Rethinking Patch Management in the Era of the Cloud
February 23, 2012
Patch management has never been easy. But as virtualization and cloud computing take greater hold, the entire patch management process is becoming increasingly more complex.
And once you add in the rapid stream of updates that developers using agile development methodologies continue to stream out, things just get exponentially worse…
What’s needed, says ScaleXtreme CEO Nand Mulchandani, is a new approach to patch management that is almost the reverse of the process that most IT organizations rely on today. Instead of pushing patches out to servers, ScaleXtreme, which provides a variety of IT automation tools that can be invoked via the cloud service, has created a cloud computing service that allows servers deployed in either private or public clouds to pull updates from a centralized patch management server.
Each server regularly polls the service to see what updates and patches are available. Once the ScaleXtreme agent software detects an appropriate patch, it opens a unidirectional outbound link to the ScaleXtreme service. Once that patch is delivered, the link is then terminated to make sure that hackers are not able to exploit any open ports.
There’s no getting around the fact that patch management as it is generally performed today is grossly inefficient. But that issue is only going to become substantially worse as the number of patches that need to deployed across a larger number of applications sharing the same physical server increases.
IT organizations have better things to do than manage patches, which is one of the reasons that most patches don’t get applied in a timely manner. The good news is that as the technologies that we use to deploy applications continue to evolve, so too should the technologies we use to automate the management of patches to those applications.