Best Practice 4.2 – Regularly perform patch management for software currency
Perform regular patch management to gain features, address issues, and remain compliant with governance. Consider patches at the operating system, database and SAP application layer. Understand whether your patching process will be to patch your existing servers, or provision and patch a new server. Automate patch management to reduce errors caused by manual processes, reduce the level of effort to patch and reduce the application downtime required for major SAP, database, and kernel patching.
Suggestion 4.2.1 - Implement SAP patch management procedures to regularly review SAP Security Notes and newly released patches
Consider patches at the operating system, database and SAP application layer.
-
AWS Documentation: AWS Security Bulletins
-
SAP Documentation: SAP EarlyWatch Alert
-
SAP Documentation: SAP Security News
| Operating System | Guidance |
|---|---|
| SUSE Linux Enterprise Server |
SUSE Update Advisories |
| Red Hat Enterprise Linux |
Red Hat Security
Advisories |
| Microsoft Windows |
Microsoft Security Alerts |
| Oracle Enterprise Linux |
Oracle Security
Alerts |
For further discussion on this item see [Security]: Best Practice 6.2 - Build and protect the operating system.
Suggestion 4.2.2 - Consider automated tools to align and automate patches across your SAP landscape
Tools such as AWS Systems Manager and AWS OpsWorks can assist you to align, plan, test, and deploy patching across your SAP workload. Consider an automated approach to patching to minimize effort and maintenance windows.
-
AWS Documentation: AWS Systems Manager Patch Manager
-
AWS Documentation: AWS OpsWorks
-
AWS Documentation: What is AWS OpsWorks?
-
SAP Lens [Security]: Best Practice 6.2 - Build and protect the operating system.
