What are the "Updates for * Applications Middleware" sites?

There are 2 new patch sites available for Compliance customers.

  • Updates for Linux Applications Middleware
  • Updates for Windows Applications Middleware​

I wanted to explain a bit about the sites in general and cover some frequently asked questions, especially those that differ from “Updates for Windows Applications Extended”.

What content is in the sites?

Look for the “All Items:” list in the newest patch release announcements for the sites.

Examples:

Can I deploy this content directly to my production servers?

Probably not.

You should test this content first. You should be making backups before patching. Depending on the OS / Software being patched, you may need to stop services first before installing the patches. You may even need to stop services on other endpoints before patching the database on a separate endpoint. This is something that BigFix Server Automation can help with, but it is outside of the scope of a single fixlet. That said, the content from these sites can be used within a BigFix Server Automation plan to automate a complex server patching scenario.

How do I get the sites?

If you are a Compliance customer, as a Master Operator, look to enable the sites in the License Overview dashboard in the Windows Console. This only needs to be done once per BigFix Root Server. You will then have to set which computers are subscribed to the site once the first gather has completed.

What are the supported platforms?

Updates for Windows Applications Middleware​

  • Windows Server

Only those currently receiving updates from Microsoft are intended to be supported, and only the versions of the platforms that the software vendor lists as supported. Windows Desktop is not excluded, and in many cases will work, but only experimentally.

Updates for Linux Applications Middleware

  • RHEL Family
  • Ubuntu LTS
  • SUSE

Only those Linux distros currently receiving updates are intended to be supported. In the case of Ubuntu, only long term serving (LTS) branches. Not all vendors officially support the same set of Linux distros as others, so it will vary depending on software title.

What makes the Oracle content different?

In the “Updates for Linux Applications Middleware” site there is “audit only” content for OracleDB. This content requires running a policy action to get the data about what version of OracleDB is present in order for the “audit only” content to become relevant.

These are the Tasks which should be deployed to reapply once a day to once a week:

  • Get Patch List - Oracle ASM_RAC - Linux - Preview
  • Get Patch List - Oracle Standalone DB - Linux - Preview

The oracle content will only be evaluated once every two hours to reduce impact on client evaluation loop. This is something we are considering for all of the extended / middleware content.

Will the middleware sites be available in WebUI Patch Policies?

No.

We think the complexity of patching middleware does not fit within the model of WebUI Patch Policies / Autopatch.

How do I request new software be added?

NOTE: Federal customers should contact Devaughn Rackham instead of using the Ideas Portal.

Please submit an Idea to the section currently labeled “Content” in the HCL BigFix Ideas Portal with the name of the software, the webpage you download the software from, and an example link to the actual downloaded file.

This section may be renamed from “Content” in the future.

Also, please vote on existing ones that you would like to see.

4 Likes

Hi @jgstew

The fixlet release for new patch content for Operating systems is streamlined. We are seeing the content (fixlet) appear in the BigFix console within 24 to 48 hours. What about the content for Database patches and Middleware patches?

When do the fixlet’s get released for the DB & MW patches?

How does BigFix capture the source release date for the DB & MW content?

regards

@Sagar_v_d @nishi_puthran @karthik04 @Arjity @Sujay @nikhilborle

We are moving to once every 60 days, but that is new. You will see updates coming out soon.

In some cases that value is read from the metadata in the files of the patches themselves, but in many cases for the middleware content, that date is actually set to the date the fixlet was generated. We are working to improve this over time to be more accurate, but that will also be enhanced by the more frequent updates to the content.

Hi again,
Is there any development on the DB & MW patch release schedules?
For some financial customers like Banks, Stock Exchanges the compliance norms demand patching within 30 days of Patch release by the OEM.
OEM Patch release date and fixlet release date should be within 30 days and the Fixlet should mention the Patch release date as the OEM date, else compliance reports take a beating.

@jgstew @Sagar_v_d @Sujay @swanand1216 @karthik04 @manojthathera