Linux patches are managed by linking to Yellowdog Updater Modified (yum). The following diagram shows the overall flow of Linux patch management:

Figure 2.5 Overview of Linux patch management

1. Download patches [operation by the infrastructure administrator]

   The infrastructure administrator uses the Internet terminal to download the latest patches (RPM packages) from either the Fujitsu website or the Red Hat Network.

2. Register patches [operation by the infrastructure administrator]

   The infrastructure administrator registers the patches (RPM packages) with the yum repository server. The infrastructure administrator then defines these patches as part of the Linux patch management target.
   If patches have been added to or removed from the yum repository server, define the Linux patch management target again and then execute the yum cache cleanup notification command.

3. Obtain the patch application status [processing by Systemwalker Software Configuration Manager]

   Systemwalker Software Configuration Manager extracts information about which RPM packages have been applied or can be applied from each server, and then registers this information in the CMDB.

   RPM package information can be obtained either automatically or manually (using a command).

4. Send new patch registration notification [processing by Systemwalker Software Configuration Manager]

   When Systemwalker Software Configuration Manager detects a new patch, an email is automatically sent to each tenant user and each tenant administrator, notifying them that the new patch has been registered.

5. Execute patch application [operation by the tenant user or the tenant administrator]

   Either the tenant user or the tenant administrator logs in to the management console and applies the new patch.

6. Obtain patch application information [processing by Systemwalker Software Configuration Manager]

   Systemwalker Software Configuration Manager extracts patch application information from each server and stores it in the CMDB.

7. Look up the patch application status

   The infrastructure administrator, dual-role administrator, tenant administrator and tenant user log in to the management console and check the patch application status.