CloudLinux announced as part of its TuxCare security services the launch of QEMUCare Live Patching Service for Linux systems running as virtualization hosts through QEMU, the open source emulator and hardware virtualization platform.
“Patching virtualization host systems is a challenge faced by IT security and operations teams because of the impact on performance and availability for the virtual machines running on those systems,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Also, it’s very easy to accidentally disrupt a running virtual machine, and the whole process is very complex to orchestrate properly across multiple systems. At the same time, it is fairly urgent to apply security patches as soon as possible to be safe from exploits.”
QEMUCare eliminates the complexity of the process, by removing the need for migrating virtual machines away from the systems being updated. This saves considerable time and makes bandwidth available to update the whole infrastructure. Also, security updates are deployed almost immediately as they are made available, reducing the system exposure time to security vulnerabilities.
QEMUCare Live Patching operates through a similar mechanism to other TuxCare live patching services, like KernelCare Enterprise and LibraryCare, where updates are applied without any disruption to the running processes. Virtual machines running on the updated systems will not be paused, migrated or in any way affected by the process.
This is a faster, less resource intensive and a less disruptive approach than current industry best practices, which require live migration of the virtual machines to other systems while the hosts are updated.
To qualify for a free proof-of-concept, the minimum requirement is 100 Linux servers.
TuxCare services are the umbrella offering of the CloudLinux family of enterprise support services which include live patching for critical components in the Linux stack, from the kernel all the way to widely-used shared libraries.
This eliminates the need for lengthy and costly service disruptions while servers or services are restarted to install the latest security patches, and no longer require a disruptive maintenance window.
Also, with TuxCare Linux Support Services, regular patches and updates are delivered for all components of enterprise Linux systems, as well as 24/7 incident support — even when systems are past their End-of-Life (EOL).