Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
February 17, 2022 - TuxCare PR Team
The TuxCare Team is always looking for new ways to improve the experience provided by our products. A pain point we identified was the amount of storage space required to hold KernelCare patchsets and the network bandwidth required to transfer that information to ePortal deployments.
One of the improvements currently being developed is the ability to configure ePortal to function in a new cache mode, where full functionality is retained while reducing storage requirements by up to 80% in some scenarios.
Currently, ePortal will download and store patchsets to have them available for client systems, and the storage requirements are created around that paradigm – 100GB minimum, with 200GB recommended storage being available for an ePortal deployment.
Image 1 – ePortal high level overview
With cache mode, the storage can be reduced to around 20GB and still provide the same functionality for client systems.
This is achieved by a combination of smarter data transfer, with only metadata being transferred initially instead of complete patchsets when available, and a two-week retention period for actually used patchsets, as opposed to previous behavior.
Image 2 – ePortal with Cache Mode high level overview. Note that Patches DB no longer stores the whole patchsets in the filesystem unless a protected host actually requests them.
Conceptually, this is similar to how a web proxy caches often used content, rather than contacting the server each time (not to be confused with the existing ability to define a proxy for ePortal communication).
For example, when a new patchset is available, ePortal will download the metadata related to that patchset. When it is actually needed for a client system, the patchset is downloaded and sent to the client, as usual, and it is also stored in the ePortal system for up to two weeks, to respond to other clients who ask for it. In an Enterprise environment, this is the most common scenario, as there are multiple systems running the same distributions.
For now, cache mode can be enabled by first stopping ePortal service, then setting
CACHE_MODE = True
in the ePortal configuration file located at /usr/share/kcare-eportal/config/local.py, followed by
kc.eportal cache-mode --fetch-meta
then starting the ePortal service again. As with any changes, you should start by testing it in a smaller deployment or lab scenario.
And while by itself this functionality already provides benefits to existing ePortal users, the team is already working on new and exciting features that will further extend and improve upon this cache mode.
We are always open to suggestions and ideas that can improve your workflow and product usage. If you find that your current ePortal/KernelCare processes could be improved or automated in some way that is not yet covered, reach out to us, we would be delighted to discuss your suggestions with you.
Find out more about KernelCare Enterprise, ePortal, and other TuxCare services, and discover how we can simplify your IT operations with reliable Live Patching solutions on the TuxCare website here.
Learn About Live Patching with TuxCare
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...
In a symphony orchestra, instruments harmonize to create one pleasing...