Linux Live Patching vs. Server Reboot Cycles: Pros and Cons
Ever heard of a pipe-freeze kit? A pipe-freeze kit forms a plug of ice inside a water pipe, allowing a plumber to make repairs without shutting off water.
Like water pipes, there are some things that you don’t want to shut down to fix.
Rebooting a system to install security updates and patches isn’t necessary, but it happens every day in the form of server reboot cycling. Conversely, live patching of an enterprise Linux system flash freezes central processing units (CPUs) to install patches automatically, taking nanoseconds to complete.
Huge Differences Exist Between Linux Live Patching And Server Reboot Cycles
Live patching is a subscription-based service where providers like Canonical and KernelCare Enterprise drive the entire patch-management process. A subscription of 500 licenses might cost over $10,000 per year. Server reboot cycling relies on a company’s internal people and resources, but that doesn’t mean it’s low cost. Studies show that it costs more than live patching. At a glance, the benefits of live patching are evident, but many companies still use server reboot cycling. Let’s explore the reasons why.
Advantages to Server Reboot Cycles
Large organizations equipped with redundant servers, configured load balancers, and bankrolled SLAs have the infrastructure and finances to ensure minimal disruption to their enterprise Linux operations.
Disadvantages of Server Reboot Cycles
There are many disadvantages to using server reboot cycling for patch management.
Critical windows of time are missed. A 2019 study conducted by Ponemon Institute shows that out of 3,000 IT and security professionals, 62 percent attribute a data breach to their enterprise’s failure to apply an available patch.
Staffing is also an issue. The study also revealed that only 36 percent feel their enterprise has enough staff to apply patches fast enough.
Negotiating downtime is complicated, frustrating, and requires untold hours of labor.
Finally, pushing components to 100 percent during the power-on self-test (POST) sequence can result in data loss and hardware failure, with startup time being the most problematic part of the Linux reboot process.
It’s Also Expensive
Despite the fact that server reboot cycles take advantage of internal people and resources, it adds significantly to the costs of running a secure enterprise.
Reboots disrupt revenue streams, especially on non-redundant systems. Employees’ overtime pay for nights and weekends increases costs even more. Repeated, requests for downtime erode IT’s political capital, as they are seen as demanding, negatively affecting approvals for other needs.
Formulas for calculating the annual cost of managing security vulnerabilities through patching, support evidence and case studies that show how as little as 10 patching cycles per year can run costs into the millions. Click here to learn more.
Understanding Linux Live Patching
Live patching is the process of deploying patches to a Linux kernel while the server is still running, updating it automatically. It’s rebootless and reduces patching tasks by as much as 60 percent.
A 2019 survey sponsored by ServiceNow shows that 70 percent of respondents believe automation is a critical step to improving their organization’s patch management, and 80 percent credit automation for their organization’s ability to respond to vulnerabilities in less time.
What It Is And What It Isn’t
Live patching ensures a seamless customer experience and enables continuous access to systems that support productivity, revenue, security, and compliance.
Kernel live patching reduces the risk of data loss, while downtime negotiations, irregular work schedules, and overtime pay go away. Anxiously waiting for the next cycle to patch a known vulnerability becomes a botheration of the past.
The live patching service provider tests patches on their own servers, in their own product security center, like KernelCare’s policy to run four tests on patches before releasing them to customers.
System-breaking changes and hardware fixes require downtime and reboots. These events are beyond the scope of live patching.
Linux Live Patching Is the Way to Go
Linux kernel live patching keeps systems secure without downtime from server reboots. Our KernelCare live patching services are designed to maximize service availability while offering protection from security vulnerabilities, like the infamous Heartbleed. Security updates are painless through the technology and support offered by KernelCare’s Enterprise Linux tools. So take the next step and talk to an expert today!