PROACTIVE PATCH MANAGEMENT STRATEGY
Patch management doesn't need to be complex.
patch more effectively with our proactive patch management strategy.
Patch management doesn't need to be complex.
patch more effectively with our proactive patch management strategy.
An Introduction to Patching
There are three certainties in life. Death, taxes, and patching.
However, no matter how arduous a task patching can be, you will need to apply these updates sooner or later.
Patching is the act of updating your software with small updates, rather than upgrading and replacing the entire software suite with the latest version. These small updates might include repairing security exploits that have been discovered, fixing or removing computer bugs, or adding minor feature updates and improvements.
So, patching keeps our software up to date. That means we should always patch as early as possible and frequently, right?
Well, yes and no… it’s a little more complicated than that.
Benefits & Challenges
Benefits & Challenges
Statistically, only 33% of DBAs have ever applied a critical patch update (CPU) or patch set update (PSU).
This is problematic – patching is a crucial responsibility of database management. There are reasons for this – not least a host of challenges that need to be overcome.
Benefits
- Critical patches retrospectively install previous security updates.
- Patching delivers fixes for known or recently discovered bugs.
- Quality of life features are often included in patching, leading to higher productivity.
- Keeping your database healthy and up to date yields performance benefits.
Challenges
- Larger, more complex environments take a significant amount of time.
- Sometimes, a patching event fails or can create new issues due to conflicts.
- Some patches have dependencies, which add to the complexity. Failure to patch in the right order increases the likelihood of failure.
- Without a patching strategy, you risk rushing the process and making mistakes. In some cases, allowing Malware into your system.
The benefits far outweigh the challenges in terms of net gain. Quality of life improvements are a welcome boost in productivity, whereas cyber security is unquestionably paramount.
Patch Management Challenges
Patch Volume
Prior to applying patches, you need to consider the volume and how this could affect your day-to-day operations.
For example, in the April 2020 cumulative patch release, some 400 patches were available for Oracle products, including security updates for 297 vulnerabilities. The October 2020 cumulative patch also featured over 400 patches.
You’ll often find that patching rarely involves the installation of a single update.
Patch Management Challenges
Time-consuming Patches
Some patches can be installed in a few seconds, but the critical cumulative patches often take much longer.
Often, you will need to find a quiet period to apply the updates in order to avoid disruption to day-to-day business. But it isn’t just the time taken to apply patches; additional time must be allotted, just in case you need to roll back the update.
By planning which patches we should install, we can also reduce the time it takes to install them.
Patch Management Challenges
Time-consuming Patches
Patch Management Challenges
Patch Complexity
Not all patches are relevant to all installations and all deployments. Sometimes, differing patches may conflict with previous versions, or in certain cases an earlier update may have its own patch.
There also may be dependencies between patches, so you may have to install more than just the original patch.
Understanding which patches need to be applied, in which order to perform them, and assessing your critical priorities is the key to a successful patching strategy.
Patch Management Challenges
Troubleshooting
If research has not been done properly, you may find that a patch causes a software conflict, meaning it needs to be uninstalled and re-applied.
There is nothing more soul destroying than having to uninstall the previous two or three hours of Patching.
Planning for these complications and possessing much of the experience necessary to troubleshoot effectively is crucial.
Patch Management Challenges
Troubleshooting
Patch Management Challenges
Patch Frequency
Oracle typically releases new patches about every 3 months, with Microsoft publishing patches even more frequently; usually every 2 months.
It is no wonder that a significant proportion of DBAs are reluctant to patch their databases and, in some cases, never do.
This raises the question – what can be done to remediate this situation?
Proactive Solutions for Optimal Patch Management
Strategic Planning
The best way to achieve a successful outcome is through careful and considered planning.
Xynomix’s proactive patch management strategy combines years of Oracle knowledge with our many, many years of patching experience. Our team live and breathe database management, plus they’re always up-to-date with the latest patching innovations and best-practices.
As a result, Xynomix have created patching policies, strategies, testing processes, and project governance roadmaps to ensure that the right activities always occur at the right time. This strategic planning guarantees that communications are well-managed before, during, and after the patching exercise.
Xynomix’s patch management strategy is the embodiment of the lessons learnt from years of patching engagements. These hints, tips, and tricks make future patching events a straightforward success and relatively pain-free.
Proactive Solutions for Optimal Patch Management
Planning for Deficiencies
The success or failure of patching hinges on the planning.
Planning keeps everyone informed of the appropriate steps required, who they will be performed by, and when.
More importantly, planning allows any dependencies to be addressed. Highlighting potential dependencies adds structure to the task and enables our team to establish the best course of action.
Ignoring these dependencies will almost certainly cause patching to go awry, cause delays, or even lead to the failure of the patching process.
Consider RMAN (Oracle Recovery Manager) compatibility, for example. RMAN is often used to backup and restore data; a dependency that can easily be overlooked.
Put simply, the RMAN repository version must be equal to or greater than the database version that is to be backed up. An understanding of the consequences of any mismatches that are between any version numbers is essential because older versions do not have access to some of the features of RMAN’s more recent versions.
By adopting a patch management strategy, preparation can be retained from previous patching events. Xynomix uses the RMAN compatibility table to serve as a repository for previous patching events.
If applying multiple patches at once, or patches over time, this is an essential step.
By amending rather than recreating the table each time, we can append new changes and remove any older versions that are no longer supported. Modifying the previous table takes less time, reduces the likelihood of introducing errors in future patches, and improves the chances of success whilst shrinking the overall patching time!
Examples like this are why the experience from Xynomix offers such an advantage.
Proactive Solutions for Optimal Patch Management
Planning to Avoid Downtime
Planning also allows us to account for any potential downtime.
For example, roadmapping means that we can plan patching events precisely and keep the relevant parties informed, including your operations team and run partner.
Clear messaging delivers peace of mind to all areas of the business and helps avoid the risk of an untimely disappearance of a managed database!
Once the plan is in place, dependencies have been checked, and the patches have been downloaded, we test the updates in a non-production environment.
This allows the process to be checked and any mis-steps or oversights identified and rectified. It also means we can estimate how long the patching process will take.
The final part of the process is to document the work carried out and establish the outcome. Remember to highlight the successes as well as anything that did not go quite as planned.
This last step is often overlooked in the relief of successfully completing the patching process, but it is probably one of the most important.
It also addresses lessons learned and mistakes made, helping to avoid these in future patching exercises. It is important to remember that one of the difficulties with patching is the frequency of new patches.
Conclusion
Conclusion
Patching events are incredibly important. They offer increased security, superior quality of life improvements, and ensure that your database runs optimally.
Running a frequent patch management strategy means that patching doesn’t need to be the dreaded, procrastinated activity it has acquired the reputation for.
Xynomix’s experience in the patching arena means that together, we can turn this once feared and delayed activity into simply another routine administration task.
Supported by Xynomix
Got any questions? Email us at [email protected]
or give us a call on 0345 222 9600.
