Overview

Core Functions

• OS patch compliance scan: The system comprehensively scans the OSs of ECSs, BMSs, and CCE instances to accurately identify missing patches, patches that are installed but still have problems, and patches that are installed and comply with existing security standards, and generates detailed scan reports. This helps you clearly understand the patch compliance statuses of each instance.
• OS patch compliance repair: Based on the scan result, non-compliant patches can be repaired. You can select the one-click repair or customize repair policy as required to automatically download, install, and configure patches. In this way, the system can fix security vulnerabilities in a timely manner and meet compliance requirements.

Advantages

• Targeted: This function is designed for a variety of mainstream resource types, such as ECSs, BMSs, and CCE instances. It is compatible with multiple OS versions and can accurately identify patch requirements of different OSs, ensuring the accuracy of scan and repair.
• High automation: The entire process from patch scan to repair is highly automated, reducing manual intervention. This not only reduces the workload of O&M personnel, but also avoids human misoperations.
• Clear compliance orientation: The core objective of this function is to meet security compliance standards. The scan and repair processes strictly comply with related security specifications, helping you pass internal security audits with ease and confidently meet external compliance standards.
• Flexible operations: Multiple repair methods are provided for you to select. You can repair multiple instances in batches or perform refined operations on a single instance to adapt to different O&M scenarios.

Benefits

• Enhanced system security: The system detects and fixes OS patch vulnerabilities in a timely manner to effectively defend against security threats such as virus attacks and malicious intrusions. This reduces the risks of attacks on servers and instances and ensures the security of service data and system resources.
• Improved compliance: This function helps you meet industry security standards and compliance requirements. In fields with strict compliance requirements, this function effectively helps you avoid penalties and risks caused by non-compliant patches.
• Reduced O&M costs: The automated scan and repair processes greatly save the time and energy for manual check and operations, improves patch management efficiency, and reduces labor costs of the O&M team.
• Service stability: Patches are installed in a timely manner to reduce faults caused by system vulnerabilities, prevent service interruption or performance deterioration, and ensure continuous and stable running of services on servers and instances.

Notes and Constraints

Currently, only servers that can access the public network are supported. You can bind an EIP or NAT gateway to perform operations in this function.

Before managing patches, ensure that the regions where the execution machines are deployed and the OSs of the execution machines are supported by the existing patch management feature, and the second-party package, on which the patch management feature is dependent on, is contained in the execution machine, and the package functions are normal. Otherwise, patches may fail to be managed.

• Table 1 lists the OSs and versions supported by the patch management feature.
• Table 2 lists the environment on which patch management depends.