Install software updates and security patches without rebooting

The CIO-level business angle on the latest tech

There's a real irony to my article this week. Just as I began to write, I got an e-mail from one of my hosted service providers. To paraphrase the message, it says: "Dear Customer, we will be performing maintenance on your application server for a few hours this weekend. We plan to install critical software updates and security patches. During this window you may experience brief interruptions in service. Sorry for the inconvenience."

You've seen similar messages before. Perhaps you even write them and send them out to your own customers when you need to install software updates and security fixes. While the process of installing software updates is disruptive and expensive -- Gartner estimates downtime for a critical system costs $42,000 an hour -- there's no getting around the need to apply updates. According to Microsoft, 90 percent of the attacks in the wild exploit known vulnerabilities.

It's essential to patch systems to keep them reliable and secure. But while you must patch, must you reboot the server to apply the patch? Not necessarily.

There's a new subscription service launching this week that provides rebootless updates. Ksplice has just announced the general availability of its Ksplice Uptrack service for Linux servers. When a vendor releases software updates, Ksplice makes those updates into a module that can be applied to a server without rebooting it. This saves you the hassle of notifying customers of downtime and planning for staff members to work at 2:00 a.m. on a Sunday morning. The update can be applied painlessly and without any disruption to anyone's work.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

There's a real irony to my article this week. Just as I began to write, I got an e-mail from one of my hosted service providers. To paraphrase the message, it says: "Dear Customer, we will be performing maintenance on your application server for a few hours this weekend. We plan to install critical software updates and security patches. During this window you may experience brief interruptions in service. Sorry for the inconvenience."

You've seen similar messages before. Perhaps you even write them and send them out to your own customers when you need to install software updates and security fixes. While the process of installing software updates is disruptive and expensive -- Gartner estimates downtime for a critical system costs $42,000 an hour -- there's no getting around the need to apply updates. According to Microsoft, 90 percent of the attacks in the wild exploit known vulnerabilities.

It's essential to patch systems to keep them reliable and secure. But while you must patch, must you reboot the server to apply the patch? Not necessarily.

There's a new subscription service launching this week that provides rebootless updates. Ksplice has just announced the general availability of its Ksplice Uptrack service for Linux servers. When a vendor releases software updates, Ksplice makes those updates into a module that can be applied to a server without rebooting it. This saves you the hassle of notifying customers of downtime and planning for staff members to work at 2:00 a.m. on a Sunday morning. The update can be applied painlessly and without any disruption to anyone's work.

The company Ksplice was founded by four MIT engineers. The technology they've developed is based on thesis research, and it has received numerous accolades and honors, including The Wall Street Journal 2009 Technology Innovation Award. The technology can be applied to virtually any type of software, including operating systems and applications, running on a wide variety of devices, such as servers, network routers and switches, storage arrays, mobile devices and more. The potential for this technology is huge; if you aren't using it today, you might use it in the not-too-distant future.

In the life cycle of a software update, the process starts when someone discovers a bug or security hole in the code. The software vendor releases an update, which the administrator installs. To apply the update and have it take effect, you typically restart the software; in the case of an OS patch, this means rebooting the machine -- an inconvenience for you and all the users.

With the Ksplice service, when the software vendor releases an update, Ksplice makes the update rebootless and delivers it to customers where it can be installed and applied without any disruption. The software is up to date and secure.

Here's the recipe for the secret sauce -- how Ksplice makes an update rebootless. Ksplice has the source code for the software to be updated, say a Linux OS, as well as the source code for the update itself. The company then compiles the program twice, once without the patch and once with the patch. Ksplice compares the two versions and identifies the functions that have changed. Ksplice pulls out just these functions, packages them into a kernel module, and ships this module containing the replacement code to customers.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.