If you think Solaris patching is a complete nightmare, have a bit of spare time on your hands (don't worry, you can still check emails etc) and really want to get up speed on Sun's best practices for patching on Solaris 10, then check out the FREE Solaris 10 Patching Best Practices (WS-2700-S10) training course.

It's a little on the cheesy side and uses some pretty poor Second Life like images, but it provides some useful information on how to make your patching experience considerably easier. The main emphasis is on using Live Upgrade for all your patching and maintenance and works around 5 key points they call the "patching philosophy":

  1. Use Solaris Live Upgrade
  2. Avoid patching live systems with zones when possible (use Live Upgrade)
  3. Avoid "Dim Sum" Patching ( ie mix and matching of patches)
  4. Consistently apply Solaris 10 Best Practices
  5. Don't hesitate to seek guidance

The best practices mentioned in point 4 are:

  1. Install the latest patch and package utility patches first (SPARC: 119254 / X86: 119255)
  2. Upgrade to the latest Solaris 10 Update release during your next major maintenance window
  3. Keep as up to date as possible with the contents of the Sun Alert patch cluster in between major maintenance windows.
  4. Use Live Upgrade to patch or upgrade an inactive boot environment
  5. If you are going to use Live Upgrade to patch a system with non-global zone that are running Solaris 10 8/07 (update 4) or an earlier Solaris 10 update release, apply the Solaris 10 Live Upgrade Zones Starter Patch Bundle

... which is essentially what is detailed in the Patch Management Best Practices document on BigAdmin, which I might add has a great patching section.

Most of the course revolves around using Live Upgrade and guides you through the process of creating the boot environments, upgrading, applying patches and activating the various boot environments. If you're a little unsure about using Live Upgrade, this is a great free course to help you, and help you setup a good patching strategy at the same time. As an added bonus, there's also a section on Deferred Activation Patching and the Kernel patch.