Summary

We patch our Enterprise Linux (CentOS, Oracle, Red Hat) systems on a monthly basis, over a seven-day schedule.

Our patching process updates the Operating System with vendor-provided patches. In addition, patching may include updates to certain packages that we provide with the operating system, such as monitoring or backup agents.

Patching Automation and Scheduling

Given the number of Unix servers we manage and the time-consuming nature of patching, the Managed Servers has employed an automated patching system. This automation allows us greater flexibility when scheduling patch application and provides us with a mechanism for patching systems more efficiently.

You can view the patching schedule for the servers assigned to you on the Patch Scheduling page. The Area Manager and OS Contacts assigned to a particular server can modify the patching schedule.

Handling Patching Problems

Customers are expected to check their applications within one business day after patching. After that time, our ability to back-out the patch become more limited. It is advisable to schedule the patching of test systems several days before production systems to provide yourself adequate time to assure that the vendor patches have not impacted your application. In the event that you discover problems related to patching, you should contact systems-support@cornell.edu immediately.

Change Management (CIT Only)

Change Advisory Board (CCAB) announcements about patches are the responsibility of the service owner. If you determine that OS patching maintenance should be included for the CCAB process, please submit a change request via the normal means. The usual lead time for CCAB submissions is one week before the maintenance is scheduled.