Fusion Applications Technology Patches

As we know, Fusion Applications is based on the Oracle Fusion middleware technology so when we talk about Fusion Applications technology patches, we will essentially look at Fusion middleware and database-related patches. Every new release of Fusion Applications also includes essential middleware and database patches. Depending on the specific issue with the Fusion Applications technology stack you may find one-off patches for Fusion middleware or database and these patches can be applied on the individual middleware product home.

In addition to one-off patches, Oracle releases Critical Update Patches (CPU) for every product every three months. These patches include recommended vulnerability fixes in addition to other mandatory patches. Critical Patch Updates are released on the Tuesday closest to the 17th day of January, April, July, or October. The following are the example dates for CPUs. Since CPUs are cumulative in nature, you can download the latest CPU for any middleware or database product and it will include all the previous fixes for the selected product.

• 14 April 2015

• 14 July 2015

• 20 October 2015

• 19 January 2016

Although Fusion middleware CPUs can be applied on any installation of Fusion middleware, Oracle releases special patches named P4FA (Patches for Fusion Applications) built on the Fusion middleware stack. These patches are released as a bundle that includes cumulative FMW Critical Patch Updates as well as other fixes tested for the Fusion Applications platform. P4FA patch bundles include middleware products like WebLogic, WebCenter, Identity Management, ADF, BI, SOA, and so on, as well as important database-related patches. It is recommended that you apply P4FA patches instead of regular middleware CPUs for Fusion Applications unless they are specifically required to resolve any urgent issue related to the applications technology stack. P4FA patches are released every month and are cumulative in nature, so you can download the latest P4FA patch and skip any previous missed FMW CPU or P4FA patches.

Fusion Applications Functional Patches

Similar to the technology stack patches, you may also need to apply one-off patches for resolving application-specific functional issues. These patches contain application files and/or database scripts for one or more product families or individual products and address a specific issue.

In addition to one-off functional patches, Oracle releases AOO (aggregated one-off) patches on a weekly basis and include existing one-off patches. Apart from aggregate one-offs, Oracle also releases functional patch bundles every month, which include all the AOOs. Unless you have a critical issue and you cannot wait for the patch bundle, you should always apply patch bundles for each product family.

Patches for Oracle Middleware Extensions for Fusion Applications

Since the Fusion Applications functional patches address issues specific to Fusion Applications product families, the middleware extensions for Fusion Applications that are located outside of the Fusion Applications home are not included in these functional patches. The patches for the Oracle middleware extensions include Applications core functional and database artifacts and are released in a similar package as Oracle E-Business Suite patches. They can be applied using the traditional AutoPatch utility. We will look at the patching methods of each of these patch types in the next section.

Note that the P4FA patches also include Applications core patches and soon we will see how the patching utilities are aware of each types of patches included in the bundle and deploy individual utilities for each of the included patches.

OPatch

OPatch is the most commonly known patching utility that we have already discussed earlier for database and middleware technology stack patching. OPatch is used to apply one-offs, critical patch updates, and bundle patches for database and Fusion middleware patches. You must use the recommended version of the OPatch utility for applying the patch. You must also set the appropriate product home directory before applying OPatch, since the same utility is used by multiple product families.

AutoPatch

If you have worked as an administrator for products like Oracle E-Business Suite then you may already be familiar with the AutoPatch utility, which is used to apply most of the application functional patches. In Fusion Applications, you do not manually use AutoPatch for applying regular functional patches. The next utility that we will discuss will invoke AutoPatch automatically based on the patch requirement. However, when you are applying patches for middleware extensions for Fusion Applications or for the Functional Setup Manager then you may need to run AutoPatch manually to apply those specific patches.

Fusion Applications Patch Manager

The Fusion Applications Patch Manager (fapmgr ) is a specialized tool that applies Fusion Applications related functional patches. This tool acts as a wrapper for the traditional AutoPatch utility and provides much more advanced control and management functionalities for seamless application of Fusion Applications patches. As discussed earlier, despite the complex architecture of Oracle Fusion Applications, this utility makes it easy to patch and maintain the Applications environment with the help of extensive validation and reporting capabilities.

The FASPOT Utility (Fusion Applications Smart Patch Orchestration Tool)

With the recent release of P4FA bundle patches, Oracle provides a specialized utility named FASPOT (Fusion Applications Smart Patch Orchestration Tool), which completely simplifies patching of all Fusion middleware components included in the P4FA bundle. This utility eliminates the need of manually applying CPUs for each middleware component, which is otherwise a highly error-prone activity due to the volume of patches to be applied as well as the number of middleware and database components involved in patching. The FASPOT utility is aware of the Fusion middleware components for Fusion Applications as well as Identity Management tiers. At this moment, FASPOT does not support RDBMS patches, so the included RDBMS patches need to be applied prior to starting the FASPOT utility.

Oracle Identity Management Patch Manager

The Oracle Identity Management Patch Manager is another tool to simplify patching of all products within Identity Management. Identity Management Patch Manager ( idmpatchmgr ) and Identity Management Patch Manager ( idmpatch ) are tools included in the Identity Management patching framework and they allow patch application on multiple nodes with capabilities to run pre- and post-patching steps, start and stop of services, and minimizing overall downtime required for Identity Management components patching. This tool is automatically installed while provisioning the Identity Management environment using the Identity Management Provisioning wizard.

Figure 16-1 shows a summary of all the patching methods for each component of a Fusion Applications environment as discussed. Depending on the component type as well as the patch type, you need to decide the appropriate patching method to be selected.

Figure 16-1. Patching methods for the Fusion Applications environment components

Downloading P4FA Patches

The first step is to identify, locate, and download the latest P4FA patch. As discussed earlier, each P4FA patch is cumulative in nature and includes all the fixes included in the previous P4FA bundles, so you need to download the latest patch only. In order to download the patches, log in to the Oracle Support portal and navigate to the Patches tab. Figure 16-5 shows the Patch Search screen. Let’s explore how to locate a P4FA patch bundle using this screen.

Figure 16-5. Searching for the Fusion Applications technology patch bundles (P4FA)

In the Patch Search screen, click on the Product or Family (Advanced) tab to search based on product family, platform, and so on. As shown in Figure 16-5, enter the Fusion Applications Technology Patches as the product, the version of your Fusion Apps instance, the required platform (Linux x84-64 for example), and then click Search. Figure 16-6 shows the search results based on this query. Note that you may get different results based on the latest P4FA patches at the time of search.

Figure 16-6. Selecting the latest P4FA patch

In the Patch Search Results screen, you may see more than one P4FA patch applicable to your environment. The patch description may be in the following format.

P4FA for REL <Release> ONEOFFFS SYSTEM PATCH <version>.<patch_creation_date(YYMMDD)>

For example:

P4FA for REL 9.2 ONEOFFFS SYSTEM PATCH 11.1.9.2.150404

Note that the date shown is the patch creation date, not the release date, so you may see a difference here. As you can see in Figure 16-6, we have P4FA patches released in February, March, and April so we will download the April patch only. The P4FA patches come in multiple parts, so you need to download all the parts and extract them into a single directory.

Setting Up the FASPOT Utility

Since the FASPOT utility needs to be applied on all IDMs as well as on the FA nodes with the Fusion middleware components, you must create the patch staging area on a shared location. This location could temporarily be created and moved later if security is a concern. In this example we have created a shared location at /FA_PATCH_STAGE and all required P4FA patches are going to be created in the rel92_patches directory under the staging directory. Since the P4FA patch bundle includes all required patches in ZIP format in each product directory, we must allocate a patch work area under the shared staging directory where the FASPOT utility can extract the patches before applying to the respective product homes.

[root@idmhost ∼]# mkdir -p /FA_PATCH_STAGE/rel92_patches

[root@idmhost ∼]# mkdir /FA_PATCH_STAGE /WORK

Assign ownership of the patch stage directory to the Fusion middleware owner user.

[root@idmhost ∼]# chown -R fusion:dba /FA_PATCH_STAGE

Now locate the FASPOT utility ZIP file under patches4fa/dist in the extracted patch directory. Extract the FASPOT utility under the /FA_PATCH_STAGE directory or whichever shared location you want. Now we need to create the environment property file (faspot.properties) manually so that the utility is aware of the IDM and FMW environment for the Fusion Applications instance. Let’s make a backup of the existing sample file first.

[fusion@idmhost ∼]$ cd /FA_PATCH_STAGE/FASPOT/env/

[fusion@idmhost env]$ cp -pr faspot.properties faspot.properties.bak

Although this file requires quite a lot of parameters to be set and a small mistake may lead to having to rerun through all of the preparation steps, let me give you some pointers to the parameters to be looked at in general. However, it is strongly recommend that you make sure no other parameters are left out based on the current version of the FASPOT utility at the time you are applying the patch. Let’s first confirm the changes in faspot.properties file related to the patching utility.

[fusion@idmhost env]$ grep PATCH faspot.properties

#PATCH_DOWNLOAD_DIR should contain the following folders

PATCH_DOWNLOAD_DIR=/FA_PATCH_STAGE/rel92_patches/11.1.9.2.150404/20904765/patches4fa/dist

PATCH_WORK_DIR=/FA_PATCH_STAGE/WORK

ATGPF_ADPATCH_WORKERS=4

Now make sure all URLs are updated and confirm the complete list with the following command.

[fusion@idmhost env]$ grep URL faspot.properties

Next make sure all the required passwords are set correctly. Look for the PASS string only since some parameters have PASSWD while others have PASSWORD in the parameter names.

[fusion@idmhost env]$ grep PASS faspot.properties

Next make sure that the hostnames for the IDM and FMW components are set correctly.

[fusion@idmhost env]$ grep HOST faspot.properties

Make sure the path for each component home directory is set correctly.

[fusion@idmhost env]$ grep HOME faspot.properties

Make sure all required domains are included since the sample file may not have all the domains as per your provisioned environment.

[fusion@idmhost env]$ grep DOMAIN_HOME faspot.properties

Next, confirm that the required database-related properties are set correctly. This includes IDM, OID, and FA databases.

[fusion@idmhost env]$ grep DB faspot.properties

Finally, make sure all the required port values for each component is set as per your environment.

[fusion@idmhost env]$ grep port faspot.properties

Preparing the Patch Stage Directory

The next step is to create the Patch Stage and Work Area directories. Instead of manually unzipping all patches for each product, you can use the prepare-patch-stage target of the FASPOT utility to seamlessly prepare the patch as well as the prepatch directories in the work area. Since the FASPOT utility is currently available on the Linux/Unix platform only, all references to FASTPOT effectively refer to the faspot.sh script.

Let’s invoke the faspot.sh script to prepare the patch stage directory first. Note that you may need to change the directory to the location where you extracted the FASPOT utility. You can change the log filename to any desired format. Here we are using <target-name>.log for ease of understanding. Since the actual script output may be quite lengthy, we show truncated output that lists only the important messages that need to be noticed.

[fusion@idmhost ∼]$ cd /FA_PATCH_STAGE/FASPOT/

[fusion@fahost FASPOT]$ ./faspot.sh -Dlogfile=prepare-patch-stage.log prepare-patch-stage

Buildfile: FA_PATCH_STAGE/FASPOT/build.xml

prepare-patch-stage-pre-check:

[echo] The required files for prepare-patch-stage are present in the /FA_PATCH_STAGE/rel92_patches/11.1.9.2.150404/20904765/patches4fa/dist

prepare-patch-stage:

[move] Moving 1 file to FA_PATCH_STAGE/FASPOT/env

[move] Moving 1 file to FA_PATCH_STAGE/FASPOT/env

[echo] **********PATCH_WORK_DIR**** - [/FA_PATCH_STAGE/WORK]

clean-up:

[echo] Cleaning up DIR - [/FA_PATCH_STAGE/WORK]

[delete] Deleting directory /FA_PATCH_STAGE/WORK

[echo] Creating Fresh DIR - [/FA_PATCH_STAGE/WORK]

[mkdir] Created dir: /FA_PATCH_STAGE/WORK

[echo] STARTED : Copying patches to /FA_PATCH_STAGE/WORK

p4fa-copy:

[echo] Processing P4FA Patches

[copy] Copying 158 files to /FA_PATCH_STAGE/WORK

patch-unzip:

[delete] Deleting: /FA_PATCH_STAGE/WORK/prepatch/atgpf/generic/install_ps6_16928612.zip

chmod-dir:

[echo] STARTED : Changing permissions(775) of files and directories under /FA_PATCH_STAGE/WORK/prepatch/atgpf/generic

[echo] COMPLETED : Changing permissions(775) of files and directories under /FA_PATCH_STAGE/WORK/prepatch/atgpf/generic

[echo] One-off Patches are extracted in /FA_PATCH_STAGE/WORK/prepatch/atgpf/generic

...

...

prepare-patch-stage-post-check:

[echo] The required files for prepare-patch-stage are present in the /FA_PATCH_STAGE/WORK

BUILD SUCCESSFUL

Total time: 40 minutes 18 seconds

As you can see from this output, the faspot.sh utility copies the patches from the rel92oneoffs directory to the work area in prepatch as well as individual patches in the work directory. Then it proceeds to unzip the patches and deletes the ZIP files from the work directory (PATCH_WORK_DIR). At the end of this step, the required patches for the FASPOT utility are present in the work directory. The patch download directory (PATCH_DOWNLOAD_DIRECTORY) is no longer referenced.

Preparing the Local Environment Configuration

The next step in the preparation phase is to prepare the local environment configuration that populates product-specific property files for each product’s subdirectories in the env directory of the FASPOT utility. Note that the required product subdirectories are present in the FASPOT/config directory even before this step and they include the properties file template. Once you run the prepare-local-env target using the FASPOT utility, it populates the <product>-env.properties file for each of the middleware products using the parameters specified earlier in the faspot.properties file. Note that any changes in the faspot.properties file from this point onward are not reflected in the configuration directory. They are therefore not effective in any further FASPOT patching activities. So if you find any incorrect information in the faspot.properties file, you must rerun this step in order to populate the product-specific properties files.

[fusion@fahost FASPOT]$ ./faspot.sh -Dlogfile=prepare-local-env.log prepare-local-env

Buildfile: FA_PATCH_STAGE/FASPOT/build.xml

prepare-local-env-pre-check:

[echo] The required files for prepare-local-env are present in the /stage/WORK

prepare-local-env:

[echo] STARTED : Creating FA_PATCH_STAGE/FASPOT/patch_log_dir

create-patchlogdir:

clean-up:

[echo] Cleaning up DIR - [FA_PATCH_STAGE/FASPOT/patch_log_dir]

[echo] Creating Fresh DIR - [FA_PATCH_STAGE/FASPOT/patch_log_dir]

[mkdir] Created dir: FA_PATCH_STAGE/FASPOT/patch_log_dir

...

...

[copy] Copying 4128 files to FA_PATCH_STAGE/FASPOT/patch_log_dir

[copy] Copied 10169 empty directories to 6825 empty directories under FA_PATCH_STAGE/FASPOT/patch_log_dir

[copy] Copying 27 files to FA_PATCH_STAGE/FASPOT/patch_log_dir

...

...

[echo] SUCCESS : NO FAILURES FOUND IN TARGET LOG FILES00

[touch] Creating FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/prepare-local-env.log-fahost.suc

prepare-local-env-post-check:

[echo] The required files for prepare-patch-stage are present in the FA_PATCH_STAGE/FASPOT/patch_log_dir

BUILD SUCCESSFUL

Total time: 5 minutes 12 seconds

As you may notice, patch_log_dir also gets created at this stage. We have seen this directory while discussing the FASPOT directory structure. By default, this directory is not available in the shipped directory structure but gets created at this stage.

Applying Database Patches

Before proceeding to the IDM or FMW patches application, you must manually apply RDBMS patches using the latest version of OPatch, which is also included in the rdbms directory. You need to apply all the required generic or platform-specific patches, including the one-offs as well as the PSU (Patch Set Update) patches. Since the database patching requires setting the RDBMS Oracle home and applying patches using OPatch in the same way as you saw in Chapter 4 during database preparation for Fusion Applications installation, this does not require any further explanation here.

Running the Prerequisites Check

Before applying patches on the IDM or FMW nodes, you must run a prerequisites check on all the nodes in order to detect any conflicts or incorrect information in the properties file. This gives you an opportunity to fix the faspot.properties file and rerun the local environment step.

Applying Identity Management Patches

In order to apply Identity Management patches, you must make sure that the application and web tier are shut down while database should have already been started after RDBMS patching. We can also apply IDM and FMW patches in parallel but if the patches are relatively small and sufficient downtime is available, it is better to apply the patches one-by-one in order to make sure each phase completes without any issues. This also leaves enough room for troubleshooting patches on one server instead of focusing on multiple servers at the same time.

Execute the following command to run the idm-patch-apply target on the IDM hosts. The script output is truncated here to display major milestones only.

[fusion@fahost FASPOT]$ ./faspot.sh -Dlogfile=idm-patch-apply.log idm-patch-apply

Buildfile: /mnt/hgfs/FA_PATCH_STAGE/FASPOT/build.xml

idm-patch-apply:

[echo] STARTED : Performing patch pre-reqcheck for IDM components

idm-prereq-check:

[echo] Directory path validations...

dirpath-check-list:

[echo] Performing dirpath check for oid

[echo] Valid Host. Continue Dir Path check execution

dirpath-prereq-check:

[echo] Performing directory path check for /app/oracle/products/dir/oid...

[echo] SUCCESSFUL : Directory Path DIR_PATH=/app/oracle/products/dir/oid existing for oid component

...

...

oid-patch-apply:

opatch.check:

[echo] Opatch exists = true

napply:

[echo] Applying using napply /app/oracle/products/dir/oid

[echo] Applying PATCHES in /stage/WORK/label-patches/pltsec/linux64

[echo] Applying PATCHES in /stage/WORK/label-patches/pltsec/linux64 is completed

[echo]

[echo] Checking the APPLY PATCH STATUS in log file

[echo] APPLY PATCH SUCCESSFUL

[echo] OID_LINUX64_STATUS - 0

...

...

check-string-in-file:

[copy] Copying 1 file to /mnt/hgfs/FA_PATCH_STAGE/FASPOT/patch_log_dir/logs/failure

[echo] SUCCESS : NO FAILURES FOUND IN TARGET LOG FILES

[touch] Creating /mnt/hgfs/FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/idm-patch-apply.log-idmhost.suc

BUILD SUCCESSFUL

Total time: 32 minutes 28 seconds

Once the overall IDM patches application is successful, the tool will create a flag file named idm-patch-apply.log-<hostname>.suc to indicate successful completion. You must fix all the issues in patching before moving to the post-steps execution.

Applying Fusion Middleware Patches

The process of applying Fusion middleware patches using the FASPOT utility is identical to the one you saw seen while applying IDM patches. The build target name for applying FMW patches is fmw-patch-apply. Run the following command on the FMW hosts in order to apply patches to the middleware homes on the current host.

[fusion@fahost FASPOT]$ ./faspot.sh -Dlogfile=fmw-patch-apply.log fmw-patch-apply

Buildfile: FA_PATCH_STAGE/FASPOT/build.xml

fmw-patch-apply:

smartclone-check:

[echo] SC_ENABLED_STATE - REGULAR_POD

[echo] SC_ENABLED_STATE - REGULAR_POD

[echo] STARTED : Performing patch pre-reqcheck for FMW components

fmw-prereq-check:

[echo] Directory path validations...

dirpath-check-list:

[echo] Performing dirpath check for atgpf

[echo] Valid Host. Continue Dir Path check execution

dirpath-prereq-check:

[echo] Performing directory path check for /app/oracle/fusionapps/atgpf...

[echo] SUCCESSFUL : Directory Path DIR_PATH=/app/oracle/fusionapps/atgpf existing for atgpf component

...

...

p4fa-label-apply:

check-string-in-file:

[copy] Copying 1 file to FA_PATCH_STAGE/FASPOT/patch_log_dir/logs

check-string-in-file:

[copy] Copying 1 file to FA_PATCH_STAGE/FASPOT/patch_log_dir/logs/failure

load-pfcore:

[echo] Loading of pfcore-env.properties

[echo] ORACLE_HOME - /app/oracle/fusionapps/applications

host.check:

[echo] Current Hostname is : fahost.paramlabs.com

[echo] Component target Hostname is : fahost.paramlabs.com

[echo] Validating host before component target execution

[echo] Valid Host. Continue executing component target

fmw-apply-label:

...

...

check-string-in-file:

[copy] Copying 1 file to FA_PATCH_STAGE/FASPOT/patch_log_dir/logs/failure

[echo] SUCCESS : NO FAILURES FOUND IN TARGET LOG FILES

[touch] Creating FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/fmw-patch-apply.log-fahost.suc

BUILD SUCCESSFUL

Total time: 7 minutes 31 seconds

Move on to the post-steps execution only once the FMW patches are applied successfully and the success flag called fmw-patch-apply.log-<hostname>.suc is created.

Applying Identity Management Patches Post-Steps

If you have applied Fusion middleware patches manually, you would know that the process of identifying and applying manual post steps from a large number of patches is tiresome and error-prone. With the FASPOT utility, you need to run a build target named idm-patch-postinstall in order to apply all required post-install steps for the patches that have been applied on the IDM nodes. Run the following command to apply post-patching steps on the IDM hosts.

[fusion@idmhost FASPOT]$ ./faspot.sh -Dlogfile=idm-patch-postinstall.log

idm-patch-postinstall

Buildfile: /mnt/hgfs/FA_PATCH_STAGE/FASPOT/build.xml

idm-patch-postinstall:

[echo]

[echo] #######################################################

[echo] STARTED : Performing Post Install redeployment actions for OID Components

load-oid:

[echo] Loading of oid-env.properties

host.check:

[echo] Current Hostname is : idmhost.paramlabs.com

[echo] Component target Hostname is : idmhost.paramlabs.com

[echo] Validating host before component target execution

[echo] Valid Host. Continue executing component target

...

...

check-string-in-file:

[copy] Copying 1 file to /mnt/hgfs/FA_PATCH_STAGE/FASPOT/patch_log_dir/logs/failure

[echo] SUCCESS : NO FAILURES FOUND IN TARGET LOG FILES

[delete] Deleting: /mnt/hgfs/FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/idm-patch-postinstall.log-idmhost.dif

[touch] Creating /mnt/hgfs/FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/idm-patch-postinstall.log-idmhost.suc

BUILD SUCCESSFUL

Total time: 1 minute 52 seconds

The post-steps may complete fairly quickly. Once the execution status is successful and the completion flag file idm-patch-postinstall.log-<hostname>.suc is created, proceed to the FMW post-patching steps.

Applying Fusion Middleware Patches Post-Steps

The last step in applying the P4FA patch bundle using the FASPOT utility is to apply Fusion middleware post-patching steps. The target name to execute is fmw-patch-postinstall. Run the following command on Fusion Applications nodes to apply the included patches specific to the middleware homes.

[fusion@fahost FASPOT]$ ./faspot.sh -Dlogfile=fmw-patch-postinstall.log fmw-patch-postinstall

Buildfile: FA_PATCH_STAGE/FASPOT/build.xml

fmw-patch-postinstall:

[echo]

[echo] #######################################################

[echo] STARTED : Performing Post Install and Redeployment actions for FMW Components

load-pfcore:

[echo] Loading of pfcore-env.properties

[echo] ORACLE_HOME - /app/oracle/fusionapps/applications

host.check:

[echo] Current Hostname is : fahost.paramlabs.com

[echo] Component target Hostname is : fahost.paramlabs.com

[echo] Validating host before component target execution

[echo] Valid Host. Continue executing component target

pfcore-patch-postinstall:

smartclone-check:

[echo] SC_ENABLED_STATE - REGULAR_POD

[echo] SC_ENABLED_STATE - REGULAR_POD

[echo] Executing PFCORE Post Patch Steps - Configure

[echo] Executing PFCORE Post Patch Steps - Bootstrap

[echo] Execution of PFCORE Post Patch Steps was SUCCESSFUL

...

...

check-string-in-file:

[copy] Copying 1 file to FA_PATCH_STAGE/FASPOT/patch_log_dir/logs/failure

[echo] SUCCESS : NO FAILURES FOUND IN TARGET LOG FILES

[touch] Creating FA_PATCH_STAGE/FASPOT/patch_log_dir/audit_status_logs/logs/fmw-patch-postinstall.log-fahost.suc

BUILD SUCCESSFUL

Total time: 11 minutes 58 seconds

Once the Fusion middleware post-patching steps are completed successfully and the success flag fmw-patch-postinstall.log-fahost.suc has been created, the FASPOT patching process is complete. Now you can do a smoke test of application functionality and the issues that are expected to be resolved before releasing the environment to the users.

Preparing Fusion Applications Environment File

Before applying Applications patches we must first source the Fusion Applications environment file to set all the required OS environment variables. The default location for the environment file is $APPL_TOP/lcm/ad/bin/APPSORA.env. Let’s first determine whether the file exists.

[fusion@fahost ∼]$ cd /app/oracle/fusionapps/applications/lcm/ad/bin/

[fusion@fahost bin]$ ls -l APPSORA.env

ls: APPSORA.env: No such file or directory

If the file does not exist, you can create it manually using the adsetenv.sh script in the same directory so that you can use it in future.

[fusion@fahost bin]$ ./adsetenv.sh

Successfully created: APPSORA.env

adsetenv succeeded.

Now you can confirm that the file has been created.

[fusion@fahost bin]$ ls -l APPSORA.env

-rw-r--r-- 1 fusion dba 4420 Apr 15 22:59 APPSORA.env

Let’s source this file to set the environment variables. Add the following line to the Fusion user’s OS profile (for example, .bash_profile) to source it every time the user logs in.

[fusion@fahost bin]$ ./app/oracle/fusionapps/applications/lcm/ad/bin/APPSORA.env

We can test whether the variables have been set correctly. For example:

[fusion@fahost bin]$ env | grep APPL_TOP

APPL_TOP=/app/oracle/fusionapps/applications

APPL_TOP_NAME=FUSION

Running Pre-Patch Reports

Fusion Applications Patch Manager provides a number of reporting features, including listing all applied patches, looking for specific patch, specific components, as well as running Patch Impact Reports. Here we will look at pre-patch reports that are mainly required to understand whether the required patches are already applied and if they are not applied, what the impact is of applying the same.

Validating the Patch

Validating a patch manually is an optional but recommended practice while applying patches using Fusion Applications Patch Manager. This saves troubleshooting time during the patch application by manually checking the prerequisites, file versions, validating SOA composites, and database by running a mock pass of the patch application. It can also suggest whether the patch can be run in online or hotpatch mode if you have passed those arguments while running validation. It also suggests if the patch is being applied online then which managed servers will be bounced at the end of patching activity. This greatly helps you identify downtime requirement for applications. Any conflicting patches or missing prerequisites are also listed here. Validation also checks taxonomy details, which confirm whether the required applicable products have been provisioned.

The command to validate a patch is as follows. You can add the -online and -hotpatch switches if you want to make sure the patch can be applied online and if so whether can be applied in hotpatch mode.

[fusion@fahost bin]$ ./fapmgr.sh validate -online -patchtop /home/fusion/Patches/19898891/

...

Completed validating the OPatch version.

Started validating the Database connection.

WLS ManagedService is not up running. Fall back to use system properties for configuration.

Completed validating the Database connection.

Started validating taxonomy URL.

Completed validating taxonomy URL.

Started checking pre-requisite bug fixes for the patch.

Completed checking pre-requisite bug fixes for the patch.

...

Validation successful.

Completed validating the Database components of the patch.

Started checking if the middleware portion of the patch will make any impact to the system.

Completed checking if the middleware portion of the patch will have an impact on the system.

Started running apply pre-reqs.

...

All apply pre-reqs for middleware artifacts have passed.

Started checking for the files that will not be deployed.

Completed checking for the files that will not be deployed.

Completed running apply pre-reqs.

Skipping execution, as the mode is not APPLY.

Submitting tasks for parallel execution.

...

Executing validate task [JEEPatchaction_stopManagedServers] with ID [49]. Monitor the log file :

/app/oracle/instance/lcm/logs/11.1.9.2.0/FAPMGR/fapcore_validate_jeepatchaction_stopmanagedservers_49_20150419203455.log

validate Task [ Name: JEEPatchaction_stopManagedServers ID: 49 ] completed with status [ SUCCESS ].

...

Tasks [3] completed out of [3].

Successfully completed execution of all tasks.

Started running deployment pre-reqs.

...

All deployment pre-reqs for middleware artifacts have passed.

Completed running deployment pre-reqs.

Validation of patch is SUCCESSFUL.

You can apply the patch either in online or offline mode successfully.

Generating Diagnostic Report

...

Oracle Fusion Applications Patch Manager completed successfully.

Applying the Patch

Once the patch has been validated against your environment, you may need to decide on whether downtime is required and if so for which applications. You might also determine whether the patch can be applied as a hotpatch. In order to decide this, you must first understand the difference between various modes available for applying patches using the Fusion Applications Patch Manager.

• Offline Mode: Assumes that all the affected managed servers are down and once the patch is complete, you need to manually start all those affected servers. You may either keep them down at the beginning or bounce after the patch application but the users should not be accessing the application during this time. Additionally, any post-steps like deployment of SOA, BI, or other middleware artifacts, or flexfields needs to be done manually after the patch application. You may avoid offline mode unless a validation step confirms that the patch cannot be applied online.

• Online Mode: Although the name suggests that application will always be available, this is not true. The difference between online and offline mode is that during online mode, you need not shut down the affected managed servers manually. Instead, the Patch Manager takes care of bouncing the required servers. It also completes all post-patching steps including deployment of all middleware artifacts. In order to run a patch in online mode, you must first validate the patch for checking whether it can be run online followed by running the Patch Manager Apply phase with the -online option. Additionally you must specify the command-line option -stoponerror so that if there are any errors during patch or post-patching steps, it may stop any further action. You can then fix the problem and restart the patch.

• Maintenance Mode (Only for Fusion Applications 11g Release 8): This was introduced in Oracle Fusion Applications version 11.1.8 and was replaced by the hotpatch option in version 11.1.9. So if you are patching Fusion Applications 11.1.8, then you can use the maintenance mode to apply patches in a controlled environment by changing the user application status to read only mode. In this mode, users can access the application and view data but it disables transactions at the application level. Maintenance mode can be enabled by using the profile option FND_MAINTENANCE_MODE, which can be set to ENABLED, DISABLED, or WARNING to display warnings about upcoming maintenance window based on the FND_MAINTENANCE_START_TIME and FND_MAINTENANCE_END_TIME parameters.

• Hotpatch Mode (for Fusion Applications 11g Release 9 onward): From Fusion Applications 11g Release 9 (11.1.9.x) onward, you can use the hotpatch mode, which is an extension of maintenance mode and allows you to apply patches even when there are active users and ongoing transactions in the Applications. However, not all patches can be applied in hotpatch mode. You must verify whether the patch can be applied in hotpatch mode by validating the patch by passing the -online and -hotpatch options, as seen earlier. All changes in hotpatch mode are applied and users are automatically directed to new versions after the changes are applied, the affected Enterprise schedulers are paused based on maintenance start and estimated end times.

You may optionally add another parameter called -workers <number> as the command-line argument for the fapmgr.sh script to specify the number of parallel workers if the patch involves any database tasks as well. By default, the workers value is automatically selected based on your system configuration, including operating systems, CPUs, and virtual CPUs. If the number you entered is not within the permissible range for your environment then the script may prompt you to enter another value.

Let’s now proceed to apply the same patch that you validated earlier for applying online. As mentioned earlier, since you are using -online option, we will pass the -stoponerror option. Note that from Fusion Applications 11g, Release 9 onward, the Patch Manager (fapmgr) uses parallel processing of any non-dependent tasks, hence improving overall patch application time.

[fusion@fahost bin]$ ./fapmgr.sh apply -online -patchtop /home/fusion/Patches/19898891 -stoponerror -workers 4

...

Started validating the OPatch version.

Completed validating the OPatch version.

Started validating the Database connection.

WLS ManagedService is not up running. Fall back to use system properties for configuration.

Completed validating the Database connection.

Started validating taxonomy URL.

Completed validating taxonomy URL.

Started checking pre-requisite bug fixes for the patch.

Completed checking pre-requisite bug fixes for the patch.

Reference number for the current Oracle Fusion Applications Patch Manager run is 143.

Started validating the Database components of the patch [19898891(US)].

Patch validation is in progress. This might take a while.

Monitor the adpatch log file : /app/oracle/instance/lcm/logs/11.1.9.2.0/FAPMGR/adpatch_validate_19898891_20150419203607.log.

Validation successful.

Completed validating the Database components of the patch.

Started checking if the middleware portion of the patch will make any impact to the system.

Completed checking if the middleware portion of the patch will have an impact on the system.

Started running apply pre-reqs.

Please monitor OPatch log file: /app/oracle/instance/lcm/logs/11.1.9.2.0/FAPMGR/opatch/opatch/19898891_Apr_19_2015_20_36_13/ApplyPrereq2015-04-19_20-36-39PM_1.log

All apply pre-reqs for middleware artifacts have passed.

Started checking for the files that will not be deployed.

Completed checking for the files that will not be deployed.

Started identifying Post Apply tasks.

Completed identifying Post Apply tasks.

Submitting tasks for parallel execution.

Diagnostic report is generated at /app/oracle/instance/lcm/logs/11.1.9.2.0/FAPMGR/FAPMgrDiagnosticsSummary_apply_20150419203607.html. This will be updated every 5 mins.

Executing apply task [JEEPatchaction_stopManagedServers] with ID [59]. Monitor the log file :

...

Tasks [1] completed out of [5].

apply Task [ Name: OfflinePatching_applybits ID: 60 ] completed with status [ SUCCESS ].

...

apply Task [ Name: DeployInventoryAction_updateDeployInventory ID: 62 ] completed with status [ SUCCESS ].

Tasks [5] completed out of [5].

Successfully completed execution of all tasks.

Generating the data fixes XML file.

Generated patch inventory file: /app/oracle/instance/lcm/faPatchInventory/fusionAppsPatchHistory.xml

Generated patch inventory file: /app/oracle/fusionapps/applications/admin/fusionAppsPatchHistory.xml

...

Oracle Fusion Applications Patch Manager completed successfully.

Monitoring the Patch Application Using Online Patch Progress Report

Until Fusion Applications 11g Release 9, the Online Patch Progress Report had to be run separately using the -patchprogress option in the Fusion Applications Patch Manager script. From version 11.1.9 until now, it is integrated into the Apply phase. As you can see in the Apply phase output shown previously, you may notice he following lines related to the Online Patch Progress Report or diagnostic report.

Diagnostic report is generated at /app/oracle/instance/lcm/logs/11.1.9.2.0/FAPMGR/FAPMgrDiagnosticsSummary_apply_20150419203607.html. This will be updated every 5 mins.

During the current patch application session, the Online Patch Progress Report filename remains the same (FAPMgrDiagnosticsSummary_<Phase>_<Timestamp>.html), but this file is updated every five minutes. You can refresh the report file to see the current status of each task. Once the patch is complete, the same report is referred to as a diagnostic report. Note that these tasks are not same as workers in the AutoPatch tool.

Figure 16-9 shows an example of the Online Patch Progress Report for this example patch.

Figure 16-9. Example of an online patch progress report

As you can see in Figure 16-9, the Patch Progress report shows a summary of the phase followed by any failures, errors, or warnings encountered during the current patch apply session. This is followed by detailed information on each phase, along with individual tasks within the phase. Next, it displays the list of pending tasks in the wait queue. Note that the diagnostic report that’s created at the end of patch’s Apply session does not include this last section of pending tasks.

Verifying the Applied Patch Status

Once the patch application is successful, you can run the Patch Status Report again to make sure that the patch has been applied and registered in the database and inventory.

[fusion@fahost bin]$ ./fapmgr.sh report -isapplied -patch 19898891

...

Started validating the OPatch version.

Completed validating the OPatch version.

Started validating the Database connection.

WLS ManagedService is not up running. Fall back to use system properties for configuration.

Completed validating the Database connection.

Report Name: Patch Status

Report for: FUSION [/app/oracle/fusionapps/applications]

Bug No. : 19898891:US

OUI Component : oracle.fusionapps.fin

Status : Applied

Patch No. : 19898891

Date Applied (mm-dd-yyyy hh:mm:ss) : 04-19-2015 20:39:01

...

Oracle Fusion Applications Patch Manager completed successfully.

Directory Structure of an Applications Core Patch

Before looking at how to apply a patch manually using AutoPatch, let’s understand the structure of an Application core or Functional Setup Manager database artifacts-related patch. Such patches can be applied manually using AutoPatch (adpatch ). Figure 16-10 shows an example directory structure of one such patch.

Figure 16-10. Structure of an ATGPF or functional setup manager patch

The Applications core patch looks very similar to an Oracle E-Business Suite patch. It contains a unified driver file named u<Patch_Number>.drv, which contains the list of database execution tasks as well as application artifacts copy and deployment steps. The README.txt file contains important information about prerequisites, installation steps, and whether manual post-patching steps are required.

Applying the Patch Using adpatch

Similar to EBS patches, which no longer have separate copy, database, and generate driver files because they have been replaced by unified driver, Fusion Applications artifacts-related patches also have a unified driver containing all required actions for the patch.

The adpatch utility can read the driver file to first determine any dependencies or pre-requisites for the patch. Next it compares the file versions of existing files with those included in the patch and determines whether the files need to be copied or no action needs to be taken. Before copying the files it makes a back up of the existing files being changed. After the copy portion is complete, it updates the required database objects and executes the included scripts. However, you must make full backup of file system and database before applying the patch since there is no direct rollback available for most patches. It is advisable to update the current view snapshot before applying any patch using adpatch for the first time to save time.

Use the following syntax to apply a patch using the adpatch utility interactively.

$ATGPF_HOME/lcm/ad/bin/adpatch.sh [patchtop=<Path_to_Patch_Dir] [driver=u<Patch_Number>.drv] [workers=<number>]

By running the adpatch.sh script without an argument, AutoPatch will initiate an interactive session by prompting for each required parameter. You can select the patch top, number of workers, name of driver files, and so on, for the other parameter. You can change them at the prompt or leave them set to the default values. Alternatively, you can specify interactive=no at the command line and put all the required parameters in the defaults.txt file located at APPLICATIONS_CONFIG/atgpf/admin/.

Using the AD Controller to Monitor Patch Progress

During an ongoing adpatch session, you can monitor the progress of the patch using a utility named AD Controller (adctrl) from the same location from where the adpatch session was invoked. This utility is same as the one used for E-Business Suite patch monitoring. AD Controller can monitor the status of each worker, the task being performed by each worker, as well as control the status of the worked by restarting failed workers after reviewing the worker log file and resolving the underlying issue with the relevant database task execution. Although you can restart a failed worker using AD Controller, if you want to restart a failed adpatch session then you can run the adpatch.sh script with the restart=yes parameter.

Starting an AD Controller session requires the following. The script will prompt you to confirm or modify the APPL_TOP value. Make sure to enter ATGPF_HOME instead of the default APPL_TOP (FA_ORACLE_HOME).

[fusion@fahost bin]$ $ATGPF_HOME/lcm/ad/bin/adctrl.sh

...

Your default directory is '/app/oracle/fusionapps/atgpf'.

Is this the correct APPL_TOP [Yes] ?

...

Filename [adctrl.log] :

Start of AD Controller session

AD Controller version: 11.1.9.2.0

...

Note that these selections will work only if there is an existing AutoPatch session going on and the FND_INSTALL_PROCESSES table has already been created. The following is the AD Controller menu along with a short description for each of the options.

AD Controller Menu

1. Show worker status: Lists the current status of each of the configured workers. The status could be Wait (default), Assigned, Running, Completed, Failed, Fixed, Restart, or Restarted, depending on status of the current task being handled by the worker process.

2. Tell worker to restart a failed job: If the assigned task (e.g. a SQL execution) for the worker failed or completed with an error then the worker status shows as FAILED. Review the log file for the specific worker, identify and resolve the underlying issue, and then manually instruct the worker to restart the failed job using this option.

3. Tell worker to quit: If the worker process has hung or has encountered some issue or if you want to shut down the workers or complete the manager process then you can use this option to stop one or more of the worker processes.

4. Tell manager that a worker failed its job: If you have to terminate a hung database session or any other spawned task manually then you can terminate the spawned process using OS commands first. Then you can inform the manager that a worker has failed its job to manually change the status to FAILED. Now you may proceed to either restart the job or terminate the worker using the next option if the worker process has also hung.

5. Tell manager that a worker acknowledges quit: If you have manually killed a worker process due to any specific issue then you must manually update the manager that the worker has quit and acknowledge it.

6. Restart a worker on the current machine: Once the worker process and all spawned processes for the specific worker have terminated, you can restart the worker on the machine. Make sure to clean up all the processes related to the worker before restarting the worker to avoid duplicate workers with the same ID.

7. Exit: Use this option to exit the AD Controller session. All worker processes continue to run and you can launch AD Controller again any time later if the patching or AD Administration session (to be discussed next) is still going on.

Maintaining Snapshot Information

We have seen the important role that snapshots play while applying patches since snapshots contain a virtual image of the complete Applications file system at any given point of time. This includes information about every file that’s supplied by Oracle as part of Applications Suite with version headers and does not include C binaries and log files. Although at the database level, Oracle keeps track of every file that was ever introduced at the Fusion Applications file system level, the snapshots only include the list of files present at the time of snapshot. Any new or modified files are not included in that specific snapshot.

We can have two types of snapshots—Current View Snapshot and Named Snapshot. As the names suggest, the Current View Snapshot should be updated every time there is a change in the Oracle provided application files to keep a current inventory of files at any point of time. The Named Snapshots are created at a specific point in time and are never updated. However, these snapshots compare the Oracle homes at different points in time or with different instances. You can create, delete, export, or import snapshots as well.

Let’s look at the list of options in the Maintain Snapshot Information menu.

Maintain Snapshot Information

1. List snapshots : Use this option to list all the existing snapshots for each Applications file system. For example:

List of snapshots :

Snapshot ID Name APPL_TOPApplications System

----------- ----------------------------------------

1CURRENT_VIEW ATGPF FUSION

1001 CURRENT_VIEW FUSION FUSION

2. Update current view snapshot: Use this option to refresh the current view snapshot for the selected APPL_TOP. If you want to update the current view snapshot for a different APPL_TOP then you need to exit and restart adadmin using other APPL_TOP.

3. Create named snapshot: Use this option to create a named snapshot for the selected Application home. Once it’s complete, this snapshot will be added to the list of snapshots.

4. Export snapshot to file: You can specify an output file to export a snapshot from a list of available snapshots for review or future import purpose.

5. Import snapshot from file: This option allows you to select a snapshot export file and update relevant snapshot database tables based on the file.

6. Delete named snapshot(s): If you no longer require any old named snapshot then you can delete them using this option.

Maintaining Applications Database Entities

For a proper functioning of Fusion Applications it is essential that the database objects are always valid and appropriate grants, synonyms exist in order to allow required access to business objects. A DBA could manually check such integrity of database but it is always recommended to let the Fusion Applications AD Administration utility validate it based on the expected database structure. Even though you can compile the invalid objects manually, you should use the Compile Invalid Objects menu option in AD Administration since it takes care of compiling prerequisite dependency objects first followed by the dependent objects in order to maintain integrity of the database.

You should regularly do health checks of database objects using AD Administration in addition to your regular database administration activities. Especially if the required grants or synonyms are missing, regular database queries may not be able to determine that if it has not caused any invalids. The AD Administration utility can validate them based on built-in rules.

Let’s look at the options available in the Maintain Applications Database Entities menu.

Maintain Applications Database Entities

1. Compile Invalid Objects: When you apply large patches or perform migration, a number of objects can become invalid. You can use this option to compile any Fusion Applications related invalid objects. This option first internally executes the $APPL_TOP/lcm/ad/db/sql/adutlrcmp.sql script to compile all invalid objects in database. Then it generates a list of all invalid objects in the FUSION schema and runs the $APPL_TOP/lcm/ad/db/sql/adallinvobj.sql script against the FUSION schema to compile those objects. After compilation is complete, it generates HTML reports for any pending invalid objects that could not be compiled at the following location.

<INSTANCE_TOP>/lcm/logs/<verision>/FAPMGR/adadmin_prepatch_invalidobjects.html

2. Health Check: The next important option in the Maintain Applications Database Entities menu is Database Health Check. Ideally this task should precede invalid objects compilation since the report generated by Health Check option lists the invalid objects in a database that may require you to run the previous task Compile Invalid Objects. As you can see in Figure 16-11, the database Health Check report runs the script $APPL_TOP/lcm/ad/db/sql/adhlcheck.sql and generates the report with a list of important deviations in terms of system- or object-level privileges, current list of invalid objects, and so on. This report is generated at <INSTANCE_TOP>/lcm/logs/<verision>/FAPMGR/ad_health_check_report.html. Based on this report you may need to run other adadmin tasks, such as Compile Invalid Objects, Re-Create Grants for FUSION Schema, or any manual activities.

Figure 16-11. Health check report of Fusion applications database

3. Re-create grants for FUSION schema: This option ensures the required grants for FUSION schema objects and ensures that necessary roles are assigned to the FUSION_RUNTIME schema.

4. Maintain multi-lingual tables: Since Oracle Fusion Applications supports multi-lingual tables, for each base table there is a corresponding table with the _TL postfix. Based on the active languages installed on the Fusion Applications environment, there must be a corresponding record in these tables for each record of translation-enabled tables. This procedure prompts for selecting from the list of languages for which you want to synchronize the missing language transaction records to MLS (Multi-Lingual Support) tables. This task should not be run on a regular basis since it is executed automatically whenever a new language gets installed. You may run this task manually only when you have a valid justification and confirmation from support team that the data needs synchronization.

Applications, Web, and Directory Tier

We will begin by looking at the file system of application, web and directory tiers that contain Fusion middleware components-related home directories and configuration files. It is possible that you may include these files from each tier in separate backup groups or policies but the underlying classification remains the same. We can mainly classify these files in two main categories based on the frequency of change, static files, and configuration files. Let’s look at which directories are a part of each of these types.

Database Tier

There are several ways a database tier backup can be taken, depending on the type of infrastructure, storage, disaster recovery setup, and existing database backup policies. In this section, we will only look at the file system backup for database binaries and configuration files.

Offline Backup

It is recommended to take offline backups before and after performing critical activities, including applying large bundle patches, upgrades, migrations, or OS upgrades that already involve an approved downtime. Offline backups are always consistent and the restoration is quick and generally error-free as compared to online backups. You can use the Enterprise Backup Suites used by your organization or use manual file backup by creating a tar backup at the OS level and moving the files to a secure location.

As the name suggests, while taking offline backups, the application must be offline and not accessible by any users or background processes. All services must be shut down before initiating an offline backup. If you are planning to take a cold backup of your database, shut down the databases as well. Let’s look at what files need to be backed up as part of an offline backup.

Online Backup

We read that offline backups need to be taken on a demand basis when you are performing critical activities that include changes in static as well as configuration files. But in order to achieve the highest recoverability, you must schedule regular backups of all configuration files that are generally not static. Such online backups must be done at least once daily when you do not expect any configuration related changes, preferably at night or at a time suitable per your organization’s policy. In addition to this whenever an administrator is making changes to configuration files or through Enterprise Manager Console, an online backup must be taken before and after the change. The same applies when you are applying patches that do not require offline backups but involve post-steps that affect the application configuration files, so you could take online backup before and/or after the patching activity. Let’s look at which files need to be backed up during an online backup.

Database Tier

Online backup of Oracle Database can be done through RMAN as well as data pump export backup of the entire database. You can either select a full or incremental backup for RMAN. Since the newer versions of Oracle database (12c onward) will support fine-grained recovery, including individual tables or objects, it is advisable to move to catalog-based RMAN backups for online backup instead of export data pump backups for possible partial recovery.

For file system backups on the database tier, you should back up the configuration file-related directories, including TNS_ADMIN, ORACLE_HOME/dbs, Oracle Cluster Registry (OCR) files. If password files and/or SPFILEs are stored in a shared location, those directories also should be backed up as part of an online backup.

Take a consolidated view of all these directories, their backup types, and their mappings in a single diagram. Figure 16-12 shows the static as well as configuration directories for Fusion Applications and Identity Management nodes and classifies the files based on the suggested inclusions in online and offline backup.

Figure 16-12. Suggested backup configuration for FA and IDM components

Complete Restore

Complete Restore is one of the simplest and straightforward methods of restoring the file system. All you need to do is restore the offline backup and restore the backdated consistent full file system backup. The next step should be to replace the configuration files using the latest online backup to apply the latest changes on the old consistent backup. Another alternative is to restore the static directories from the latest offline backup and then restore the configuration directories from the latest online backup. We will see a partial restore in the next section of partial restore. Figure 16-13 summarizes the complete restore option in a typical scenario.

Figure 16-13. Typical file system full restore scenario

A typical scenario for a Complete restore is when you are applying major patches to an application or OS level and your go-live decision is based on complete success. If there’s a failure you may want to go back to an earlier state with complete restore. Other than that, if there’s a storage issue or a disk crash and your file system is lost completely or partially, you may want to perform a complete restore of the static configuration files considering your configuration files are not changed since the last online backup.

Partial Restore

Since complete restore is required only in a disaster situation or major activity fail that forces you to completely roll back the changes. In most cases you may need to recover only part of the file system or database depending on the issue or business request. Although you can take a separate backup for individual directories, technically you do not need to do this and the method described previously to take top-level directory backup is sufficient only to restore any subdirectories beneath them.