On 18 June, KernelCare CEO Igor Seletskiy was interviewed by Adam Torres on his Mission Matters Innovation podcast. The topic was rebootless updates, and why they’re important for servers. In this blog post you will find the answer to this question and an overview of what other insights were discussed during the podcast.
About CloudLinux and KernelCare
Igor started CloudLinux about 11 years ago to create a Linux OS for web hosting providers. In pursuing this small niche, the company developed a lot of Linux kernel expertise. To serve its OS customers, it developed a system to do rebootless kernel updates: KernelCare.
With KernelCare, you don’t have to reboot your server ever. Anyone running Linux can benefit from using it, from companies with hundreds of thousands of servers, to tens of thousands, to hundreds, to someone running a single server.
Why rebootless updates are important
Many people update their Linux servers with yum update, and feel good about installing fresh new software, which it does–except for the most important software: the kernel. The kernel is the most important software on the server, because it sits between the hardware and the applications.
If you’re running a web server, you need to update the kernel pretty often, because new vulnerabilities are emerging every day. At the same time, many people don’t want to reboot their servers, because it involves downtime. Downtime for reboots has to be scheduled and organized, which is troublesome, so they try to avoid it.
How have KernelCare customers responded?
KernelCare allows people to update Linux server kernels with no downtime. The more servers they have, the more excited they get about rebootless updates.
A few years ago, web hosting providers were surprised to learn that it was possible. Today, it’s common knowledge, and they expect that rebootless updates will be done in a way that’s stable and doesn’t involve any risk.
Now hundreds of thousands of servers are having their kernels updated with KernelCare. The sysadmins are happy to have it, because they don’t have to conduct reboots in the middle of the night, or on the weekend, when downtime doesn’t matter as much.
What delays adoption of rebootless updating?
Inertia. Some people are just used to doing reboots to implement kernel updates. They’ve always done it that way, so they continue doing it. They’re used to the “pain” of reboots, they expect it, so they don’t change.
Others ignore or downplay the security aspects of kernel updates. Hackers are very active and prevalent these days, trying to steal data, but some organizations don’t reboot their servers for months, or even a year or two. This makes them extremely vulnerable.
What leads organizations to use KernelCare?
What leads a lot of them to use it are security audits that stipulate their kernels must be patched every month. They determine that rebooting hundreds of thousands of servers every month isn’t practical for them, so they look for a rebootless option.
Sometimes they have to scramble to comply with audit requirements, but once they go through the process of procuring and installing KernelCare, the KernelCare team doesn’t usually hear from them for a year or two, sometimes more, because it’s an install-and-forget product.