Home
Patch User Guides
BigFix Patch provides an automated, simplified patching process that is administered from a single console.
Patch for SUSE Linux Enterprise User's Guide
BigFix Patch for SUSE Linux Enterprise provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all SUSE Linux endpoints.
Overview
The BigFix Patch solution, which includes deploying a multi-purpose, lightweight agent to all endpoint devices, supports a wide variety of device types ranging from workstations and servers to mobile and point-of-sale (POS) devices.
Patching method
BigFix offers more flexibility to the patch management solution by using native tools.

Patch User Guides
BigFix Patch provides an automated, simplified patching process that is administered from a single console.
- Patch for Windows User's Guide
  BigFix Patch for Windows™ provides Fixlets for Microsoft™ security and non-security patches. Dashboards, wizards, and reports aid you in managing updates for various endpoint devices.
- Patch for AIX User's Guide
  BigFix® for Patch for AIX® provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility, and enforcement to deploy and manage patches to all AIX endpoints.
- Patch for Red Hat Enterprise Linux User's Guide
  BigFix Patch for Red Hat Enterprise Linux provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility, and enforcement to deploy and manage patches to all Red Hat Enterprise Linux endpoints.
- Patch for CentOS Linux User's Guide
  BigFix® Patch for CentOS Linux™ provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all CentOs endpoints.
- Patch for Amazon Linux User's Guide
  BigFix® Patch for Amazon Linux™ provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Amazon Linux endpoints.
- Patch for SUSE Linux Enterprise User's Guide
  BigFix Patch for SUSE Linux Enterprise provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all SUSE Linux endpoints.
  - Overview
    The BigFix Patch solution, which includes deploying a multi-purpose, lightweight agent to all endpoint devices, supports a wide variety of device types ranging from workstations and servers to mobile and point-of-sale (POS) devices.
    - What's new in this update release
      This release of BigFix Patch for SUSE Linux™ Enterprise provides extended support to include SUSE Linux Enterprise Server 12 on IBM PowerPC 64-bit Little Endian (LE).
    - Supported platforms and updates
      BigFix Patch supports a wide range of SUSE Linux Enterprise platforms and updates.
    - Supported Novell repositories
      BigFix Patch for SUSE Linux Enterprise supports the packages in several Novell repositories.
    - Site subscription
      Sites are collections of Fixlet messages that are created internally by you, by HCL, or by vendors.
    - Patching method
      BigFix offers more flexibility to the patch management solution by using native tools.
  - Using the download plug-in
    The download plug-in is an executable program that downloads relevant packages directly from the patch vendor. Fixlets use an internal protocol to communicate with the download plug-in to download files. These Fixlets are based on updates made by the vendor.
  - Using the download cacher
    The download cacher is a standalone command-line tool that is designed to download and cache files required for caching. The pre-cached files can be used by the download plug-in to patch the endpoints.
  - Using BigFix Patch for SUSE Linux Enterprise
    BigFix Patch provides a simplified patching process for downloading and installing patches that are relevant to a target endpoint. Use the Fixlets on the Patching Support and the various Patches for SUSE Linux Enterprise Fixlet sites to apply patches to your deployment.
  - Multiple-Package Baseline Installation
    BigFix Patch provides a solution to combine the installation of updates for multiple packages in a baseline into a single task, which can reduce the execution time of the baseline.
  - Custom repositories management
    You can set up your custom repositories and Subscription Management Tool (SMT) to manage patches for SUSE Linux Enterprise version 11 and later. This solution allows for multiple repositories and SMTs on the entire deployment.
  - SLE Btrfs snapshot management
    View and manage SLE Btrfs snapshots from the BigFix console. Snapshot management uses Snapper's ability to roll back Btrfs file system snapshots. This feature works with SUSE Linux Enterprise version 11 SP2 and later.
  - Troubleshooting
    When problems occur, you can determine what went wrong by viewing messages in the appropriate log files that provide information about how to correct errors.
  - Frequently asked questions
    To better understand Patch Management for SUSE Linux™ Enterprise, read the following questions and answers.
- Patch for Ubuntu User's Guide
  BigFix Patch for Ubuntu provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Ubuntu endpoints.
- Patch for Oracle Linux User's Guide
  BigFix® Patches for Oracle Linux provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Oracle Linux endpoints.
- Patch for Solaris User's Guide
  BigFix Patch for Solaris provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Solaris endpoints.
- Patch for HP-UX User's Guide
  BigFix® for Patch for HP-UX provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all HP-UX endpoints.
- Patch for Mac OS X User's Guide
  BigFix® for Patch for Mac OS X provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Mac OS X endpoints.
- Patch for Debian User's Guide
  BigFix Patch for Debian provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Debian endpoints.
- Patch for VMware ESXi User's Guide
  BigFix Patch for VMware ESXi provides you unified, near real-time visibility to manage patches to all VMware ESXi endpoints from a single console.
- Patch for Raspbian User's Guide
  BigFix Patch for Raspbian provides Fixlets that you use to manage the latest updates and service packs that Raspberry Pi releases. These Fixlets are available through the Patches for Raspbian sites.
- Patch for Rocky Linux User's Guide
  BigFix Patch for Rocky Linux provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Rocky Linux endpoints.
- Patch for Virtual Endpoint Manager User's Guide
  BigFix® for Virtual Endpoint Manager provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches in a virtual environment.
- Updates for Middleware Applications
  Middleware patching is an important process for organizations to ensure their systems are secure and up to date. By applying the appropriate patches and security updates, organizations can minimize the risk of malicious attacks and potential data loss. BigFix users can enjoy unified patch management by using a single platform for deploying database and middleware patches.
- Supersedence for Non-Windows
  This topic describes how supersedence works in Patch.

Patching method

BigFix offers more flexibility to the patch management solution by using native tools.

The Fixlets for all SUSE content use zypper, the default package manager for SUSE Linux Enterprise. Zypper gives you more flexibility in terms of patch deployment and in providing results that are suitable for SUSE Linux Enterprise solutions. It uses a command-line interface and simplifies the process of installing, uninstalling, updating, and querying software packages. It is based on ZYpp, also known as libzypp. For more information about Zypper, see the documentation at http://www.suse.com or see the Novell Support website at https://www.novell.com/support/.

Zypper reduces dependency issues, improves performance, and is more reliable in terms of installing security patches. This method also allows you to use custom repositories for patching. For more information about custom repository support, see Custom repositories management.

The Zypper approach is introduced to replace the EDR utilities that Patch Management for SUSE Linux Enterprise previously used. The following native tools sites are available for you to use:

Patches for SLE 15
Patches for SLE 15 on System z
Patches for SLE 15 PPC64LE
Patches for SLE 12 Native Tools
Patches for SLE 12 on System z
Patches for SLE 12 PPC64LE
Patches for SLE 11 Native Tools
Patches for SLE 11 on System z Native Tools

Zypper utility configuration settings

The native tools sites use all the settings in /etc/zypp/zypp.conf.

The following Zypper configuration settings are set to values that come from another file, which is dynamically created during Fixlet execution:

cachedir
configdir
metadatadir
packagesdir
reposdir
repo.add.probe
repo.refresh.delay
solvfilesdir

Identifying file relevance with Native tools content: The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.