Xen security issue prompts Amazon, Rackspace cloud reboots

5 Comments

Amazon Web Services and Rackspace are warning their customers of upcoming reboots they’re taking to address a new Xen hypervisor security issue.

In a premium support bulletin issued Thursday night, Amazon said fewer than 10 percent of all EC2 instances will require work but the affected instances must be updated by March 10. [company]Rackspace[/company] also notified customers of the issue, which will affect a subset of a portion of its First and Next Generation Cloud Servers, Thursday night. Later on Friday, Linode also warned users of an upcoming Xen-related reboot.

If you’re sensing a little bit of deja vu, it’s because the major cloud players were forced to reboot a bunch of their customers in September due to a Xen hypervisor issue, although the reason for the updates was not disclosed at first. Last time out, AWS also said 10 percent of its EC2 instances were affected.

Cloud vendors impacted by these security issues tread a tricky path. They have to address the vulnerability as fast as possible before the details of the flaw are made public, which can lead to a bit of a fire drill. In this case, more information about the flaw will be disclosed March 10.

In September, [company]Amazon[/company] was first out of the chute with notifications, followed by Rackspace and then IBM Softlayer made its disclosures the following week.

Note: This story was updated at 3:49 p.m. PST to note that Linode is also performing system updates.

5 Comments

David Mytton

Security bugs will happen but anyone who has properly designed their infrastructure will have no problem dealing with this. What’s worth considering is how each cloud provider is affected because this shows how advanced they are:

Google has not announced any reboots. This is because it does not use Xen, instead using KVM. However, even if it did use Xen then it would be able to use its live migration technology to move customer VMs to other hosts with no/minimal impact. Indeed, this is now what Amazon are doing except for 10% of customers on older hardware. This is not happening at Rackspace, Linode or Softlayer – none of which seem to have live migration capabilities.

This is a great illustration of how different Google and Amazon (Azure too) are from the others. In terms of scale, technology, innovation and engineering resources they are significantly more advanced, and this difference will only get larger over time. It means better operational capabilities and efficiencies allowing lower prices, more services and in this case, better experience for customers when there is some unusual event.

guestinthecloud

aws support is not able to give the time of reboot or whether a new ec2 server will be rebooted, hence there is no way to avoid a REBOOT at a RANDOM TIME

hard to believe they can’t let you migrate on your own to new hardware ahead of time

bottom line – a huge pain and they will be hearing that from more customers than just us :)

Comments are closed.