Manualshelf

ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

ManualsBrandsHP ManualsSoftwareHP Vulnerability and Patch Management Flexible Server License
12345678910
Patching
1. Determine which patches to install by reviewing the scan results.
o Determine criticality of the patches to decide if patches must be deployed
promptly or if deployment can wait for the next available maintenance window.
o Vulnerability scans might indicate the need for a particular patch when a
superseding patch has already been applied. The indicated patch will be
ignored during patch deployment and listed as “not applicable” in the patch
completion event.
o Scan results might list vulnerabilities with no checkbox. This condition indicates
that a manual configuration fix is required to correct the vulnerability. Details to
perform the manual fix are listed in the vulnerability scan results.
2. Some patches might have adverse effects on your applications. Always test patches before
deploying them in a production environment to ensure that there are no negative effects.
3. If patches requiring the target system to be rebooted have been applied, and reboots were
deferred, verify the reboot status by selecting Diagnose>Vulnerability and Patch
Management>View Patch Reboot Status. Reboot systems as indicated at an appropriate time.
NOTE: Do not enable the accept/reject reboot option for servers.
4. Deploy patches and configuration fixes after a vulnerability scan has been completed by
selecting Deploy>Vulnerability and Patch Management. See the “Deploying patches and
fixes” chapter in the user guide.
Alternatively, you can deploy patches without first performing vulnerability scans.
o If you will be patching virtual machines, see the “
Patching virtual machines
section in this guide.
o If you will be patching client systems, see the “
Patching client systems” section in
this guide.
5. Validate the patches installed on target systems.
o View the VPM patch completion event in the HP SIM events list to verify that the
patch was applied. If the patch completion event does not exist, be sure the
VPM Patch Agent is installed on the target system. Validate this from the HP SIM
events list or from the target system.
o Schedule a regular patch validation task to automatically verify that patches are
appropriately installed on target systems.
o View the installed patches for a specific system by selecting Diagnose>
Vulnerability and Patch Management>View Patch Installation Status>View
Patches Installed by VPM.
8