Home » N-1 Patching in Redhat Linux

N-1 patching on Red Hat

Red Hat N-1 patching enables you to maintain a consistent, stable Red Hat environment by using older, tested patch versions instead of the latest available updates. This approach helps you:

  • Maintain version consistency across all Red Hat servers
  • Comply with organizational policies that require older, stable patch levels
  • Ensure compatibility with dependent applications that may not support the latest updates

Table of contents

Prerequisites

To use N-1 patching:

  • Your Red Hat machines must have a valid Red Hat Subscription.
  • Ensure that the Red Hat Linux Settings view shows a successfully uploaded Red Hat certificate.

For details on Red Hat Linux management, refer to the Red Hat Linux patching documentation .

Overview

N-1 patching allows you to deploy updates from an earlier Red Hat repository state rather than the most recent version. This is achieved differently in on-premises and cloud environments.

  • On-premises: You create snapshots of Red Hat repositories in the Central Server.
  • Cloud: You maintain your own Red Hat mirror that stores older metadata and package versions.

The following sections explain both workflows.

On-premises workflow

Creating Red Hat repository snapshots

In an on-premises setup, the Central Server creates snapshots of the Red Hat repository. These snapshots contain Linux package metadata and package versions available at that time.

Create a snapshot schedule

  • Go to Threats & Patches → N-1 patch settings → Red Hat → Schedules → Create schedule.
  • In Select Red Hat version, choose the version type:
    • Red Hat current release: Uses the most recent superseded updates available.
    • Red Hat minor version: Select a specific minor version (for example, Red Hat 9.2 or 8.4).
  • Select the scheduling frequency:
    • Execute now: Creates a snapshot immediately.
    • Once: Creates a snapshot on the specified date and time.
    • Monthly: Creates a snapshot each month.
  • Click Save.

The Central Server downloads package metadata and update files for the selected version.

redhat

Viewing and managing schedules

In the Schedules view, you can view and manage all configured schedules. Snapshots are created at the defined frequency.

Viewing and managing snapshots

The Snapshots view displays all snapshots along with their creation date. Select a snapshot based on your deployment requirements.

Mapping snapshots to machines

Mapping machines to a snapshot instructs the agents to download metadata and updates from that snapshot instead of the latest repository.

  • Create a custom group containing the Red Hat machines that require N-1 patching.
  • Go to Threats & Patches → N-1 patch settings → Red Hat → Map snapshots → Create mapping.
  • Select a snapshot and choose the target machine group.
  • Click Save.

Agents apply the configuration during their next refresh cycle. Their missing-patch reports align with the metadata from the mapped snapshot.

Distribution of updates

  • Agents connected directly to the Central Server download updates from the mapped snapshot.
  • Agents managed by a Distribution Server download updates after it syncs snapshot-specific content from the Central Server.

Cloud workflow

In cloud environments, snapshot creation is not supported due to scalability constraints. Instead, you must maintain a local Red Hat repository mirror that stores the older patch data required for N-1 patching.

The N-1 workflow relies on this mirror to supply older metadata and update files to agents.

Prerequisites

  • Host a Red Hat repository mirror within your environment over HTTP or HTTPS.
  • Ensure the mirror contains the older package versions you intend to deploy.

For steps to create and host a mirror, refer to the Mirror and Host sections in the official Red Hat documentation.

Adding the mirror details

  • Navigate to Threats & Patches → N-1 patch settings → Red Hat → Mirrors → Create mirror.
  • Enter the mirror name and the mirror URL.
  • Click Save.

The Central Server verifies the mirror URL and adds it to the list.

redhat

Viewing and managing schedules

Map the mirror to machines

Mapping machines to a mirror instructs the agents to fetch Linux package metadata and updates from that mirror, overriding the default Red Hat repository behaviour.

  • Create a custom group containing the Red Hat machines that require N-1 patching.
  • Go to Threats & Patches → N-1 patch settings → Red Hat → Map mirror → Create mapping.
  • Select the mirror and the target machine group.
  • Click Save.

The mapped machines begin using the mirror from the next refresh cycle.

Note: If you manage machines across multiple regions, host a separate mirror for each location and map machines accordingly.

Roles and permissions

  • Users with patch management full control and write access can view, create, edit, and delete mirrors and mappings.
  • Users with patch management read access can only view mirrors and mappings.

Back to top

Trusted by