| Hot-patch service boasts reboot-free server updates |
Feb. 11, 2010
 Ksplice has launched a subscription service that updates Linux servers without rebooting. Based on an MIT-bred utility that has been considered for merging into the Linux mainline kernel, Ksplice Uptrack is claimed to reduce costly downtime, while also speeding installation of security patches and other upgrades.
Based on "Ksplice" technology developed at the Massachusetts Institute of Technology (MIT), Uptrack enables IT administrators to keep Linux servers up-to-date without the scheduling, disruptions, and downtime required with a reboot, says Ksplice. As a result, servers can more quickly be protected against security threats system administration costs can be reduced, says the company.
Ksplice Uptrack builds upon the Ksplice hot-patching utility for the Linux kernel that was developed by Jeffrey Arnold, a graduate student at MIT. Announced in 2008, Ksplice was for a time actively being considered for merging into the mainline Linux kernel source code tree, but momentum for the merge seems to have faded, in part due to potential conflicts with a 2002 Microsoft patent.
Reboots required for kernel updates by major Linux distributions, 2009 to present
(Source: Ksplice)
(Click to enlarge)
Carrier Grade Linux and high-availability Linux distributions typically already have hot-patching implementations of their own, but the mainline kernel, as well as major Linux distributions do not. As a result, downtime for kernel and security updates is a growing drain on IT departments, according to Ksplice. In 2009, major Linux vendors asked customers to install a kernel update roughly once each month, says the company. The chart above typical update schedules for major Linux distros.
Ksplice operates at the object code layer, enabling the technology to transform many traditional source code patches into hot updates that require little or no programmer involvement, according to an MIT paper written by MIT researchers Arnold and M. Frans Kaashoek, which is posted on the Ksplice site. Typically a patch does not change the semantics of persistent data structures, providing an opportunity to create a hot update without writing new code, says the paper.
Ksplice process for creating a hot update
[Source: Jeffrey Brian Arnold, MIT,
"Ksplice: An automatic system for rebootless Linux kernel security updates"]
(Click to enlarge)
Ksplice compiles the system's kernel from source, with and without the patch, creating a kind of binary diff. It then inserts "trampolines" inside of functions affected by the patch. The trampolines simply bounce processing over to newly instantiated, patched object code.
The paper sites research involving significant x86-32 Linux security patches between 2005 and 2008. Some 88 percent of patches were said to have required no new code in order to be performed as a Ksplice update. In addition, by writing a small amount of code (about 17 lines per patch) to assist with the remaining patches, the Ksplice technology could apply 100 percent of the security patches without rebooting, claims the paper.
Because Ksplice Uptrack does not require a persistently running process, updates do not slow performance, claims Ksplice. The technology is said to have no machine limits, and can reverse updates without rebooting.
Uptrack can update systems in virtualization environments including VMware, Virtuozzo, and Xen, both as hosts and guests, says the company. The technology is also claimed to play nice with third-party kernel modules such as cPanel and R1Soft CDP. A web management tool enables remote monitoring of Uptrack tasks, and cryptography authenticates the Uptrack update feed, says Ksplice.
Background and testimonials
Ksplice was founded as a Cambridge, Mass.-based MIT technology spinoff in 2008. In 2009, the company was named the most innovative security company of the year by the Wall Street Journal, says the company. More than 40 Web hosting and IT infrastructure companies have deployed Ksplice Uptrack as early adopters, so far saving tens of thousands of reboots, says Ksplice. Three have provided testimonials, below.
Stated Joshua Barratt, CTO of Media Temple, "Like other hosting providers, we've needed this capability for a long time, but we didn't think that it was possible to apply these updates without a reboot until we saw Ksplice in action."
Stated David Collins, CTO of HostGator, "It reduces one of the biggest costs associated with any server -- system administrator maintenance time -- and helps us improve the quality of service we can provide to our customers."
Stated Dallas Kashuba, co-founder and CTO of DreamHost, "Using Ksplice has improved our response time to critical kernel exploits from a few days to only minutes."
Availability
Ksplice Uptrack is now available for Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, CentOS, Parallels Virtuozzo Containers, and OpenVZ distributions. The subscription fee starts at $4 per month per system, after a 30-day free trial. The company uses metered billing, charging only for the systems Uptrack runs onm says Ksplice.
A free version is also available for Ubuntu, and the company makes its raw Ksplice 0.9.9 utilities available for open source download says the company. Ksplice strongly cautions against using the raw Ksplice utilities on production systems, however.
More information may be found here.
-- Eric Brown
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
Related Stories:
(Click here for further information)
|
|
|
Approaching the Linux Desktop
The purpose of this paper is to help organizations evaluate the Linux desktop against their own enterprise needs and discover what benefits the Linux desktop might bring to their organizations.
Migrating To Linux: Application Challenges and Solutions
Several solutions exist to help organizations migrate in an orderly fashion from Windows to Linux desktops. This paper establishes the characteristics of an ideal cross-platform solution and reviews these alternatives in light of this ideal standard. The paper takes a closer look at the pros and cons of various solutions and outlines the business benefits that can be achieved.
Linux Advantages: Publicly Available Information on Linux Software
This paper offers a brief summary of readily-available Linux information to help businesses sort out this widely misunderstood operating system.
Top 5 Strategies for Managing Linux
Despite continuous evolution in the manageability of Linux, a 2006 survey cited manageability concerns as a top reason why organizations are hesitating to adopt Linux. Levanta believes Linux can be as manageable, if not more so, than other operating systems by following key strategies. These strategic recommendations were developed from experiences in numerous customer environments, both large and small.
Why Choose Novell for Linux?
This paper outlines the benefits of switching to the Linux platform and choosing Novell as a high-performance, enterprise solution.
Enterprise Linux Selection Guide
Considering moving your enterprise to the Linux operating system? Since there are so many similar versions, choosing the right one can be tough. This paper offers a clear process to help you make an informed decision and get the features, support, and cost that are right for your business and technical needs.
Overcoming Challenges in Managing Linux
Levanta has created a new administration model with innovative technology that breaks down the barriers to making the most of Linux systems. This paper will provide an in-depth look at the workings of Levanta’s product, the first Linux appliance of its kind.
SUSE Linux Enterprise 10 for Retail Businesses
Discover why major retailers have switched to SUSE Linux Enterprise Desktop in the back office. SUSE Linux Enterprise Desktop 10 is a low-cost desktop that offers a complete set of productivity applications and interoperates seamlessly with the other Windows, Macintosh and UNIX desktops in your store.
Moving to a Linux Desktop
Migrating from Windows to Linux on the desktop can be a substantial undertaking because it has the potential for touching -- and perhaps disrupting -- every user in your organization. Unlike a data center (server and infrastructure) migration that is largely transparent to users, the cultural and administrative transitions and environment readiness required to support a Linux desktop migration are extensive.
Seven Good Reasons to Exchange Exchange
This paper describes seven compelling reasons why you should switch from Exchange to Scalix.
|
|
|
|
|
news feed
