When a microprocessor vulnerability rocked the tech industry last year, companies scrambled to patch nearly every server they had. In Oracle’s case, that meant patching the operating system on about 1.5 million Linux-based servers.
Oracle finished the job in just 4 hours, without taking down the applications the servers ran, by using Oracle’s own automation technology.
The technology involved is at the heart of Oracle Autonomous Linux, which the company announced at Oracle OpenWorld 2019 in San Francisco last month. Oracle has been using Autonomous Linux to run its own Generation 2 Cloud infrastructure, and now it is available at no cost to Oracle Cloud customers.
Besides the speed of patching, the other benefit is that it’s done automatically, without hands-on work by systems administrators, developers, or security operations staff, says Wim Coekaerts, senior vice president for operating systems and virtualization engineering at Oracle.
“Oracle Autonomous Linux lets us apply patches and do all the low-level mundane management for you on a running system,” he says. “We lock the machine for only a microsecond. You don’t see it, the application doesn’t see it, the end user doesn’t see it.”
The last things most CIOs, CTOs, chief information security officers, and even developers want to worry about are patching their server operating systems, whether they have a hundred servers or hundreds of thousands. That type of maintenance can slow down a business, especially if the maintenance requires shutting down the software running on that server.
A delay is doubly worrying when the reason for the patch is to handle a software or hardware vulnerability. In those instances, delays create an opportunity for malicious operators to strike. If an organization traditionally applies updates to its servers every three months, for example, and a zero-day vulnerability comes out just after that update, the company is vulnerable for months. When updates require a lengthy process, companies are reluctant to do it more frequently.
Not with Autonomous Linux, says Coekaerts, which can patch itself quickly after a vulnerability is found and the patch is applied by Oracle. “And the customer doesn’t even see the impact,” he says. Combined with Oracle Cloud Infrastructure’s other cost advantages, he expects customers to see a significant total cost of ownership savings compared to other Linux versions that run either on-premises or in the cloud.
Underneath the Autonomous Linux service is Oracle Linux, which remains binary compatible with Red Hat Enterprise Linux. Therefore, software that runs on RHEL will run on Oracle Autonomous Linux in Oracle Cloud Infrastructure without change.
How Autonomous Linux Works
What does Oracle Autonomous Linux tune, patch, and maintain? Everything from the Linux kernel to key user-space libraries, Coekaerts says.
For example, one valuable feature of the platform, he says, is a bit of fingerprint code that is designed to enable Oracle Linux to detect attempts to exploit patched vulnerabilities. Called Known Exploit Detection, this feature passes telemetry up to Oracle OS Management Services to describe the attempted attack, says Coekaerts: “We can send a notification to the customer saying, ‘Hey, somebody was trying to use this known exploit.’” Security administrators might want to know, after all, if a bad actor has gained access to a user account or is otherwise trying to launch an attack.
Oracle Autonomous Linux is included with Oracle Cloud Infrastructure compute services at no additional charge.
Coekaerts emphasized that Oracle Autonomous Linux is designed to deliver performance tuning, bug fixes, and vulnerability patching without rebooting or customer action. The autonomous process doesn’t automatically install major feature updates of Linux, such as those that might change its version number. That’s because such updates could potentially affect how applications run on the server, Coekaerts says, so customers can authorize Oracle to install those major updates after they’ve tested the update with their specific applications and system configurations. “Oracle Autonomous Linux is a stable operating system release, and we focus on keeping it that way,” says Coekaerts.
Ultimately, Oracle Autonomous Linux is for every CISO who wants to worry less about keeping their cloud operating systems safe, every CIO or CTO who wants to get out of the business of managing patches and performance tuning, and every developer who simply want to run, test, or deploy applications without having to administer Linux. “Oracle Autonomous Linux just keeps running, and you’re good to go,” Coekaerts says.