[New Webinar] CentOS 7 End of Life Strategy: Security for Today & Years into the Future – Dec 6th @ 10:30 AM EST/4 PM CET RSVP
The Live Patching Process
How does TuxCare’s KernelCare deploy vulnerability patches
without reboots or downtime?
We Monitor New Vulnerabilities
Our team is always on the lookout. As soon as a new vulnerability affecting a
Linux kernel is announced, we immediately get to work on a patch.
We Create the Patch
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
We Prepare the Patch for Deployment
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
You Receive the Patch
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel – a process that can be automated.
KernelCare Applies the Patch
The patch is passed to the KCE kernel module, which – in a matter of nanoseconds – pauses all processes, loads the updated binary into the secure kernel space, redirects all functions to the updated code – and the kernel resumes. Because this happens in nanoseconds, no processes are interrupted, and no failover condition is ever triggered.
Ready to say goodbye to patching-related downtime and maintenance windows?