IBM Endpoint Manager, Version 9.2

Patching methods

IBM BigFix offers more flexibility to the patch management solution by providing patching options that cater to your needs.

BigFix provides several different methods to manage patches for CentOS Linux Enterprise.

Patching by using the Endpoint Dependency Resolution (EDR) method

Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.

The following sites use the EDR method:

Patches for CentOS 5
Patches for CentOS 6

The EDR method uses a dependency resolution tool that requires dependencies of all of the installed packages on the system to be satisfied. To view the EDR results, see the EDR_DeploymentResults.txt file that is located in the directory <client folder>\EDRDeployData\.

With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.

When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations.

Patching by using the YUM utility

Yellow dog Updater, Modified (YUM), the default patch manager for CentOS, replaces the Endpoint Dependency Resolver (EDR) utilities that BigFix Patch for Enterprise Linux previously used. Patch Management for CentOS Linux that uses YUM applies to CentOS versions 5, 6, and 7.

Previously, the BigFix Patch for CentOS sites used a set of utilities that are called Endpoint Dependency Resolver utilities to handle package dependencies on the endpoint. YUM replaces these EDR utilities and gives you more flexibility in terms of patch deployment and providing results that are in parallel with Red Hat and CentOS solutions.

YUM is a package management tool that updates, installs, and removes Red Hat Package Manager (RPM) packages. YUM uses a command-line interface and simplifies the process of installing, uninstalling, and updating packages, provided that there is access to the YUM repository.

It is highly suggested that users start to use the CentOS Native tools sites because YUM reduces dependency issues and improves performance. There is no marked difference in how the EDR and YUM native tools sites are used when deploying patches. To use YUM, users must subscribe to the Patches for CentOS natives tool sites.

Note: The Patch Management for CentOS sites for CentOS 5 and CentOS 6 continue to use the EDR utilities, which use RPM.

YUM utility configuration settings

The BigFix Patch for CentOS sites that apply the YUM utility use Fixlet settings in /etc/yum.conf. except for the following YUM configuration settings:

cachedir
keepcache
plugins
reposdir
pluginpath
pluginconfpath
metadata_expire
installonlypkgs

Identifying file relevance with Native tools content: The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.

Patching method matrix

The following table lists the applicable sites and features for each of the patching methods that are available for managing your CentOS endpoints.

Patching method	Applicable sites	Applicable features
Endpoint Dependency Resolution (EDR)	Linux RPM Patching Patches for CentOS 5 Patches for CentOS 6	Download Plug-ins RPM Deployment Preference List
Native tools (YUM)	Patching Support Patches for CentOS 5 Native Tools Patches for CentOS 6 Native Tools Patches for CentOS 7	Download Plug-ins

Feedback