Patching Heritage Virtual Machines
This document covers the process for patching a heritage virtual machine and when an update may be required.
See also: Confluence documentation on this subject.
When is a reboot required?
All virtual machines must be restarted once patching has been completed. Linux VMs should only require a single restart, whereas Windows VMs may need to restart multiple times for a single update.
Patching without rebooting?
There is potential for Linux VMs to be patched without needing to reboot, however this would incur additional costs to the project.
Ubuntu: Possible, requires subscription. (Entry level UA Essential for $75/year for virtual machines)
RHEL: Possible, requires subscription. Red Hat’s kpatch for Red Hat Enterprise Linux 7, is available on a Premium support subscription for $1299 per year. (Limitation: There are no live patches released for RHEL 8.3, 7.8, RHEL 6 and RHEL 5.)
Windows: In-memory patching is not offered for Windows VMs.
How long does a restart take?
Linux VMs restart fairly quickly and should come back online within 3-4 minutes. Windows VMs take slightly longer and can often take up to 15 minutes to restart.
What is the process for a restart?
For all types of patching, the high-level patching process is as follows:
- A lower environment will be patched prior to Production ( e.g., Non Live Environment (NLE) → Production ).
- Ensure a valid backup is available prior to each environment/virtual machine being patched.
- Prior to any patching, Platform Operations will contact the Development team; they will be required to stop relevant services/shutdown databases etc. This initial process should be documented if not already.
- A restart schedule ( e.g., restart app01 → db01 → app02 → db02 ) is to be provided by the Application team.
- Once restarts have been completed, development team to start & test applications.
- Once the above is successful, the next environment will be patched with similar steps.