By Simon Coter-Oracle on Mar 17, 2017
Oracle Ksplice is an exciting new addition to the Premier Support subscription for Oracle VM 3. Oracle Ksplice technology allows you to update systems with new kernel security errata (CVE) without the need to reboot. This enables you to remain current with OS vulnerability patches while minimizing downtime. Oracle Ksplice actively applies updates to the running kernel image, instead of making on-disk changes that would take effect only after a subsequent reboot.
Ksplice was originally introduced for Oracle Linux systems. It has proven to be very valuable to customers and as a result, it has been extended to provide similar capabilities for Oracle VM Server dom0.
With Ksplice capabilities, you can install kernel security updates on Oracle VM Server dom0 without rebooting. This can save much more time than you think. Given that Oracle VM Server can guest ten(s) or hundred(s) of running Virtual Machines, thanks to Ksplice, you can now install security updates without impact on the services running on top of Oracle VM Server:
- No need to stop virtual machines running
- No need to live-migrate virtual machines running
With rebootless updates for Oracle VM Server, you can:
- Save time by updating in seconds, while your systems and virtual-machines are running
- Avoid downtime or long operations like live-migrating many virtual machines
- Prevent disastrous security incidents by making it easy to stay up-to-date
Macro-steps needed to setup Ksplice for Oracle VM are:
- Generate a Ksplice Uptrack access key through your Unbreakable Linux Network account (subscription for Oracle VM Server)
- Create an account in the Ksplice Uptrack system through the ksplice.com web site.
- Download the install script to your server.
- Run the install script, which downloads the Uptrack packages.
- Run uptrack-upgrade to download and apply the Ksplice patches to your running system.
For further technical details on how to setup and use Ksplice for Oracle VM Server you can read this article.