A guide to patch management on IBM SmartCloud Enterprise+

Share this post:

One of a system administrator’s nightmares might be related to operating system (OS) patch management, as this activity has become crucial to keeping an IT environment secure and protected against attacks. Applying the patch itself is not the big issue. The problem is all the things that come together, like validating that the patch will not corrupt the OS or applications, or integration with IT and business processes.

Having a well-defined and standardized process is the key success factor for patching management. And this is what IBM does on IBM SmartCloud Enterprise+ (SCE+). It uses processes, tools and decades of experience to give customers the required flexibility to keep their virtual machines (VMs) equipped with the latest security patch updates. In this blog post, I will go through the main things you need to know about this process on SCE+.

A customer’s choices begin during the onboarding process to SCE+, when they choose one of the following options related to patch management:

• Should patches be deployed automatically or semi-automatically? In the first option, patches will always be applied without needing customer approval, while in the second option, customers will always be asked in advance to approve patches on the SCE+ web portal, and the patches would be set up to install in the next patch window.

• What day should the patch window be deployed in the environment? Each customer has different needs and their business will not always utilize or want the same maintenance window time. On the other side, a cloud computing managed offering such as SCE+ needs to have some level of standardization. For this reason, IBM gives customers some flexibility to choose the day patches will be applied to their VMs. The options are Tuesday, Wednesday, Thursday and Saturdays, always beginning at 10 p.m. and going up to 6 a.m.

The way patch management policy is defined in SCE+ allows customers to validate that a given patch will not cause any damage to their production VMs. During the request of a new VM on SCE+ web portal, customers can choose one of the patching windows below for each of their servers: development, test, production 1 or production 2.

By adding each server category to each respective window above, a patch will always be tested on “development” and “test” windows before it is applied to production. If anything goes wrong on development and test servers, customers can request that IBM hold the patch deployment on production using the SCE+ web portal. Besides, as two different patching window options exist for production, customers can have their application running on two or more VMs and split them accordingly, so services will not be unavailable during patch deployment.

SCE+ also provides a manual patching option for each VM, which means customers can choose a specific time (within the patching window) for a VM to have patches applied. That requires manual labor to manage and deploy the patches and for that reason, there is an additional fee. Customers can also choose “no patches” options for a VM and IBM will not apply patches to the VM and will not guarantee service level agreements (SLAs) for that VM.

Now that you know more about patch management on SCE+, look for me on Twitter so we can chat more about this and other cloud topics!

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading