Thursday, February 23, 2012

Oracle Enterprise Manager patch advisory

A lot of software companies are pushing patch advisories to there customers in the form of a popup telling them that a new patch has been released and that it would be good if they installed it. Oracle traditionally did not do that however already since one of the first releases of Oracle Enterprise Manager you can connect your Oracle Enterprise Manager installation to the My Oracle Support website and there you will get automatically information about which patches are available for you and which you can install.

For good reasons some companies do not allow their Oracle Enterprise Manager to connect with the outside world. You do connect out of your comfortable secure environment and with every link to the outside world you create potentially a security issue. Even though it is very unlikely it could potentially be a security thread and if you are hosting confidential and/or high valuable data it is your responsibility to guard this in every way possible.

The other side of the coin is that having a proper patch management strategy in place is also a very important part of your security. If you have a large estate of Oracle products it is almost not humanly possible to keep up with all the patches and patch advisories so you do want to have a automated patch advisory system. This decision has to be made in your organisation with security as one of the main questions on the table.

Above you can see a screenshot of a 11GR1 patch advisory for a database installation from An oracle manual.

The Patch Advisor in Enterprise Manager describes critical software patches for your installed Oracle products. To help ensure a secure and reliable configuration, all relevant and current critical patches should be applied.

The Patch Advisor provides support for Remedies. When you select an advisory, you can view the calculated remedies from the context of that Advisory, as well as the affected Oracle homes.

The Patch Advisor also displays a list of available patches and patch sets for your installation, along with the name of the feature that is impacted. You can choose to display only patches for features that are used by your database, or all available patches.

No comments: