1 Reply Latest reply on Jun 27, 2012 10:10 AM by byrona

    Private Clouds and Patch Management Strategies


      The cloud model is present in a large amount of companies within these days, and if it’s not they are already thinking about it. Even though there are still a lot of organizations which are not ready to take a service to a public cloud (for example, their email platform); the IT departments are looking for new ways to implement the private clouds and offer services to clients.


      As a common example is a web platform, like PHP, set up to work as a private cloud with several tiers (virtual machines working as web and database servers) behind it. There are tons of services and applications which we can find in order to deploy these private clouds, but how much do we know about maintaining these? And how we can offer an effective, efficient and simple way to patch our private clouds?

      In the cloud model there are basically two ways for handling patch management:

      1. Patching in-place: This is the same way we patch systems in a non-cloud model. We can have a replicated environment for testing to deploy updates and test our services. Or we can patch one virtual machine in the production environment and evaluate that the behavior is normal.
      2. Re-building tiers with new update: As in the private cloud model we should be thinking about platforms (web or database server) not necessarily attached to an operating system, we can consider generate new machines with the latest updates and swapping those with the production tiers.


      Do you have private clouds implemented? How do you handle patch management?

        • Re: Private Clouds and Patch Management Strategies

          We are a service provider and a large part of our business is private clouds.  I am also in the process of rolling out a new enterprise patch management solution which will handle patching of these private clouds.


          The solution that we are using is the first scenario you mentioned patch in-place.  We evaluated over a half dozen different patching solutions and I came to the conclusion that patching solutions out there still have not really caught up to the idea of cloud.


          I spoke with the vendor or the solution that we choose and being more visualization aware is on their roadmap.  The product currently can tell which machines are virtual versus physical.  I have submitted a feature request to allow pre-patch VM snapshots to create a fail-back point.  Ultimate I would like it if the patching solution could completely manage the VM snapshots both creating and removing them after a specific period of time.  This type of cloud awareness and integration is going to be key going forward to leverage the power of the cloud environment.


          Until our patching solution becomes more cloud/virtualization aware we will continue to patch systems using the classic model because it still works.