Ksplice debuts zero downtime service for Linux

Though potentially a big convenience, IT managers still need to consider three things

Ksplice Inc. today officially launched its no-reboot patching service for Linux servers.

The Cambridge, Mass., start-up has about 35 customers and several thousand servers using its paid Uptrack service, in which security and maintenance patches are automatically applied to Linux servers with minimal delay and no downtime, according to Chief Operating Officer Waseem Daher.

"From a customer point of view, it's seamless," he said.

Most customers are Web hosting companies such as DreamHost, which has about a thousand Linux servers running Red Hat Enterprise Linux (RHEL) and its close cousin, CentOS, Daher said.

Despite Linux's reputation for stability and security, most distributions of the open-source operating system still need to be repatched about once a month, the same as the rival Windows Server. RHEL, for instance, was patched 11 times in 2009, Daher said.

"Linux has a great reputation, but no matter how good, there will still be bugs that continually need to be corrected," he said.

Being able to silently update the source code of Linux servers without rebooting increases security (because patches can be applied immediately, rather than waiting for the weekend or some other low-usage time) and cuts costs (because there's no downtime), Daher said.

Overcoming some early technical limitations, Ksplice can now silently apply any kind of Linux patch, usually within a matter of hours, Daher said.

The cost is $3.95 per month per server running RHEL, CentOS, Debian or Ubuntu LTS, going to $2.95 per month after the first 20 servers. Ksplice also supports servers running virtualization technology such as Parallels Virtuozzo Containers or OpenVZ, and a variety of guest virtual machines, including Xen and VMware, Daher said. There is also a free version for Ubuntu desktop users.

There are three things that prospective customers need to keep in mind, though. First, Uptrack's updates aren't certified for compliance with various standards such as PCI, HIPAA, Sarbanes-Oxley and others. Daher said Uptrack's updates should be considered the same as updates from the Linux distributor, but lawyers and other compliance-minded folks may disagree.

Second, Uptrack is not formally supported by Linux vendors like Red Hat or application vendors such as Oracle. That could lead to trouble if an application or server malfunctions and the vendors blame Uptrack. Daher points out that virtualization technology has become popular despite the lack of formal support by many vendors.

Finally, apart from winning a pair of $100,000 grants (one from an MIT entrepreneurs' contest, and another from a federal Small Business Innovation Research competition), Ksplice is otherwise self-funded. According to Daher, the company is not looking for venture capital.

For now, Ksplice is focusing on the Linux server market, of which there are 15 million worldwide today. But the company said its techniques can eventually be applied to devices such as Windows servers or television set-top boxes.

Eric Lai covers Windows and Linux, desktop applications, databases and business intelligence for Computerworld. Follow Eric on Twitter at @ericylai or subscribe to Eric's RSS feed . His e-mail address is elai@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon