Manage software patches. Software patch management is performed in coordination with the software (patch) management tools provided by the respective software vendors. In Systemwalker Software Configuration Manager, a coordinated software (patch) management tool is called an information collection source. For Fujitsu middleware, use UpdateAdvisor (middleware) as the information collection source. Patch management methods differ between Fujitsu middleware and other software. The overall flow of operations is as follows.
Figure 1.4 Overview of Fujitsu Middleware Patch Management
Point
When the admin server has Internet access, work performed using Internet terminals can be performed on the admin server.
Obtain Fujitsu middleware information, and perform discovery
Obtain the update application management registry configuration file from the UpdateSite and collect the latest software installation and patch application statuses. The update application management registry configuration file must be updated to collect the latest software installation and patch application statuses. During operation, also obtain the latest application management registry configuration file from the UpdateSite.
Obtain the latest information (the update application management registry configuration file) [operation by an infrastructure administrator]
Infrastructure administrators use Internet terminals to download the latest update application management registry configuration files from the UpdateSite.
Register the latest information (the update application management registry configuration file) [operation by an infrastructure administrator]
Infrastructure administrators use the UpdateAdvisor Asset Registration command on the admin server to store the latest update application management registry configuration files in media libraries.
Collect patch application status information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager uses the update application management registry configuration files that have been registered to collect patch application status information from each business server.
Obtain Fujitsu middleware patches
Obtain Fujitsu middleware patches from the UpdateSite and store them in media libraries. Patches stored in media libraries can be distributed (applied) to business servers.
Obtain the latest patch release information [operation by an infrastructure administrator]
Infrastructure administrators look up email notifications from FSC-NEWS (SupportDesk customer notifications) and the UpdateSite (the website for the Fujitsu SupportDesk) to obtain information about the latest patches that have been released.
Obtain patch management information [operation by an infrastructure administrator]
Infrastructure administrators use the Patch Management Information Acquisition command on the admin server to obtain patch management information.
Infrastructure administrators copy the patch management information and released patch acquisition tools obtained from the admin server to Internet terminals.
Download patches [operation by an infrastructure administrator]
Infrastructure administrators use the released patch acquisition tools on Internet terminals to download newly released patches from the UpdateSite.
Register update files [operation by an infrastructure administrator]
Infrastructure administrators use the Fujitsu Middleware Patch Registration command on the admin server to store the downloaded files in media libraries.
Check the distribution and application of Fujitsu middleware patches
Distribute (apply) the Fujitsu middleware patches that were stored in the media library.
Send latest patch release notifications by email [processing by Systemwalker Software Configuration Manager]
Tenant administrators and tenant users receive email notifications from Systemwalker Software Configuration Manager informing them that the latest patches have been released.
Send patch distribution and application requests [operation by an infrastructure administrator, tenant user, or tenant administrator]
Tenant users or tenant administrators use the management console to distribute the latest patches to business servers.
Infrastructure administrators can also apply patches using the command on the admin server.
In addition, to apply Fujitsu middleware patches, scripts specifying the application processes must be created and then registered as post-execution scripts.
Distribute and apply patches [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager distributes the specified patches to the specified business servers.
If application scripts have been registered, Systemwalker Software Configuration Manager also applies the patches by executing the application scripts. If application scripts have not been registered, log on directly to business servers and apply the patches manually.
Check execution status [operation by an infrastructure administrator, tenant administrator, or tenant user]
Check patch application statuses using the management console or the command on the admin server.
Collect patch application status information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager uses the update application management registry configuration files that have been registered to collect software installation status and patch application status information from each business server.
Confirm patch distribution and application
Infrastructure administrators, tenant administrators, or tenant users log in to the management console and check the patch application statuses. Infrastructure administrators can also check the patch application statuses using the command on the admin server.
The following table explains the operation flow for each role.
Operation flow | User Roles | Reference | |||||
|---|---|---|---|---|---|---|---|
Infrastructure Administrator | Dual-Role Administrator | Tenant Administrator | Tenant User | ||||
1 | 1 | Obtain the latest information (the update application management registry configuration file) | Y | Y | - | - | Refer to the UpdateAdvisor (middleware) manuals. |
2 | Register the latest information (the update application management registry configuration file) | Y | Y | - | - | Refer to "UpdateAdvisor Asset Registration Command" in the Reference Guide. | |
3 | Collect patch application status information | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide | |
2 | 1 | Obtain the latest patch release information | Y | Y | - | - | Refer to the email notifications from FSC-NEWS (SupportDesk customer notifications) and the information available from the UpdateSite (the Fujitsu SupportDesk website). |
2 | Obtain patch management information | Y | Y | - | - | "Released Patch Management Information Acquisition Command" in the Reference Guide | |
3 | Download the latest patches | Y | Y | - | - | "Released Patch Acquisition Tool" in the Reference Guide. | |
4 | Register update files | Y | Y | - | - | "Fujitsu Middleware Patch Registration Command" in the Reference Guide. | |
3 | 1 | Send latest patch release notifications by email | - | - | - | - | An email is sent automatically when a new patch is acquired. If email transmission fails, either an infrastructure administrator or a dual-role administrator must resend the email using the Email Resend Command as described in the Reference Guide. |
2 | Send patch distribution and application requests | Y(*1) | Y | Y(*2) | Y(*2) | "Patch Application Wizard" in "Patches" in the Operator's Guide For details on how to apply patches, refer to "2.10 Fujitsu Middleware Patch Application". "Patch Application Command" in the Reference Guide | |
3 | Distribute and apply patches | - | - | - | - | - | |
4 | Check execution status | Y | Y | Y(*2) | Y(*2) | "Job Management" in the Operator's Guide "Job Information Management Command" in the Reference Guide | |
5 | Collect patch application status information | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide | |
6 | Confirm patch distribution and application | Y | Y | Y(*2) | Y(*2) | "Patches" in the Operator's Guide "Patch Information Output Command" in the Reference Guide | |
Y: Implement the task
-: Do not implement the task
*1: Only commands can be executed.
*2: Only the management console can be operated.
In patch management of software other than Fujitsu middleware, the latest software and patch information is collected and defined beforehand. During discovery, the collected installed software information and software definitions registered beforehand are compared, and the applied patch information and patch definitions are compared in order to enable the collection of the installation status of software and the application status of patches. Patch application is a function of configuration modification.
There are two ways to obtain the latest software information and patch information:
Obtaining information published by the respective software vendors.
Use the installed software information and applied patch information that are collected from this server by the discovery function using a server with the latest patches already applied as a means of verification.
The following diagram shows the overall flow for cases a and b.
Figure 1.5 Overview of Patch Management for Software Other than Fujitsu Middleware
Register information collection sources [operation by an infrastructure administrator]
Infrastructure administrators define coordinated software (patch) management tools as information collection sources. The definitions of information collection sources include scripts that collect installed software information and applied patch information from software (patch) management tools. Definitions of information collection sources can be registered using a command.
This step is not necessary if using the information collection sources pre-registered in this product.
Define collection items [operation by an infrastructure administrator]
Infrastructure administrators define software, versions, and other information that can be collected from information collection sources as collection items. Collection items are defined by being divided into software and patches.
Create software patch collection scripts [operation by an infrastructure administrator]
Infrastructure administrators create scripts for collecting the information of collection items from information collection sources.
Register information collection sources [operation by an infrastructure administrator]
Infrastructure administrators register the defined collection items and created software patch collection scripts as information collection sources.
Obtain the latest software information and patch information
Obtain the latest software information and patch information and collect the software installation and patch application statuses. To collect the software installation and patch application statuses, it is necessary to obtain the latest software information and patch information periodically during operation.
Obtain the latest information [operation by an infrastructure administrator]
Infrastructure administrators obtain the latest software and patch information from the information released by the respective software vendors.
This step is not necessary.
Register the latest information [operation by an infrastructure administrator]
Infrastructure administrators register the obtained software information and patch information using the commands on the admin server.
This step is not necessary.
Collect patch application status information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager collects software installation and patch application statuses from each business server.
For case b, when collecting patch application status information, include a server with the latest patches already applied in the target servers as a means of verification.
Download patches
Obtain software patches through the information released by the respective software vendors and store them in the media library. Patches stored in the media library can be distributed and applied to the business servers.
Download patches [operation by an infrastructure administrator]
Infrastructure administrators obtain the latest software and patch information from sites or other information sources published by the respective software vendors.
Register patches [operation by an infrastructure administrator]
Infrastructure administrators store the obtained patches as assets in media libraries by using the command on the admin server. In addition, infrastructure administrators create configuration modification templates using the management console or the command on the admin server. In configuration modification templates, define the processes, parameters, and assets necessary for applying patches. Create configuration modification templates according to the manuals or other information provided by software vendors.
Apply patches and confirm patch application
Apply the patches that were stored in the media library.
Send latest patch release notifications by email [processing by Systemwalker Software Configuration Manager]
Tenant administrators and tenant users receive email notifications from Systemwalker Software Configuration Manager informing them that the latest patches have been released.
Send patch application requests [operation by an infrastructure administrator, tenant user, or tenant administrator]
Tenant users or tenant administrators use the management console to apply the latest patches to business servers.
Infrastructure administrators can also apply patches using the command on the admin server.
Apply patches [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager applies the specified patches to the specified business servers.
Check execution status [operation by an infrastructure administrator, tenant administrator, or tenant user]
Check the patch application statuses using the management console or the command on the admin server.
Collect patch application status information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager collects software installation and patch application statuses from each business server.
Confirm patch application
Infrastructure administrators, tenant administrators, or tenant users log in to the management console and check the patch application statuses. Infrastructure administrators can also check the patch application statuses using the command on the admin server.
Operation Flow | User Roles | Reference | |||||
|---|---|---|---|---|---|---|---|
Infrastructure Administrator | Dual-Role Administrator | Tenant Administrator | Tenant User | ||||
1 | 1 | Define collection items | Y | Y | - | - | "Collection Item Information File" in the Developer's Guide |
2 | Create software patch collection scripts | Y | Y | - | - | "Software Patch Collection Script" in the Developer's Guide | |
3 | Register information collection sources | Y | Y | - | - | "Information Collection Source Management Command" in the Developer's Guide | |
2 | 1 | Obtain the latest information | Y | Y | - | - | Refer to the information provided by the relevant software vendor. |
2 | Register the latest information | Y | Y | - | - | "Software Information Management Command" in the Developer's Guide "Patch Information Management Command" in the Developer's Guide | |
3 | Collect patch application status information | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide | |
3 | 1 | Download patches | Y | Y | - | - | Refer to the information provided by the relevant software vendor. |
2 | Register patches | Y | Y | - | - | "Asset Information Management Command" in the Reference Guide "Configuration Modification Template Information Management Command" in the Reference Guide | |
4 | 1 | Send latest patch release notifications by email | - | - | - | - | An email is sent automatically when a new patch is acquired. If email transmission fails, either an infrastructure administrator or a dual-role administrator must resend the email using the Email Resend Command as described in the Reference Guide. |
2 | Send patch application requests | Y | Y | Y | Y | "Configuration Modification Wizard" in the Operator's Guide "Configuration Modification Command" in the Reference Guide | |
3 | Apply patches | - | - | - | - | - | |
4 | Check execution status | Y | Y | Y | Y | "Job Management" in the Operator's Guide "Job Information Management Command" in the Reference Guide | |
5 | Collect patch application status information | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide | |
6 | Confirm patch application | Y | Y | Y | Y | "Patches" in the Operator's Guide "Patch Information Output Command" in the Reference Guide | |
Y: Implement the task
-: Do not implement the task
*1: Only commands can be executed.
*2: Only the management console can be operated.
