SunSolve 7.3.0 Release, Akamai, and Vintage Solaris 8 patch access entitlement
The SunSolve 7.3.0 release was deployed to production August 11th.
It includes major changes to back-end processes designed to provide a more robust, reliable, and consistent customer experience. All patch downloads are now serviced by Akamai, which is the same process used by Sun's patch automation tools smpatch, Update Manager, UCE, and xVM Ops Center.
Firewall rules may need
to be changed to permit the access to the following systems:
The move to using Akamai to service download requests should resolve the transient "500" error issues in Squid which was impacting the reliability of patch downloads in the old SunSolve download infrastructure.
This release also removes Member Support Center (MSC) from the critical path for Solaris 8 Vintage Patch access entitlement. Prior to this release, Vintage Solaris 8 customers needed to register in MSC in order to access Vintage Solaris 8 patches (created after April 1, 2009). This was difficult for some customers who needed to undergo a contract clean-up process prior to full registration in MSC. Now, such customers can simply associate their Vintage Solaris 8 Patch Plan contract number with their Sun Online Account (SOA) using the "Change Contract" link at the top right hand corner of SunSolve pages once they have logged on. This is now sufficient to grant patch download entitlement to patches covered by any support contract, including Solaris 8 Vintage patches.
Note, customers who are registered in Member Support Center (MSC) will not see the "Change Contact" link as their contract associations are automatically handled by MSC.
For non-MSC users, to ensure access to all patches to which you are entitled,
please ensure your associate your Support Contracts with your Sun On-line
Recognition of Support Contract Changes
Support contracts naturally get renewed, upgraded, extended, or expire.
When a support contract changes - for example a new line item is added to provide support for additional products - then, for non-MSC registered users, to get this additional entitlement "recognized" quickly to enable manual download of access-entitled patches covered by this additional line item, either remove and re-add the Contract number to your Sun Online Account (SOA) using the "Change Contract" link on SunSolve while logged on or else simply log out and log back in again. Both methods will grant the additional access entitlement as long as the back-end IBIS Contract database has been updated with the modified contract information.
For Member Support Center (MSC) registered users, the contract association will be handled automatically by MSC. (BTW: A bug in the refresh of IBIS Materialized Views has now been
fixed, so delays in automate updates of contract associations by MSC
should no longer occur, once the contract amendments have been inputed
to the backend database.)
Patch access entitlement information
We will be improving the ability for customers to clearly determine what they are / are not entitled to access in the next release of SunSolve and the new PatchFinder tool (due in October).
In the meantime, when logged into SunSolve, go to the "Change Contract" link at the top right hand corner of SunSolve pages.
This will display the "Entitlement Classes" provided by the support contracts which you have currently associated with your Sun Online Account (SOA). Displaying the internal "Entitlement Class" names is not ideal and will be improved in the next release, but here's how to interpret them:
- "Public": You are entitled to access Public patches - i.e. patches which don't require a support contract to access them.
- "Solaris8VintageSoftwareUpdates": You have a
Solaris 8 Vintage Patch Service plan and are entitled to access Solaris
8 Vintage patches produced after April 1, 2009. (See previous blog
posting on the Solaris 8 Vintage Patch Service plan.)
- "Solaris8SoftwareUpdates": You are entitled to access non-Vintage Solaris 8 patches.
- "Solaris9SoftwareUpdates": You are entitled to access Solaris 9 patches.
- "Solaris10SoftwareUpdates": You are entitled to access Solaris 10 patches.
There are a couple of additional entitlement classes, some of which are historical artifacts which overlap with the above. These will be cleaned up in due course.
Did you know:
- You need a support contract to access most patches
- You must have a Solaris 8 Vintage Patch support plan in order to access Vintage Solaris 8 patches created after April 1, 2009
- A SunSpectrum support plan or a Solaris 8 Software Subscription entitles you to access non-Vintage Solaris 8, 9, and 10 patches
- A Solaris 9 Software Subscription entitles you to access Solaris 9 and 10 patches
- A Solaris 10 Software Subscription entitles you to access Solaris 10 patches
Another "did you know":
Many documents on SunSolve have a "Document Audience:" of "PUBLIC". However, in the case of patch README files, this does not necessarily mean that the patches they refer to have "public" access entitlement - i.e. that anyone can download the patch without a support contract. The README is designed to make folk aware of the existence of a patch they may need. However, they may still need to purchase a support contract in order to access the patch itself.
Using 'wget' to automate patch downloads
'wget' is a popular and efficient way to automate patch downloads. Popular patch automation tools such as 'pca' and TLP utilize 'wget' for patch downloads. Authentication is via the user's Sun Online Account (SOA), so customers should associate their support contracts to their SOA using the "Change Contract" link at the top right hand corner of SunSolve pages once they have logged on.
A version of 'wget' which support https transfers is now required in order to download patches. For example, the 'wget' version in Solaris 10 supports https transfers. To check whether the version of wget you are using is linked to SSL (to provide https support),
you can use the following command:
# wget --help.
For example, the current development releases of wget (1.12-devel) shows:
Options: +digest +ipv6 +nls +ntlm +opie +md5/openssl -gnutls
You also have to have your proxy configured to allow https connections through the proxy with the 'connect' command.
When contracts are added, renewed, or changed, MSC registered 'wget' users now need to attempt a download of a access-entitled patch (which will fail) in order to trigger a resynchronization of their contract data between the backend servers servicing the patch download request. The modified contract entitlement will then be activated within 8 hours of this initial download attempt.
See Information on using wget for http download including example download script for further information.
Solaris 2.5.1 patch access entitlement removed
Solaris 2.5.1 is past its End Of Service Life (EOSL). Access to Solaris 2.5.1 patches has therefore been removed.
Vintage Phone support, which includes access to existing patches (but no new patches will be created) is still available for Solaris 2.6 and Solaris 7 until the end of 2009, after which all access to Solaris 2.6. and Solaris 7 patches will also be removed.