Security Patching Made Simple for Linux HPC Instances in Oracle Cloud

September 22, 2020 | 3 minute read
Julie Wong
Product Management Director, Oracle Linux and Virtualization
Text Size 100%:

The explosion of data in today's computing landscape has fueled the need for even greater security to protect the applications and workloads, and is crucial to an organization's success and competitive advantage. This is equally true when running compute intensive high performance computing (HPC) applications that consume large amounts of data, which are critical to an organization’s business or research endeavors. Oracle Cloud Infrastructure provides a platform that can help keep HPC systems secure and improve the speed and stability of applications.

Security patch management is a challenge given the sheer number of instances in HPC clustered environments. Often, HPC environments are left unpatched for long periods of time, leaving systems exposed due to delays caused by complex, time-consuming, and labor-intensive patch management processes. We'll describe three ways in which this is addressed with Oracle Cloud Infrastructure.

The first option is for Oracle Cloud Infrastructure customers to take advantage of zero-downtime patching technology using Oracle Ksplice to help protect the operating system (OS) from cyberattacks. With Ksplice, the Linux OS kernel and key user space libraries, such as glibc and OpenSSL, are updated while the OS is running, without a reboot or any interruptions. Organizations running HPC workloads don’t have to choose between security and convenience as security patches can be applied without disruption and operational delays. An additional feature is the detection and notification of known exploit attempts made on privilege escalation vulnerabilities that have been patched by Ksplice. In addition to Oracle Linux, Ksplice is also supported for CentOS, Ubuntu, and Red Hat Enterprise Linux (RHEL) instances in Oracle Cloud Infrastructure.

The second option, for customers who prefer the hands-off approach to patching, is to run HPC applications on Oracle Autonomous Linux in Oracle Cloud Infrastructure. Oracle Autonomous Linux is an Oracle Linux operating environment that leverages Ksplice technology, and executes automatic patch updates with no human interaction, improves IT staff productivity and security, and reduces downtime. Autonomous Linux is simple to deploy and with its zero downtime self-patching updates, you have more time to focus on development and running your HPC applications with less interruption.

The third solution to help simplify patch management is the Oracle Cloud Infrastructure OS Management service. It provides an easy-to-use interface within Oracle Cloud Infrastructure that enables you to perform fleet management of Oracle Linux HPC instances. It allows you to monitor the packages installed on instances, search for and add or remove packages, and schedule updates for groups of instances. Automated patch management with the OS Management service helps reduce complexity, risks, human errors, and operational costs.

Ksplice, Autonomous Linux, and the OS Management service are provided for Oracle Cloud Infrastructure customers at no additional cost. Oracle Linux HPC customers on Oracle Cloud Infrastructure enjoy additional benefits including free Oracle Linux Premier Support and price per performance advantages. Additionally, Oracle Linux is 100% application binary compatible with RHEL. This means that RHEL customers on Oracle Cloud Infrastructure can eliminate support fees by easily switching to Oracle Linux.

HPC customers who leverage these advanced Linux patching technologies in Oracle Cloud Infrastructure benefit from improved system security, reduced downtime, simplified operations, and cost savings. To learn more about Oracle Cloud patch management options, sign up for an Oracle Cloud Infrastructure account today and take advantage of free cloud credits.



Julie Wong

Product Management Director, Oracle Linux and Virtualization

Previous Post

Extracting kernel stack function arguments from Linux x86-64 kernel crash dumps

Calum Mackay | 22 min read

Next Post

Migrate NFS to GlusterFS and nfs-ganesha

Tiger Yang | 13 min read