Solaris 11 Global zone patching having Solaris 10 branded zone

I am planning to do solaris 11 global zone patching having solaris 10 branded zone. I have a doubts on step 8 specially

Can someone clear my step 8 doubts or if anything wrong between step 1 to step 9 please correct that also as I have pretty good idea about Step 10 mean patching in solaris 10 branded zone

solaris 11 GZ patching steps

1.) Halt all branded zones

zoneadm -z sol10bd halt

2.) Then Detach all solaris 10 branded

zoneadm -z sol10bd detach

3.) Solaris 11 Repository is already configured then we need to run below command for Solaris 11 global zone patching

#pkg update 

4.)After patching of Solaris 11 complete then new BE will be create which has all the updated patches which we just install

#beadm list

5.) Activate the new BE

beadm activate <New-BE-name>

6.) Reboot the system

7.)After system up from new BE

beadm list

8.) Now I need to attach the Solaris 10 Branded Zone -----> Here my question is do we need to run " zoneadm -z sol10bd attach " command or I need to forcely attach the branded zone " zoneadm -z sol10bd attach -F "

Means I need to run which of the below two commands to attach solaris 10 branded zone

#zoneadm -z sol10bd attach

or

#zoneadm -z sol10bd attach -F

9.) After attaching Branded zone , We need to boot the Solaris 10 Branded zone

zoneadm -z sol10bd boot

10.)After booting to Branded zone login into it and copy the recommended patch cluster into branded zone and extract it. Further we can start patching it by creating a solaris 10 zfs root pool clone and then mount it and do the patching on that clone and after patching activate the clone & boot the system from clone

11.) Patching completed/

Just a small disclaimer, i never worked with solaris 10 branded zones.

But, since it's a whole root zone, upgrade of solaris 11 global zone should have minimal to no effect to such zones.
Actually, no patching should occur for solaris10 zone.

So if the solaris 11 release you are patching support solaris10 branded zones, you should be fine.

I would go with normal attach with using preview switch first -n and examine the output.

If everything goes well in preview, run the normal attach.

Also, Solaris 11 system when doing major patching will create a backup boot environment automatically, followed by patching and activation of patched environment.
After the patching finishes, a reboot should suffice.
pkg subsystem will write that on the console after patching, and you can confirm the same by issuing beadm list after patching.

Depending on the importance of the system in the zone, backup(s) should be made.
This is done using zfs archives or zoneadm command subswitches and, of course, exporting the text configuration of zone using zonecfg.

Hope that helps
Regards
Peasant.

Thanks Peasant for your inputs

We follow patching procedure mention in Oracle docs for branded zones which say that we will create the snapshot of rpool in branded zone and then create the clone from it and promoting the clone and mount of clone on /mnt mountpoint and then solaris 10 recommended patchset will be implemented on clone and activate the clone to be mounted as root filesystem after completion of patching and reboot of branded zone.