This document describes the minimum requirements for appliances to enter into the Red Hat security patch program starting in April 2016.
The following table lists the software prerequisites for appliances to use the IBM PureData System for Analytics (PDA) OS Security release, as described in the
Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliance technote.
Appliance Model |
HPF |
FDT |
NPS |
Red Hat |
Host Management |
N100/N1001 |
HPF 5.6.0.1 |
4.3.1 (4.1.2) |
7.2.0.x (6.0.8 P16) |
5.11 (5.10) |
5.4.4.0 (use Disc 2 for RHEL 5.x) |
C1000 |
5.3.6 |
2.6.1 |
7.1.0.2-P1 or 7.2.1.x (7.2.0 GA is not supported) |
5.11 |
5.4.4.0 (use Disc 2 for RHEL 5.x) |
N2001/N2002 |
HPF 5.6.0.1 |
4.3.1 (4.1.2) |
7.0.4.1 |
6.6 (6.5) |
5.4.4.0 (use Disc 3 for RHEL 6.x) |
N3001 |
HPF 5.6.0.1 |
4.3.1 (4.1.2) |
7.2.0.4 |
6.6 (6.5) |
5.4.4.0 (use Disc 3 for RHEL 6.x) |
N3001-001 |
HPF 5.6.0.1 |
4.3.1 (4.1.2) |
7.2.0.4 |
6.6 |
5.4.4.0 (use Disc 3 for RHEL 6.x) |
Starting in April 2016, HPF 5.6.0.1 is a prerequisite for continuing in the RHEL Security Patch program. |
For appliances that cannot or that have never used the Red Hat security program updates: As described in the
Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliance technote, appliances that do not yet meet the table of software prerequisites above can upgrade to RHEL point releases that IBM makes available periodically in the IBM Host Management releases (disk 2 for RHEL 5.x, and disk 3 for RHEL 6.x). They can also install specific critical security fixes identified by IBM's Product Security and Incident Reporting Team (PSIRT) using the IBM Netezza Host Management (disk 4 for RHEL 5.x, and disk 5 for RHEL 6.x).
At any time after these appliances upgrade to the minimum releases shown in the table above, they can enter into the Red Hat security program.
For appliances entering into the Red Hat security program: Appliances that have not previously been updated with an IBM Host Management cumulative monthly update release or a weekly subscription service update are entering into the security program for the first time. These appliances must meet the software prerequisites listed in the table above. Note that the HPF minimum releases are strictly enforced:
- HPF 5.6.0.1 is required to enter the program for N100, N100x, N200x, and N300x models.
- RHEL 6.6 and HPF 5.6.0.1 are required to enter the program for N3001-001 models only.
- HPF 5.3.6: Required to enter the program for C1000 models only.
For appliances that have used the Red Hat security patch program before April 2016 and will continue to use the program after April 2016: Appliances that have been updated previously with at least one IBM Host Management cumulative monthly update release or a weekly subscription service update, and that will continue to take Red Hat security updates, require the following mandatory update steps to continue with the Red Hat security program:
- Appliances must first upgrade to the monthly cumulative update patch delivered in IBM Host Management v5.4.4.0, either disk 6 for RHEL 5.x systems or disk 7 for RHEL 6.x systems.
- Appliances must then upgrade to HPF v5.6.0.1.
These steps are required to ensure that the appliances have the latest
DRBD software and libraries that support the DRBD 8.4.4. kernel. Starting in April 2016, the IBM PureData System for Analytics (PDA) OS Security release will not install on appliances that run unsupported HPF versions.
After these steps are complete, appliances can install the IBM PureData System for Analytics (PDA) OS Security release at any time to obtain the latest available RHEL fixes. The appliance can use any of the PDA OS Security Patch releases dated April 2016 or later. Since these RHEL updates are cumulative, appliances can update to the latest PDA OS Security Patch releases to obtain all of the available fixes.
For appliances that have used the Red Hat security patch program before April 2016 and will NOT continue to use the program after April 2016: Appliances that have been updated previously with at least one IBM Host Management cumulative monthly update release or a weekly subscription service update, and that will not continue to take Red Hat security updates as part of the security patch program can move to a maintenance model. In the maintenance model, appliances can continue to upgrade to RHEL point releases and/or take critical PSIRT fixes as applicable from the IBM Host Management software bundles, but these appliances cannot install an IBM PDA OS Security Patch release until they perform the mandatory two steps to (1) upgrade to IBM Host Management v5.4.4.0 and (2) upgrade to HPF 5.6.0.1, in that order.
For appliances that are updated regularly using monthly Red Hat security patch :
Appliances that are enrolled for monthly security patch program and have been updated with latest Security patch do not have to apply IBM Host Management patch kit. The IBM Host Management Release software can be used to install critical RHEL updates as determined by IBM's Product Security and Incident Reporting Team (PSIRT). IBM Host Management release disk 4 (RHEL 5 security vulnerabilities) and disk 5 (RHEL 6 security vulnerabilities) contain only critical security fixes which are also a part of monthly security patch and thus appliance once mitigated though monthly security patch no longer need IBM Netezza Host Management patch.
Both
IBM PureData System for Analytics (PDA) OS Security release and IBM Host Management Release are available on
Fix Central.