Monday, June 4, 2012

Which Way to Patch, PSU OR CPU ?!

During one of our regular patching exercise, I cam across the dilemma, whether to go for Patch Set Update or Critical Patch set Update?

following are the finding, I think, will be useful to ones, facing the same question...

As per MOS Patch Set Updates for Oracle Products [ID 854428.1] -

Oracle PSU is a new patching strategy whereby the DBA can choose only "recommended" and "proactive" patches, instead of all of the patches in a quarterly Critical Patch Update (CPU).
An Oracle PSU contains recommended bug fixes and "proactive" cumulative patches, a nice change that makes it simple for the DBA to chose to apply "priority" patches.
Also, the PSU supports Oracle's zero-downtime patching, a method for RAC databases whereby each node is patched independently with no downtime.

The PSU and CPU released each quarter contain the same security content. However, the patches employ different patching mechanisms, so customers need to choose wisely which patch satisfies their needs better.

A PSU can be applied on the CPU released at the same time or on any earlier CPU for the base release version. A PSU can be applied on any earlier PSU or the base release version. CPUs are only created on the base release version.

Once a PSU has been installed, the recommended way to get future security content is to apply subsequent PSUs. Reverting from PSU back to CPU, while possible, would require significant effort, and so is not advised.

The primary benefit of the Patch Set Updates to customers is that they can receive, in a streamlined fashion, many recommended patches needed to keep their environment secure and operating at top efficiency. This is because the non-security fixes included in each Patch Set Update are designed to address issues related to system or instance-wide outages, severe functionality issues, etc

Another benefit of the Patch Set Updates is the safety they provide to customers. Since the bundle of fixes included in each Patch Set Update is tested together; the risk of regression issues that could be introduced when each fix is applied separately by customers is greatly reduced.

What cannot be part of PSU ?
Non-security fixes that would require application or configuration changes, cause optimizer plan changes or dictionary changes, or contain architectural changes cannot be candidates for inclusion in PSUs.

So to Summarize ....

PSUs  contain CPU’s and are released every quarter (like CPU’s). 
Critical Patch Update (CPU) is a subset of the Patch Set Update (PSU). 
CPU’s are built on the base Patch Set version (e.g. whereas PSU are built on the base of the previous PSU (e.g.

A PSU can always be applied over any CPU where as applying a CPU over a PSU will roll back the PSU.  Therefore it is easy to go from CPUs to PSUs and hard to go back to CPUs  from PSUs.