5 Replies Latest reply on Jan 23, 2013 5:37 AM by Catfive Lander

    Patch Strategy?

    Catfive Lander
      Canvassing opinions and experience.

      I patch databases when there's a 'major release'. That is, I'd patch to get a database from to
      But I wouldn't patch a database from to, or or and so on, unless we were experiencing a specific bug which was known to be addressed in one of those interim patches.

      If I'm creating a new database, though, I will install the latest base release ( and bring that up to the latest possible interim level ( at the moment, IIRC), before releasing it for general use.

      Once a year, during the Christmas vacation, I'd try to bring major databases up to the latest interim patch level, just to be current, but with minimal inconvenience to users (hopefully, they're enjoying a vacation instead of trying to access the database).

      I'm basing all that on the 'if it isn't broke, usually don't fix it' principle. I believe that we have enough security around our databases (run on Unix, firewalled, minimal grants, no unnecesary Oracle features installed etc etc) that interim patching, whilst desirable in principle, isn't generally worth the downtime & risk. I'm not working in national security or defense, so I don't see a need to be paranoid about it.

      I would be interested to know what patching strategies other DBAs have designed, because I expect mine isn't what some would call 'robust' :-)
        • 1. Re: Patch Strategy?
          Salman Qureshi
          I would be interested to know what patching strategies other DBAs have designed, because I expect mine isn't what some would call 'robust'
          It depentds on a lot of factors just like you have a strategy based on your requirements. I also do almost same as you do, but, for one of my databases which is also used by our parteners, we need to install lates patches every quartely (so i go for quartely PSU) and this is requirement of audit.
          Rest of my database are not patched unless required, but, If you face any problem (suppose RAC instance reboots automaticaly), and nothing wrong found in the traces and logs, firts thing oracle support will ask you to install latest patchset.

          • 2. Re: Patch Strategy?
            Catfive Lander
            Yes, I know about Oracle Support and their delaying tactics!

            I probably could have made it clearer: I have no audit or contractual requirements to patch more frequently, though I've worked at places where the business policy was to do routine quarterly patches, too. It's in the absence of those sorts of requirements (or, put it the other way around, the presence of freedom to patch as you see fit) that I was more interested in what others have decided to do. I am talking about a production environment, a database that's accessed by a web server, and via that is accessible to the public.
            • 3. Re: Patch Strategy?
              Yes. You are right.
              It is not very easy to get downtime to apply PSU patches released every quarter.
              Anyhow PSU patches are cumulative. So whenever possible apply latest PSU to get all fixes released till date

              • 4. Re: Patch Strategy?
                What you are doing sounds perfectly reasonable to me. 'if it isn't broke, usually don't fix it' is a good rule of thumb.

                One thing I have seen done - for major patches at least - is to apply them to a test server (with a cloned image of the production database) and run it through an application test. This is mostly to find out firsthand if the big applications that are going to be running on the patched database don't spring any unpleasant surprises after the patch. During this time there will be a bit more database monitoring than usual looking for anything that looks troubling. After a month or so if everything looks ok, the patch/upgrade is scheduled for the production servers.
                • 5. Re: Patch Strategy?
                  Catfive Lander
                  Thanks Andrew. It's a relief to hear someone else say it! You read a lot of horror stories and so on about DBA's 'reluctance to patch', and feel maybe a 'good dba' patches routinely. A good article here, for example, says 'lots of DBAs don't patch', but still somehow manages to imply that it's the role of the DBA to educate the business about the importance of patching...