TuxCare launches open source database live patching

Normally patching a database requires a reboot and that can be a major pain for a busy business. Now TuxCare makes it possible to live patch MySQL, MariaDB, and PostgresSQL without a reboot.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Patching database software is often a real pain-in-the-rump. The reason? Easy. When you need to patch one, it almost always requires a reboot. That takes time, sometimes a lot of time. So, so matter when you time it, your users will not be happy. Now TuxCare has an answer:  DatabaseCare. This live patching service for the most popular open-source enterprise-grade databases, MySQL, MariaDB, and PostgreSQL enables you to patch database management systems (DBMS) with no downtime. 

This is a game-changer. All too often companies realize the dangers of running a DBMS without needed security patches, but there's never a right time. They struggle to find the right maintenance window opportunity to deploy security patches and fixes because of business needs. Balanced against that is the sure knowledge that when known vulnerabilities go unpatched for weeks or months, attackers will eventually find and exploit these security holes.

By deploying DatabaseCare you can completely eliminate most maintenance windows on database systems and still be more secure than before. "Live patching critical systems is paramount to maintaining availability and enhancing security," said Jim Jackson, TuxCare's president and chief revenue officer. "Databases store an organization's most valuable asset -- its data. We know that making sure the data is safe is a universal concern across industries and IT teams. DatabaseCare provides fast patches for new vulnerabilities -- no service restarts are necessary at all."

With many years of experience in live patching the Linux operating system, TuxCare adds DatabaseCare to its existing live patching services KernelCare, LibraryCare, and QEMUCare.  DatabaseCare takes another step towards a more secure environment, with no disruption to users and workloads, while increasing security and mitigating risk.

How does it work? Like this. First, your DBMS servers connect to DatabaseCare ePortal. That's your secure copy of the DatabaseCare patch repository. When a patch is found, 
the DatabaseCare agent pulls the patch from the ePortal. The DatabaseCare agent then momentarily freezes the processes in a 'safe' mode. If then applies the patch in memory. This happens transparently to apps and users connected to the database and to the DB itself. 

This works. Indeed, it's been used for over a decade in Linux. In 2008, Jeff Arnold created Ksplice to apply security updates to running Linux kernels without restarting them. Oracle bought Ksplice and closed the source in 2011, but the Linux community replaced it in 2014 with three different live patching programs: Red Hat's Kpatch, SUSE's Kgraft, and CloudLinux's KernelCare. In short, this technique may sound radical to database administrators, but it's old-hat to Linux system administrators.

Related Stories:

Editorial standards