I've long been of the opinion that there should be a single generic set of Solaris recommended patches which customers are consistently recommended to install in proactive maintenance windows for issue prevention. It's something I've been working towards for quite a while.
A collaborative effort between the Software Patch Services, Enterprise Installation Standards (EIS), Sun Risk Analysis System (SRAS) - now renamed Oracle Risk Analysis Services (ORAS) - and the Explominer team in the Oracle Solaris Technical Center (TSC), has achieved this goal with the creation of the Recommended Patchset for Solaris.
Up until now, while the Solaris OS Recommended Patch Cluster was the core basis for Solaris patch recommendations, various teams tended to recommend their own favorite patches on top of this core set. This wasn't just by whim. Each team was looking at patching from a slightly different angle - for example various angles of proactive patching (issue prevention) versus reactive patching (issue correction).
The Recommended Patchset for Solaris is the result of the combined wisdom of the various teams. It is designed for proactive patching (issue prevention). The contents are generic and should be suitable for most customer configurations. You should still read the README file and follow its instructions to ensure all of the patches included are appropriate to your specific environment. You should test the patchset on a test system which closely mimics your production systems prior to deployment.
You may still legitimately be asked by support to install additional patches to fix issues specific to your environment in reactive maintenance situations (issue correction). But this should only be after due diligence to ensure that such patches are likely to fix the specific issue encountered.
The Recommended Patchset for Solaris is the new name for the Solaris OS Recommended Patch Cluster. It's available from MOS (including 'wget'), EIS, Ops Center, etc. We've changed the name to use the Oracle standard terminology "patchset". I never liked the name Solaris Patch Cluster as there was a risk of it being confused with the Solaris Cluster product to which it bears no relation. In due course other patch "clusters" and patch "bundles" are likely to transition to the name "patchset".
The install script and code word needed to invoke it (which is contained in the README file) have been renamed to reflect the name change from "cluster" to "patchset".
Customers who have installed the Solaris OS Recommended Patch Cluster may notice the additional patches included in the Recommended Patchset for Solaris the first time they install it. After that, it'll be business as usual. Many of these additional patches are already pre-applied into Solaris Update releases, so customers on later update releases should see little difference.
As before, the Recommended Patchset for Solaris will continue to be updated whenever a patch matching its inclusion criteria is released. This can happen several times a month. Just take the latest which matches your proactive maintenance window schedule.
And as before, once a quarter, the Recommended Patchset for Solaris will be archived and renamed as the Critical Patch Update in line with standard Oracle practice. (See previous blog postings.)
To create the Recommended Patchset for Solaris, we took the Solaris OS Recommended Patch Cluster and analyzed the additional Solaris patches which the Explominer team recommend be added on top of it for the monthly EIS patch baselines. Where those additional patches added real value - i.e. were of significant benefit to many customers - we added them to the recommended patch set. Where they didn't add real value, we discarded them. We then made sure that a system on which the resultant Recommended Patchset for Solaris was installed passed with a clean bill of health from the ORAS risk analysis audits.
So now, the Solaris OS patches in the EIS patch baselines will be the Recommended Patchset for Solaris with input from the Explominer and other teams included, and will be tested with ORAS. These are the patch baselines available in Ops Center. We have set up a panel of patch experts from the teams mentioned above to adjudicate on future potential additions to the Recommended Patchset for Solaris.
Previously, the criteria for including a patch in the Solaris OS Recommended Patch Cluster was quite strict: a patch had to address a Security, Data Corruption, or System Availability issue; be a patch utilities patch, or be required by the above. In future, other patches which add real value for many customers may be included - for example, a patch for a commonly used driver which delivers significant performance improvements. The goal remains the same - to include the most critical generic patches which we recommend customers install in proactive maintenance windows for issue prevention.
Additional patches outside of the patchset may still be required:
You can download the patchsets or view their Readmes directly, using the following links:
To downloads the patchsets (you must be logged into MOS):
To download the patchset Readme files (no need to be logged into MOS):
The above works for both flash and non-flash (html) MOS users. Just substitute "9" for "10" to get the Solaris 9 Recommended patchsets and Readmes.
You can also download the patchsets using 'wget' for scripted access as normal. (See previous blog postings.) For example, the download filename for Recommended Patchset for Solaris 10 SPARC is still 10_Recommended.zip.
If, like me, you like to know how to do things from first principles, here's the way to construct the search on My Oracle Support:
For Flash compatible systems (full function MOS version):
For non-Flash users (html MOS version):
MOS remembers your previous selections and they'll be shown top of each drop down menu on subsequent invocations. You can also save searches for future re-use.
I want to thank Don O'Malley, Ed Clark, Howard Mills and the EIS team, Juergen Schleich and the Explominer team, Dr. Rex Martin and the ORAS team, and Rob Hulme and Walter Fisch from the Oracle Technical Support Center (TSC) for all their work in making a single consistent Recommended Patchset for Solaris a reality.
As always, I'm interested to hear your feedback.