8 Replies Latest reply on Sep 15, 2014 10:15 AM by Bala Dengale

    BSA Patching Dependency Identifications.

      Hi All,

       

      Today while discussion with customer question raised on Patch Analysis capability?

       

      Eg. For any vendor if latest last 5 patches missing from server. And vendor says no need to apply all 5 patches only apply last one.

      Does BSA identified this scenario? Or we need to modify job manually for remediation?

       

      We were not sure if vendor meta data contain like this dependencies solution.

       

      Any thought on this? Anyone face this before?

       

      Thanks,

      Bala

        • 1. Re: BSA Patching Dependency Identifications.
          Monoj Padhy

          If we know the specific patch details that needs to be deal with then during patch deployment we can choose that. However, if any dependency are there then deployment will fail and log will indicate the dependency details.

          Lets say you wish to deploy patch X and it has dependency on patch Y but you have not included Patch Y in your list then patch deployment of X will fail with some error like required patch missing or not included.

          • 2. Re: BSA Patching Dependency Identifications.
            Bill Robinson

            you can run a patching job and include only the patches you need to deploy.  that should include any required dependencies.  then build packages and jobs from the result of the patching job.

            • 3. Re: BSA Patching Dependency Identifications.

              Thanks Bill & Manoj,

               

              But is it Automatic or manual in remediation job. I think we need to modify remediation package to handle like this scenarios manually?

              Customer wanted to know if vendor says only latest patch required then BSA should identity and create remediation job only for last patch automatically.

               

              Thanks,

              Bala

              • 4. Re: BSA Patching Dependency Identifications.

                Which OS you looking to patch ? Bladelogic captures patch release/build dates in some of the OS Platforms using which one can create Patch smart group. The Same group can be used for Patch Analysis but whenever we go for remediation or Auto-remediation it will try for all patches within that group which are missing on servers. There is no out of the box way to control latest patch from missing list of patches.

                1 of 1 people found this helpful
                • 5. Re: BSA Patching Dependency Identifications.
                  Bill Robinson

                  "if vendor says only latest patch required then BSA should identity and create remediation job only for last patch automatically."

                  "For any vendor if latest last 5 patches missing from server. And vendor says no need to apply all 5 patches only apply last one"

                   

                  I'm not sure how you expect to automate something that is coming from your customer that is entirely arbitrary.  BSA will, buy default analyze for the latest patches available from the OS vendor.  I'm not sure what "last 5 patches" means here - most OS have patches for specific problems across a variety of OS components, so getting the last 5 would leave your system unpatched for many things that might have patches available but are not the 'last 5'.

                   

                  As Swapnil mentions you can create a patch smart group that contains the patches you want and use that in the patching job filters, or you could directly include the patches in the patching job filters.

                   

                  most customers will either looks for all patches of a certain level (eg 'Critical') or they may filter for specific patches. 

                  • 6. Re: BSA Patching Dependency Identifications.

                    Hi Bill, Swapnil,

                     

                    Sorry for confusion.

                     

                    I wanted to say when “Vendor says” means somewhere vendor metadata will specify dependency or patch upgrade path (I was not sure how metadata looks and how does BSA interpret it.)

                     

                    Last 5 was just example I used, I wanted to say from last one month server is not patched and Administrator found total 5 (4 individual + 1 major service pack) patches released to address different problem, but latest patch is major patch which addresses all 5 patches issue.

                     

                    Customer wanted to know behavior of BSA in this scenario does BSA analysis job shows missing 5 patches and create remediation job for all 5 or it will create remediation job only for last one.

                     

                    I think make sense to filter patches and then Analyse.

                     

                     

                    Thanks,

                     

                    Bala Dengale

                    • 7. Re: BSA Patching Dependency Identifications.
                      Bill Robinson

                      There’s an option in the patching job to include or exclude service packs.  I would suggest you first check only for service packs and apply them, and then do the analysis.  I don’t believe bsa will see the individual patches in a service pack (there’s no meta about that) so it would package both the individual patches and the SP in your example.

                      • 8. Re: BSA Patching Dependency Identifications.

                        Yeah, that’s the logical workaround so will never face this issue. First will Analyze for service pack and then probably individuals minor patches.

                         

                        Thanks Bill & Swapnil for your help.

                         

                         

                        Thanks,

                         

                        Bala Dengale