Join Our Popular Newsletter
Join 4,500+ Linux & Open Source Professionals!
2x a month. No spam.
How Live Patching Helps You Achieve Five Nines
Anyone that’s committed to a five-nines mandate will dread the idea of a cybersecurity breach. It’s a fast way to lose service continuity and it can lead to a long recovery period.
Frustratingly, one of the best ways to protect systems against breach success – vulnerability patching – is also one of the things that can easily get in the way of maintaining the five-nines mandate, because patching degrades performance, sucks up sysadmin resources, or causes outright downtime.
What is a hard-working sysadmin supposed to do?
Five Nines: A Quick Recap
System uptime always matters because an application or service cannot serve its purpose if it’s not available. The degree of availability is also pertinent. If the HR system in a small business is inaccessible for an hour a day once or twice a month, it’s hardly going to upset someone.
The same outage on an online retailer’s website could lead to a six-figure revenue loss – or even more. In some instances, availability is critical: think about emergency services or critical infrastructure, for example.
It’s not reasonable to expect, however, that a system is online 100% of the time, because uncontrollable events can and do happen.
Five-nines availability refers to a system that is available 99.999% of the time (it gets its name from the five “nines” in the percentage). This translates to a system that is down for no more than 5 minutes per year. It’s a benchmark for highly reliable systems or mission-critical applications, but it’s also a common standard in the technology world that would apply to cloud infrastructure, for example.
Key Things to Get Right To Maintain Five Nines
What can sysadmins do to maintain a five-nines directive? Well, we all know the drill:
- Use reputable and reliable technology partners: Choose a cloud provider with a proven track record of uptime and good customer support to cover you when things go wrong (or look like they could go wrong).
- Continuously monitor your systems: Use monitoring tools to keep track of the performance and availability of your system so you can respond when a problem that’s affecting performance appears to build.
- Use high availability tools e.g., a load balancer or CDN: A load balancer distributes traffic across multiple servers, helping prevent any single server from becoming overloaded. Similarly, a content delivery network (CDN) can help reduce the load on your server by caching static content and delivering it from locations closer to your users.
- Redundancy and failover: Redundant servers and power supplies will save the day when something like a component fails, with failover systems automatically switching to a backup system if the primary system goes down.
- Ready for recovery: Disaster can strike, and disaster recovery will help limit the damage. Arguably, a good disaster recovery plan – if you have one – can kick in within minutes. That means that even a catastrophic failure won’t break through the fine nines objective.
If all goes to plan, you should maintain high levels of uptime and never get in trouble with stakeholders or things like SLAs where you agreed to 99.999% availability.
Patching Trips Up Your Efforts
Maintaining five-nines availability is achievable with a mix of strategy, resourcing, and planning. But even a perfect strategic mix can clash with broader goals, including maintaining the security that ensures availability.
Patching newly discovered vulnerabilities is one of the key steps in maintaining that security. If you don’t patch in time, you run the risk that a breach might occur soon after the vulnerability is discovered. That breach can make mincemeat of your five-nines efforts and it could take you months to recover.
On the flip side, patching requires either taking a system offline (which will probably break five nines) or, for high availability, entails reduced performance – which can spill over into brief or longer disruptions that also break the five-nines availability mandate.
It’s a tough conundrum because sysadmins need to either intentionally impact availability or delay doing so while taking on the risk of something far worse going wrong.
Live Patching Saves the Day
Thankfully, sysadmins tasked with five-nines availability have an alternative to the patching conundrum. It’s called live patching, and it’s a simple way to ensure that security updates are applied consistently – but without the need to restart the service being patched.
We discuss live patching in more detail here, but – in summary – live patching is a tool that enables sysadmins to apply critical security patches without needing to restart the underlying system.
It means that sysadmins can patch for vulnerabilities without causing a break in service continuity. In fact, live patching happens so seamlessly that vulnerability patching can occur without affecting the performance of high-availability systems. There’s also little risk that performance would degrade so much as to result in a service disruption.
Live patching supports five nines by reducing the risk of a disruptive cyberattack, and by minimizing the performance impact of patching-related activities.
Consider Adding Live Patching to Your Five-Nines Toolset
Sysadmins have many tactics available to them to help pursue their five-nines goal. Live patching should be part of that toolset because live patching solves two major concerns with availability. First, live patching ensures much tighter, more consistent vulnerability patching that protects systems against threats.
And, second, by removing the need to disruptively restart services for patching, live patching also solves another key five nines issue: avoiding downtime. If you’re a sysadmin tasked with maintaining fives nines, you should review TuxCare live patching services to see how it can help you support your availability objectives.