If you’re a systems administrator responsible for thousands of servers, even a small slowdown can cause serious technical problems for your enterprise, and cost it a lot of money as well. Does live kernel patching cause them, or help solve them? Read below to find out.
What slows systems down
Linux is the most-used operating system in enterprises that operate web servers on a large scale. Here are the things that may slow it down:
- CPU Overload
With Linux, it’s easy for processes to use too many CPU resources. The quick solution is to simply kill that process, but implementing a lasting solution requires careful analysis of processes, software, and hardware.
As commonly-used applications are stored in RAM, available memory space declines over time. Less memory available means slower system performance. The quick solution is to check the RAM information then free up memory space, but again, a lasting solution requires deep investigation into the system.
- Disk I/O
Disk input/output operations involve reading and writing data from or to a physical disk. If there’s an I/O bottleneck, it can cause the system to slow down. Only thorough analysis can eliminate I/O problems on servers.
Hardware vulnerabilities can significantly degrade system performance. A good example is Zombieload, which required disabling processor hyper-threading to mitigate, which in turn lowered the processing speed of multicore and multi-thread processors. The solution? Fully updating software, firmware, and patching the kernel.
- Using Temporary patching
There are two methods of live patching the Linux kernel: temporary and persistent. The former involves applying patches to a running server, but requires rebooting in the future. The latter requires no reboots at all.
The temporary method can slow down a system, as the patches stack up on top of one another over time. The only way to resolve this problem is to reboot the system. These live patching systems employ the temporary method:
- Canonical Livepatch
- SUSE Linux Enterprise Live Patching
- Amazon Linux 2 kernel live patching
- Red Hat Kpatch
The persistent method of live patching does not slow systems down, because each patch contains all cumulative fixes in a single binary. With this method, no reboot is required. A server patched this way can run 24 hours a day, seven days a week for decades.
Also, servers patched with the persistent method remain up and running even with hardware vulnerabilities that usually require reboots to patch, such as Spectre, Meltdown, and Zombieload. These live patching systems employ the persistent method:
Persistent patching preserves performance
Does live kernel patching slow systems down? When it comes to persistent live patching, the answer is no. Persistent live kernel patching keeps systems speedy, safe, and protected.
Quick solutions to performance problems present other problems for enterprises, while live, persistent kernel patching offers a global solution that resolves all these problems at once. Systems run fast, while servers stay up and running with no reboots.
Want to learn more about persistent live kernel patching, and how it differs from other patching methods? Read more about how Linux kernel security patches are applied.