In a nutshell, Reboot-less Kernel Updates means your servers core operating system is automatically updated without the need to restart your server. Given that currently most updates do require a server reboot, and that each reboot amounts to a few minutes of downtime, reboot-less updates can save your business hours of downtime every year. Best of all, it's free with SingleHop Kernel & OS Updates.
Ksplice Uptrack is a new service that lets you effortlessly keep your Linux systems
up to date and secure, without rebooting. SingleHop is proud to announce an exclusive
partnership with Ksplice to offer the Uptrack service to our customers.
Ksplice updates the core of your operating system, the kernel, while it is running-without
disrupting your operations or requiring a reboot.
SingleHop Security Engineer Andrew Brooks Demonstrates Ksplice Uptrack in Action
SingleHop System Administrator & Security Engineer, Andrew Brooks, Demonstrates Ksplice Uptrack live in this 7 minute video using a real server.
Andrew Brooks is an experienced security engineer and has worked closely with Ksplice to bring Reboot-less kernel updates here to SingleHop.
Why is Ksplice Uptrack needed?
Today, every mainstream operating system requires regular reboots in order to be up to date
and secure. Since reboots cause downtime and disruption, people are forced into the uncomfortable
dilemma of choosing between security and convenience.
Ksplice enables running systems to stay secure without the painful disruption of restarting the system. Specifically,
Ksplice creates rebootless updates that are based on traditional source code patches. These updates
are as effective as traditional updates, but they can be applied seamlessly, with no downtime.
Ksplice currently only offers support for updating the Linux kernel, but the Ksplice Uptrack system
methodology applies to any operating system or to user space applications and support for future
systems is forthcoming.
At this pace a new security issue is found and fixed every six days.
Traditional updates require you to tolerate the downtime and disruption of rebooting in
order to keep your system up to date and secure. Only Ksplice's unique technology updates
the running code at the core of your system to keep you seamlessly secure.
This diagram illustrates the steps involved in creating a Ksplice update. Essentially,
Ksplice Uptrack compiles your kernel twice-once without the patch and once with the patch
applied. Second, it compares the output of the two compilations, looking for differences.
In particular, it needs to find functions that have changed. For each changed function,
it pulls out a copy of both the old and the new versions and puts them in the output file.
This diagram illustrates the steps involved in applying a Ksplice update. First, it has to
locate the functions that it's trying to change. So if it's trying to change printk, it first
needs to find it in kernel memory. Once it has found the old copy of the function and confirmed
that it is the correct code, it needs to replace it. It accomplishes this by first loading the
new version of the function elsewhere in memory, using the kernel's module loader. Next, at a
safe time, it overwrites the first instruction of the old function with a jump instruction that
goes to the new function. This is called a trampoline, because it "bounces" all of the callers
of the old function immediately over to the new function.
Ksplice Uptrack is available only on Linux-based servers. Not all Linux versions are supported. Please consult SingleHop sales for details.
