Application, middle-ware and operating systems all requires updating and patching on regular basis to safeguard against recently introduced vulnerabilities and to deliver additional functionality.
A general practice to handle updates in non-enterprises is to turn on auto-update feature of middle-ware or operating system, such practice allows companies to apply the patches as they are released.
In this post i will ponder upon some challenges drawn in with patch management in Cloud Environments, along with the ideas on how to more proficiently keep servers and applications up to the mark.
Why Manual Patching is mandatory in Enterprise Framework?
Cloud Patch Management – Stay Ahead with Proper Patching Practices
However, this is not as simple as it seems in enterprise environment like Cloud enterprise; automated updating or patching is quite complicated.
System and server administrators needs complete analysis regarding the impact of newly released patch before replacing it with older one. Obviously, pre-assessment process is not viable with automated patching.
The Information technology administrators have to keep a consistent view of their infrastructure, incorporating vulnerability assessment – this is also not possible if automated updates are activated.
It is also obligatory to analyze the post patching impacts, which includes incompatibility with management tools, server applications or even with deployed infrastructure.
Tools for Patch Management
Independent Software Vendor (ISV) provided patching tools and third party tools specifically for server patching are two different types of tools available for Cloud Patch Management. ISV delivers vendor specific patches to update its software according to their own policies and mechanism.
- Windows Server Update Service (WSUS) provides [WSUSb11] and,
- Red Hat Network (RHN) gives [RHNb11] for enterprise server patching.
Let’s also look on to some popular third party tools used for Cloud Patch Management
- VMware vCenter Update Manager [VMwareUpdateb11] and,
- Tivoli Endpoint Manager [TEMb11]
Definitely these proficient tools make the scheduling and deployment relatively easy, but still personnel are required for scheduling the patches.
Furthermore, these are not well integrated with application & management databases you might be running on your Cloud server like Change Management databases, Failure Recovery databases, Asset Control & Management databases – which increase the need for technical involvement and assistance from human resource for adequate end to end patch management process.
- How Popular Cloud Providers Manages Cloud Patching
Renowned Public Cloud providers, Azure VMs and Amazon EC2 leaves it to their clients to update and patch the virtual machine. While web and workers roles of Microsoft Azure and Rackspace OpenStack Cloud delivers with patching of VMs included in their managed services. However, it involves a significant cost.
- Patching in Software-as-a-Service (SaaS) Model
Customers are not provided with any control in Software as a Service (SaaS) model of Cloud Computing. This could have effect the service quality if Cloud provider doesn’t practice a sound Configuration and Patching Management process. In 2010, blogging platform of WordPress had to face a serious outage caused by an application of a bad patch.
- Patching in Platform-as-a-Service (PaaS) Model
Clients are provisioned with slightly more control over patching and configuration in PaaS environment; especially in development environment components, applications, binaries and libraries, etc.
Multiple platforms including Asp.Net, Java, PHP are available – users can test run their application and perform the QA cycle; they are provisioned to apply fixes simultaneously similar to internal applications.
- Patching in Infrastructure-as-a-Service (IaaS) Model
Cloud providers offering Infrastructure as a Service (IaaS) allow consumers to install patch management agents by traditional provider like Microsoft and IBM. These agents perform patching in central data center or Cloud infrastructure while reporting to deployed Patch Management System.
For Cloud servers, new patch management options are available in the market, such as ScaleXtreme, FiberLink Communication [MaaS360] and VMware [Go] – which provides patch management for Public and Internal Cloud system. These Cloud based patch management options ease the challenges of assessing and patching.
Patching demands Proper due Diligence
Procedures and Policies should be established along with the implemented mechanism for patch management and vulnerability, making it certain that system, application and network device vulnerabilities are properly evaluated. Ensure that critical patches should be prioritized and vendor supplied security patches are applied in a timely manner for risk mitigation.
More Tech articles from Business 2 Community: