14 (267 Views)

Re: Update vs patching

Just to keep you folks updated, I've booked a case at HP to debate on this matter and the conclusion is:

We will be supported as long as we apply QPK patch bundles, even thought the OS is not at the latest release.

Talking about risks, HP confirmed update is more risky because we're using update-ux compare to swinstall for patch bundles, but they also warn me about some fixes that are not part of bundles as some folks already highlighted in this post.

Thank you all for your time.
Acclaimed Contributor
Torsten.
Posts: 23,451
Registered: ‎10-02-2001
Message 10 of 14 (267 Views)

Re: Update vs patching

As said, while doing patching only, you stay with old but fixed products.

With one of the initial releases of 11.31 for example, you will never have LVM 2.1 and need to stay with LVM 1.0.

Hope this helps!
Regards
Torsten.

__________________________________________________

There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________

No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Acclaimed Contributor
Torsten.
Posts: 23,451
Registered: ‎10-02-2001
Message 11 of 14 (264 Views)

Re: Update vs patching

Regarding the risk - finally - if using DRD the risk is minimal, because the original OS remains untouched; you clone the OS, upgrade the clone, boot the clone.
In case of problems you boot the original OS.

Hope this helps!
Regards
Torsten.

__________________________________________________

There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________

No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Honored Contributor
Wim Rombauts
Posts: 888
Registered: ‎08-20-1997
Message 12 of 14 (264 Views)

Re: Update vs patching

You can do more with swinstall than just install patches.
swinstall can install anything : Patches, drivers, software, ... anything you need to keep your current OS up-to-date.
To maintain your HP-UX 11i v3 installation, you really don't need update-ux. swinstall can do it all. I do this all with swinstall, allwys have, and I am happy with it.

There is only one reason to use update-ux : swinstall will not allow you to install incompatible software. If you want to upgrade your HP-UX 11i v2 server to 11i v3, swinstall will refuse to select the 11i v3 software, because it is incompatible with your cuirrent kernel. update-ux will be the tool for this.
Acclaimed Contributor
Torsten.
Posts: 23,451
Registered: ‎10-02-2001
Message 13 of 14 (264 Views)

Re: Update vs patching

@Wim: How about the core OS?

Hope this helps!
Regards
Torsten.

__________________________________________________

There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________

No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Visitor
Mary DeNoyer
Posts: 3
Registered: ‎11-09-2009
Message 14 of 14 (264 Views)

Re: Update vs patching

I inherited older systems that were never updated until unless we were upgrading versions. I started patching annually. Then my 11.23 servers had to move to rss (centralied remote support). What a mess. We will NEVER get that far behind again (2004).
I now have 11.31 database servers and need cio function that is available with newer updates of online jfs. I also need to patch these servers. I'm testing update-ux and intend to use it from now on. DRD is part of the install I used for 11.31 VSE so that is not a problem. I'm just taking my time testing. So far 4 rounds on the test server to get familiar with what happens if I only patch, patch and update the OE, patch, update the OE and add newer vxfs, etc. I agree DRD makes this easier in testing and less risky moving to production.
I think you should start updating. Maybe get them patched now and give yourself time to get used to update-ux.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.