We're currently running BL 7.6 and investigating what it takes to upgrade to 8.1.02. We currently are using patch management with a few scripts on top. The scripts will in fact prepare analysis jobs with an includelist defining the current patch level.
So each of these patch analysis jobs is for a patch level ( Patches november2011, Patches december2011, ...) This way we can make sure that the set of patches that was tested in Development is the set that is in fact deployed to production. This sometimes poses some trouble with superseded patches and new releases of patches but in general it works.
Within 8.1.02 the patch mechanism is more intelligent. It seems to support more possibilities to organize the patching. But with more possibilities comes the process of choosing the correct path
With the knowledge I possess right now I think I have two options:
1) Start with a catalog that contains all Windows platforms that are used in here and on that catalog we can then create different smartgroups. The smartgroups would look like: "Includelist november2011", "Includelist december2011", ... And maybe some excludelists as well.
Within the white paper about security patches I've noticed a warning about using the lists option within the analysis job. Relations between patches will not be honored. Which seems to frighten me a bit
2) Create a new patch catalog for every patch level. This makes sure the patches that were downloaded in the beginning are the patches that we'll use. We can then skip the lists option in the analysis job an make use of the logic to detect superseding patches. But this has a side effect to: The Catalogs need some repository to download the patches to. If we duplicate the catalogs we will need different payload repositories because we want to make sure nothing is changed on the patches. That will surely need a lot of diskspace when more catalogs are created. Also the download will be done multiple times.
Both options seem to be valid for me but the both have side effects as well. Are there users in here that have a comparable requirement and maybe wondered about these options as well? Or even tried one of the options?
Any ideas, remarks, better solutions, do's, don'ts, ...