After you have used Oracle Linux Manager and kickstart to provision client systems, you must maintain these systems. For example, whenever new security errata are released, you can apply updates to protect systems, applications, and data. Oracle Linux Manager is particularly useful in this respect. When client systems register with a Oracle Linux Manager server and subscribe to software channels, Oracle Linux Manager makes the latest software packages available to the clients whenever the channels are updated.

There are countless ways to configure Oracle Linux Manager channels and maintain client systems, and almost every organization and system administrator have their own approach. When configuring a Oracle Linux Manager environment, it is helpful to plan how updates should occur. Should Oracle Linux Manager update systems automatically with the latest errata as soon as patches are released or is explicit manual control required over which errata are applied to which systems?

Oracle Linux Manager is extremely flexible and you can configure channels to meet the requirements of a variety of deployment scenarios. Oracle consultants can help your organization analyze its operational requirements and design an optimal Oracle Linux Manager configuration that meets your system security and maintenance policies.

The following are a few methods that you can use to configure channels:

• Create base and patch channels for each release from ULN.

  A common strategy for channel creation is to create a base and patch channel for each Oracle Linux release and update level and then regularly synchronizing these channels with ULN. Periodically synchronize the patch channel to pull in the most recent errata. Oracle Linux Manager offers effective mechanisms, using the web interface and the command line, to view and manage errata, including cloning errata for channels, if required.

• Create an Oracle Linux Ksplice channel.

  You can configure a Oracle Linux Manager server to mirror the Oracle Linux Ksplice channels on ULN, downloading the latest Ksplice update packages to a software channel. Using the Ksplice Offline Client software, Oracle Linux Manager clients can install kernel updates from Oracle Linux Manager server without needing to reboot and incurring downtime.

• Maintain the latest channels for applying errata to systems locked to earlier updates.

  Some organizations have application requirements or policies that require some systems to remain at a particular update level of an Oracle Linux release. For example, perhaps certain production machines must remain locked at Oracle Linux 6 Update 7. Oracle releases new errata and patches for the latest release, such as Oracle Linux 6 Update 9. If upgrading to the latest update is not feasible for these systems, Oracle strongly recommends that you apply the latest security errata to avoid compromising the security of these systems.

  One strategy is to maintain latest channels that contain the latest errata separately, usually without any client systems subscribed to these channels. You can then copy the errata and dependent packages from these latest channels to other channels such as release and update-specific patch channels if you need to make the latest fixes available.