The VisibleThread VM is built on top of Ubuntu Linux, and from time to time critical patches are made available to the operating system and its components.
Customers can choose to run their own patching program with some restrictions. Essentially we require that some critical parts of the VisibleThread architecture are 'pinned' to required supported versions. This is necessary to ensure the VisibleThread Application remains compatible with any patches or updates that may be applied to the server by your patching team.
Note: You should always ensure you have backed up/snapshotted your VisibleThread VM before applying updates as there may be unintended consequences. It is also good policy to test the updates on a test environment first.
Setting up for customer managed updates
Note: These instructions apply only to customers who are running the Ubuntu 16.04 operating system.
You can check which version of the operating system you are running by typing 'lsb_release -a' at the command line.
Before you begin you should insure that there is a file called 'preferences' located at '/etc/apt'. The file should have the following contents:
Package: postgresql* Pin: version 10* Pin-Priority: 550 Package: openssl* Pin: version 1.0.2* Pin-Priority: 550 Package: apache2 Pin: version 2.4.18* Pin-Priority: 550 Package: supervisor Pin: version 3.2* Pin-Priority: 550
Once this file is in place you can apply any updates using the Ubuntu package manager without overwriting services the VisibleThread application relies upon.
How to apply critical security updates on the Ubuntu OS
You can apply any available critical security updates to the VM from the command line using a utility script installed on the VM.
It's good practice to run these updates on a Monthly basis.