Report: IBM to Conduct Cloud Reboot to Patch Xen Issue
A second potential security flaw in Xen hypervisors has cloud providers giving reboot notices, the latest being IBM
March 2, 2015
IBM is another cloud provider that will reboot its infrastructure because of the most recent Xen hypervisor security issue.
Similar to the cloud reboot to address a potential security flaw five months ago, providers are rushing to reboot and patch before more details of the vulnerability are disclosed.
IBM notified its SoftLayer cloud customers that it will reboot some instances between now and March 10, GigaOm reported. Much like last time, the IBM notification follows Amazon Web Services and Rackspace notifications.
These issues have always existed. However, they’re more visible these days because cloud’s mainstream usage and visibility.
The vulnerability has the potential to affect all of Xen hypervisor land, not just individual clouds. In order to minimize potential impact of the rebooting process, providers are staggering the reboots in different regions rather than hitting the big reset button on everything.
Some service providers fared better than others during the last big cloud reboot. The previous maintenance affected less than 10 percent of AWS’ EC2 fleet and nearly a quarter of Rackspace’s 200,000-plus customers.
Customers themselves can also help minimize downtime through using multiple availability zones. Netflix lost over 200 database servers during the last reboot but managed to stay online. Linode provides a handy Reboot survival guide.
The Xen project has a detailed security policy available here.
Update: Amazon Web Services made progress over the last few days and said that 99.9% of all EC2 instances can now be live updated, avoiding a reboot. The updated support page is here
About the Author
You May Also Like