Keeping an eye on operating system patches in an IaaS cloud

Share this post:

Understanding a cloud provider’s patching process is one key to deciding which workloads to move to the cloud.

System patches in an IaaS cloudManaged cloud providers and some unmanaged cloud providers will either automatically, or with some manual control, provide installation and maintenance of operating system patches for your workloads that are hosted in the cloud. While operating system patching will affect infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) clouds, in PaaS and SaaS offerings the middleware and applications are often under the provider’s control. IaaS, however, is generally there to host your applications, and, as we all know, some of our applications can be quite inflexible when it comes to their operating environment.

So the question is: do you understand what patching options are available to you with your cloud provider? 

Which patches?

Do you have the ability to pick and choose which patches you would like to have included? Can you control this per managed system, or is this for all systems? 


Do you have the ability to specify when you want to have the patches applied? Can you associate individual systems with different patch schedules, or will all systems be patched on the same schedule?

How do I know?

Can you see which patches have been applied to each system and when? How much notice do you receive before a patch is applied?

These are great questions to ask your cloud provider. However, given that the cloud model is predominately geared towards automation, you may find that you do not have the level of control (and involvement) that you might be used to in traditional information technology (IT) environments. Therefore, the amount of control you need will be a factor when you choose which workloads to move to the cloud.

Let’s look at an important online application. Say you have multiple load-balanced web servers. Typically in this situation, after testing the patches in your development and test environments, the patches will be applied to production servers in a very structured manner. For example, you would gracefully remove a web server from a load-balanced pool and then patch, test and reintegrate that server into the pool before moving on to the next server. This requires interaction between the group patching the operating system, the group maintaining the application and potentially the group maintaining the network infrastructure. Knowing when an individual system is going to be patched is key to this process. So before moving this workload to the cloud, you would need to make sure your cloud provider could accommodate this patching process.

While there is a great push to use more and more cloud building blocks in your applications, there will continue to be applications that are not developed specifically for the cloud that we will need to maintain for many years into the future. Understanding how operational processes integrate with a cloud provider is one key to ensuring those applications continue to provide service to their consumers.

Questions or comments? You can reach me on Twitter @MikeJMcGuire.

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading