ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
Patching
Deploying patches
• When a patch deployment is selected for a group of systems, such as a patch deployment based on
a vulnerability scan, the patch might not be applicable for all systems included in the scan. Also,
some patches selected might be missing components or updates in the VPM patch repository. These
patches are applied as applicable, but a failure message is logged for targets for which the patch
is not applicable or incomplete.
Review the patch information from the vendor for details about affected products to determine what
patches are applicable, and verify that the patch has been acquired from the patch acquisition log
to determine the cause when a patch cannot be deployed.
• Required reboots after a patching session can be deferred to coincide with an available
maintenance window. In addition, reboots can be optionally configured to display an accept or
reject prompt at each console before rebooting. HP recommends performing required reboots as
soon as possible because the status of patched systems might be unstable when a required reboot is
deferred. Applying additional patches or installing other software before a required reboot has
been performed can cause system issues.
Patching virtual machines
Virtual machines can be scanned and patched using the Vulnerability and Patch Management Pack.
However, extra time might be required and there is no coordination when the virtual hosts and virtual
machines are patched and rebooted, when necessary. HP recommends monitoring your virtual
environment when applying patches.
Patching client systems
Vulnerability scans and patch deployments complete at a much faster rate on client systems than when
performed on servers or virtual machines. In normal circumstances, Vulnerability and Patch
Management Pack tasks can be performed on many client systems at once without causing bandwidth
issues.
17