A rollup is a collection of hot fixes. In some cases, the rollup might contain more than just security updates, but the main focus is to address a collection of security or critical issues with a single update.
Although many patches are designed to fix an issue with a product, some patches are designed to provide additional features or enhancements to the software. This is typically performed in a full product upgrade, but in some cases a new feature is requested by a customer and needs to be implemented before the next upgrade cycle.
One of the more common reasons a patch is deployed is to fix a problem in the product. Typically, this is referred to as a bug fix, and it is meant to be a temporary fix until the next update of the product.
Because cloud resources are often interrelated, a patch to one resource often requires patches to other resources. The scope of the cloud elements to be patched includes all of the cloud resources that need to be patched to successfully deploy changes.
Keep in mind that a virtual machine (VM) is a virtual installation of an operating system. Patching VMs in the cloud can pose challenges because the cloud environment doesn’t typically include the means to patch operating systems. This is almost always a responsibility of the cloud customer.
OS patches come from the developer of the OS, and there is typically a central location where you can learn about new patches. There are also automation tools that can be used to make the process of patching a large number of systems easier.
A virtual appliance is a type of virtual machine image. The difference between a virtual appliance and a standard virtual machine is that the virtual appliance has been preconfigured to perform a specific task (or set of tasks). This makes the process of patching more difficult because both the operating system and the applications of the virtual appliance require patches on a regular basis.
Some vendors who create virtual appliances also provide patches for the appliance, but this isn’t always the case.
When an organization uses a cloud vendor to deploy its cloud infrastructure, the networking components (routers, switches, and so on) are entirely the responsibility of the cloud vendor. If, however, your organization is implementing a private cloud on-premises, patching the network components is the responsibility of your organization.
Modern network components are complex and typically include a full operating system. As with any OS, the vendor who created the network component will occasionally release patches. Typically, these vendors have patch release announcements and may even have a regular patch release cycle.
In terms of patching applications, the scope depends on the origin of the application as well as the responsibility level associated with the application. For example, if you are using a Software as a Service application, the cloud vendor or the application developer should be 100 percent responsible for patching the application. It is important to review the SLA and other contracts to verify which organization is responsible for patching.
If the application is not SaaS, it is likely the cloud customer’s responsibility to patch. This patch may be performed manually or via an automation tool.